9 of 9 posts
An overview of the Active Directory attack landscape, core toolset, and the typical kill chain from initial access to domain dominance.
Abusing misconfigured ACLs and delegated permissions to escalate privileges in Active Directory — GenericAll, WriteDACL, WriteOwner, ForceChangePassword, and more.
Unconstrained, constrained, and resource-based constrained delegation attacks, plus Kerberoasting and AS-REP Roasting cheatsheet.
NTLM relay attacks, authentication coercion (PetitPotam, PrinterBug, DFSCoerce), mitm6, and relay targets (LDAP, SMB, ADCS HTTP).
Credential attacks against AD users — DCSync, LSASS dumping, password spraying, Pass-the-Hash, Pass-the-Ticket, LAPS, and credential harvesting.
Group Policy Object abuse for privilege escalation, code execution, and persistence — GPO modification, GPP passwords, and SYSVOL harvesting.
The complete ADCS attack cheatsheet — ESC1 through ESC11, certificate template abuse, NTLM relay to ADCS, and certificate-based persistence.
Cross-domain and cross-forest attacks — Golden Tickets, Diamond Tickets, Silver Tickets, SID history injection, and trust key abuse.
Maintaining access after domain compromise — Skeleton Key, DCShadow, AdminSDHolder backdoor, certificate persistence, SID history, and more.
No posts match all selected filters.
