Active Directory & Kerberos Abuse

A collection of techniques that exploit and abuse Active Directory, Kerberos authentication, Domain Controllers and similar matters.

From Domain Admin to Enterprise Admin Kerberoasting Kerberos: Golden Tickets Kerberos: Silver Tickets AS-REP Roasting Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled Kerberos Unconstrained Delegation Kerberos Constrained Delegation Kerberos Resource-based Constrained Delegation: Computer Object Takeover Domain Compromise via DC Print Server and Kerberos Delegation DCShadow - Becoming a Rogue Domain Controller DCSync: Dump Password Hashes from Domain Controller PowerView: Active Directory Enumeration Abusing Active Directory ACLs/ACEs Privileged Accounts and Token Privileges From DnsAdmins to SYSTEM to Domain Compromise Pass the Hash with Machine$ Accounts BloodHound with Kali Linux: 101 Backdooring AdminSDHolder for Persistence Active Directory Enumeration with AD Module without RSAT or Admin Privileges Enumerating AD Object Permissions with dsacls Active Directory Password Spraying Active Directory Lab with Hyper-V and PowerShell ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate From Misconfigured Certificate Template to Domain Admin Shadow Credentials Abusing Trust Account$: Accessing Resources on a Trusted Domain from a Trusting Domain

PreviousSQL Injection & XSS Playground NextFrom Domain Admin to Enterprise Admin

Last updated 5 years ago