Skip to main content

Recently Updated Pages

Managing Users

Red Team - Windows Active Directory - Basics

Your first task as the new domain administrator is to check the existing AD OUs and users, as som...

Updated 4 months ago by Arthur Reppelin

Active Directory

Red Team - Windows Active Directory - Basics

The core of any Windows Domain is the Active Directory Domain Service (AD DS). This service acts ...

Updated 4 months ago by Arthur Reppelin

Persistence through GPOs

Red Team - Windows Active Directory - Persisting

The last persistence technique we will review is persistence through Group Policy Objects (GPOs)....

Updated 4 months ago by Arthur Reppelin

Persistence through ACLs

Red Team - Windows Active Directory - Persisting

Sometimes, we need more than just persisting to normal AD groups. What if we want to persist to a...

Updated 4 months ago by Arthur Reppelin

Persistence through Tickets

Red Team - Windows Active Directory - Persisting

As discussed in the previous tasks, we often want to persist through service accounts with delega...

Updated 4 months ago by Arthur Reppelin

Exploiting Certificates

Red Team - Windows Active Directory - Exploiting

Now that we have access to THMSERVER2, we have furthered our journey of exploiting AD by exploiti...

Updated 4 months ago by Arthur Reppelin

Exploiting GPOs

Red Team - Windows Active Directory - Exploiting

Keylogging the user allowed us to decrypt their credential database, providing us with credential...

Updated 4 months ago by Arthur Reppelin

Exploiting Automated Relays

Red Team - Windows Active Directory - Exploiting

In this task we will take a look at some automated relays. Authentication attempts are constantly...

Updated 4 months ago by Arthur Reppelin

Exploiting Permission Delegation

Red Team - Windows Active Directory - Exploiting

Active Directory can delegate permissions and privileges through a feature called Permission Dele...

Updated 4 months ago by Arthur Reppelin

Port Forwarding

Red Team - Windows Active Directory - Lateral Movement and...

Most of the lateral movement techniques we have presented require specific ports to be available ...

Updated 4 months ago by Arthur Reppelin

Abusing User Behaviour

Red Team - Windows Active Directory - Lateral Movement and...

Under certain circumstances, an attacker can take advantage of actions performed by users to gain...

Updated 4 months ago by Arthur Reppelin

Use of Alternate Authentication Material

Red Team - Windows Active Directory - Lateral Movement and...

By alternate authentication material, we refer to any piece of data that can be used to access a ...

Updated 4 months ago by Arthur Reppelin

Spawning Processes Remotely

Red Team - Windows Active Directory - Lateral Movement and...

This task will look at the available methods an attacker has to spawn a process remotely, allowin...

Updated 4 months ago by Arthur Reppelin

Moving Through the Network

Red Team - Windows Active Directory - Lateral Movement and...

What is Lateral Movement? Simply put, lateral movement is the group of techniques used by attack...

Updated 4 months ago by Arthur Reppelin

BloodHound

Red Team - Windows Active Directory - Enumeration

Lastly, we will look at performing AD enumeration using Bloodhound. Bloodhound is the most powerf...

Updated 4 months ago by Arthur Reppelin

Microsoft Management Console

Red Team - Windows Active Directory - Enumeration

You should have completed the Active Directory Basics room by now, where different AD objects wer...

Updated 4 months ago by Arthur Reppelin

Configuration Files

Red Team - Windows Active Directory - Breaching

The last enumeration avenue we will explore in this network is configuration files. Suppose you w...

Updated 4 months ago by Arthur Reppelin

Microsoft Deployment Toolkit (MDT)

Red Team - Windows Active Directory - Breaching

Large organisations need tools to deploy and manage the infrastructure of the estate. In massive ...

Updated 4 months ago by Arthur Reppelin

Authentication Relays

Red Team - Windows Active Directory - Breaching

Continuing with attacks that can be staged from our rogue device, we will now look at attacks aga...

Updated 4 months ago by Arthur Reppelin

LDAP Bind Credentials

Red Team - Windows Active Directory - Breaching

LDAP Another method of AD authentication that applications can use is Lightweight Directory Acce...

Updated 4 months ago by Arthur Reppelin