Recently Updated Pages
Exploiting Certificates
Now that we have access to THMSERVER2, we have furthered our journey of exploiting AD by exploiti...
Exploiting GPOs
Keylogging the user allowed us to decrypt their credential database, providing us with credential...
Exploiting Automated Relays
In this task we will take a look at some automated relays. Authentication attempts are constantly...
Exploiting Permission Delegation
Active Directory can delegate permissions and privileges through a feature called Permission Dele...
Port Forwarding
Most of the lateral movement techniques we have presented require specific ports to be available ...
Abusing User Behaviour
Under certain circumstances, an attacker can take advantage of actions performed by users to gain...
Use of Alternate Authentication Material
By alternate authentication material, we refer to any piece of data that can be used to access a ...
Spawning Processes Remotely
This task will look at the available methods an attacker has to spawn a process remotely, allowin...
Moving Through the Network
What is Lateral Movement? Simply put, lateral movement is the group of techniques used by attack...
BloodHound
Lastly, we will look at performing AD enumeration using Bloodhound. Bloodhound is the most powerf...
Microsoft Management Console
You should have completed the Active Directory Basics room by now, where different AD objects wer...
Configuration Files
The last enumeration avenue we will explore in this network is configuration files. Suppose you w...
Microsoft Deployment Toolkit (MDT)
Large organisations need tools to deploy and manage the infrastructure of the estate. In massive ...
Authentication Relays
Continuing with attacks that can be staged from our rogue device, we will now look at attacks aga...
LDAP Bind Credentials
LDAP Another method of AD authentication that applications can use is Lightweight Directory Acce...
NTLM Authenticated Services
NTLM and NetNTLM New Technology LAN Manager (NTLM) is the suite of security protocols used to au...
Trees, Forests and Trusts
So far, we have discussed how to manage a single domain, the role of a Domain Controller and how ...
Authentication Methods
When using Windows domains, all credentials are stored in the Domain Controllers. Whenever a user...
Group Policies
So far, we have organised users and computers in OUs just for the sake of it, but the main idea b...
Managing Computers
By default, all the machines that join a domain (except for the DCs) will be put in the container...