Attacking Active Directory

Active Directory Enumeration with PowerView

Complete Active Directory Enumeration Using PowerView PowerView is a powerful PowerShell tool designed to perform detailed enumeration of Active Directory (AD) environments. It is widely used by penetration testers, red…

Bharath Narayanasamy

Attacking Active Directory Active Directory

Active Directory Domain Service (AD DS)

Overview AD DS acts as a catalog for all objects in a network (users, groups, machines, printers, etc.). Some objects, such as users and machines, are security principals, meaning they…

Bharath Narayanasamy

Attacking Active Directory

GOAD v2 Installation

Game Of Active Directory The following steps explain the procedure to setup the GOADv2 LAB environment to pentest Active Directory. Warning This lab is extremely vulnerable, do not reuse recipe to…

Bharath Narayanasamy

Attacking Active Directory

AD Attacks & Tools Timeline

Bharath Narayanasamy

Attacking Active Directory

AD Fundamentals

Ransomware operators have been increasingly targeting Active Directory as a key part of their attack paths. The Conti Ransomware which has been used in more than 400 attacks around the world has…

Bharath Narayanasamy

Attacking Active Directory

Breaching AD

Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation's estate uses Microsoft Windows, you are almost guaranteed to find AD. Microsoft AD…

Bharath Narayanasamy

Attacking Active Directory

Understanding Kerberos Authentication

Kerberos Authentication Referenceshttps://www.youtube.com/watch?v=snGeZlDQL2Q https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/b4af186e-b2ff-43f9-b18e-eedb366abf13 krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian…

Bharath Narayanasamy

Enumeration Attacking Active Directory

PowerView Cheat Sheet

up-to-date version of PowerView: https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add…

Bharath Narayanasamy

Attacking Active Directory

Attacking Kerberos

Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more "secure" than NTLM by using third party ticket authorization as well as stronger…

Bharath Narayanasamy