Active Directory Exploitation Cheat Sheet
This cheat sheet contains common enumeration and attack methods for Windows Active Directory. This cheat sheet is inspired by the PayloadAllTheThings repo. Tools: - Domain Enumeration - Using PowerView - Using AD Module - Using BloodHound - Remote BloodHound - On Site BloodHound - Using Adalanche - Remote adalanche Useful Enumeration Tools: - Local Privilege Escalation - Useful Local Priv Esc Tools Lateral Movement: - Powershell Remoting - Remote Code Execution with PS Credentials - Import a PowerShell Module and Execute its Functions Remotely - Executing Remote Stateful commands - Mimikatz - Remote Desktop Protocol - URL File Attacks Useful Tools: - Domain Privilege Escalation - Kerberoast - ASREPRoast - Password Spray Attack - Force Set SPN - Abusing Shadow Copies - List and Decrypt Stored Credentials using Mimikatz - Unconstrained Delegation - Constrained Delegation - Resource Based Constrained Delegation - DNSAdmins Abuse - Abusing Active Directory-Integrated DNS - Abusing Backup Operators Group - Abusing Exchange - Weaponizing Printer Bug - Abusing ACLs - Abusing IPv6 with mitm6 - SID History Abuse - Exploiting SharePoint - Zerologon - PrintNightmare - Active
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A repository of cybersecurity conference presentation slides from Black Hat, Offensivecon, and REcon.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.