Recently Updated Pages
Managing Users
Your first task as the new domain administrator is to check the existing AD OUs and users, as som...
Active Directory
The core of any Windows Domain is the Active Directory Domain Service (AD DS). This service acts ...
Persistence through GPOs
The last persistence technique we will review is persistence through Group Policy Objects (GPOs)....
Persistence through ACLs
Sometimes, we need more than just persisting to normal AD groups. What if we want to persist to a...
Persistence through Tickets
As discussed in the previous tasks, we often want to persist through service accounts with delega...
Exploiting Certificates
Now that we have access to THMSERVER2, we have furthered our journey of exploiting AD by exploiti...
Exploiting GPOs
Keylogging the user allowed us to decrypt their credential database, providing us with credential...
Exploiting Automated Relays
In this task we will take a look at some automated relays. Authentication attempts are constantly...
Exploiting Permission Delegation
Active Directory can delegate permissions and privileges through a feature called Permission Dele...
Port Forwarding
Most of the lateral movement techniques we have presented require specific ports to be available ...
Abusing User Behaviour
Under certain circumstances, an attacker can take advantage of actions performed by users to gain...
Use of Alternate Authentication Material
By alternate authentication material, we refer to any piece of data that can be used to access a ...
Spawning Processes Remotely
This task will look at the available methods an attacker has to spawn a process remotely, allowin...
Moving Through the Network
What is Lateral Movement? Simply put, lateral movement is the group of techniques used by attack...
BloodHound
Lastly, we will look at performing AD enumeration using Bloodhound. Bloodhound is the most powerf...
Microsoft Management Console
You should have completed the Active Directory Basics room by now, where different AD objects wer...
Configuration Files
The last enumeration avenue we will explore in this network is configuration files. Suppose you w...
Microsoft Deployment Toolkit (MDT)
Large organisations need tools to deploy and manage the infrastructure of the estate. In massive ...
Authentication Relays
Continuing with attacks that can be staged from our rogue device, we will now look at attacks aga...
LDAP Bind Credentials
LDAP Another method of AD authentication that applications can use is Lightweight Directory Acce...