Active Directory Attack and Detection Lab Reports
Expand All Collapse All

• - Active_Directory-Attack_And_Detection
• - 01-Attacks
• - M1-Initial AD Exploitation
• LLMNR Poisoning
• SMB Enumeration
• - M2-AD Post Enumeration
• rpcclient
• BloodHound
• PowerView
• nxc ldap
• - M3-DACL Abuse
• - GenericAll
• User Own Generic ALL Right For Domain Admin Group
• User Owns Generic ALL for Another User
• - GenericWrite
• User Owns GenericWrite Permission on a Group
• User Owns GenericWrite Permission on Another User
• AllExtendedRights
• - WriteDACL
• WriteDACL on User
• WriteDACL on Group
• - WriteOwner
• User Owns WriteOwner Permission on Another User
• User Owns WriteOwner Permission on Group
• ForcePasswordChange
• Self-Membership
• - M4-Abusing Kerberos
• AS-REP Roasting
• Kerberos Brute Force Attack
• Kerberoasting
• Timeroasting
• - Kerberos Delegation
• Unconstrained Delegation
• Constrained Delegation
• Resource Based Constrained Delegation
• - M5-Credential Dumping
• NTDS.DIT
• SAM and Registry Hive
• Domain Cache Credential
• DCSync Attack
• - ReadGMSAPassword Attack
• Setup Phase
• Exploitation Phase
• - M6-Kerberos Ticket Attack
• Golden Ticket
• - Silver Ticket
• Windows Local Execution
• Persistence Via Service Forgery
• - Diamond Ticket
• Remote Execution
• Windows Local Execution
• Sapphire Ticket
• - 02-Detections
• - M1-Initial AD Exploitation
• LLMNR Poisoning Detection
• - M2-AD Post Enumeration
• rpcclient
• BloodHound
• PowerView
• nxc ldap
• - M3-DACL Abuse
• GenericAll
• - GenericWrite
• User Owns Generic Write Permission on Group
• User Owns Generic Write Permission On Another User
• AllExtendedRights
• WriteDACL
• - WriteOwner
• User Owns WriteOwner Permission On Another User
• User Owns WriteOwner Permission On Group
• ForcePasswordChange
• Self-Membership
• - M4-Abusing Kerberos
• AS-REP Roasting
• Kerberos Brute Force Attack
• Kerberoasting
• - Kerberos Delegation
• Unconstrained Delegation
• Constrained Delegation
• Resource Based Constrained Delegation
• - M5-Credential Dumping
• NTDS.DIT
• SAM and Registry Hive
• Domain Cached Credentials
• DCSync Detection
• ReadGMSAPassword Attack
• - M6-Kerberos Ticket Attack
• Golden Ticket
• Silver Ticket
• Diamond Ticket
• Sapphire Ticket
• - 04-Sigma_Rules(Mandetory)
• SMB Enumeration
• - 05- Links_From_Which_I_Study
• M1-Initial AD Exploitation
• M2-AD Post Enumeration
• M3-DACL Abuse
• M4-Abusing Kerberos