Active Directory
Directory Map
- External Recon and Enumeration
- Initial Enumeration of the Domain
- LLMNR/NBT-NS Poisoning - from Linux
- Password Spraying Overview
- Enumerating & Retrieving Password Policies
- Password Spraying - Making a Target User List
- Enumerating Security Controls
- Credentialed Enumeration - from Linux
- Credentialed Enumeration - from Windows
- Living Off the Land
- Kerberoasting - from Linux
- Kerberoasting - from Windows
- ACL Abuse Primer
- ACL Enumeration
- ACL Abuse Tactics
- DCSync
- Privileged Access
- Kerberos Double Hop Problem
- Bleeding Edge Vulnerabilities
- Miscellaneous Misconfigurations
- Domain Trusts Primer
- Child -> Parent Trusts - from Windows
Cheatsheets
- Kerberoasting Cheatsheet
- ACL Abuse Cheatsheet
- DCSync Cheatsheet
- Lateral Movement Cheatsheet
- Bleeding Edge Vulnerabilities Cheatsheet
- Miscellaneous Misconfigurations Cheatsheet
- Domain Trusts Cheatsheet