Active Directory Exploitation Cheat Sheet
0
Free
This cheat sheet contains common enumeration and attack methods for Windows Active Directory. This cheat sheet is inspired by the PayloadAllTheThings repo. Tools: - Domain Enumeration - Using PowerView - Using AD Module - Using BloodHound - Remote BloodHound - On Site BloodHound - Using Adalanche - Remote adalanche Useful Enumeration Tools: - Local Privilege Escalation - Useful Local Priv Esc Tools Lateral Movement: - Powershell Remoting - Remote Code Execution with PS Credentials - Import a PowerShell Module and Execute its Functions Remotely - Executing Remote Stateful commands - Mimikatz - Remote Desktop Protocol - URL File Attacks Useful Tools: - Domain Privilege Escalation - Kerberoast - ASREPRoast - Password Spray Attack - Force Set SPN - Abusing Shadow Copies - List and Decrypt Stored Credentials using Mimikatz - Unconstrained Delegation - Constrained Delegation - Resource Based Constrained Delegation - DNSAdmins Abuse - Abusing Active Directory-Integrated DNS - Abusing Backup Operators Group - Abusing Exchange - Weaponizing Printer Bug - Abusing ACLs - Abusing IPv6 with mitm6 - SID History Abuse - Exploiting SharePoint - Zerologon - PrintNightmare - Active
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Free
Curated list of acronyms and terms related to cyber security landscape with explanations beyond buzzwords.
Free
A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.
Free
A blog post discussing the differences between Solaris Zones, BSD Jails, VMs, and containers, with the author arguing that containers are not a real thing.
Free
Hands-on cybersecurity training and testing platform with 1800+ labs
Free
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
Free
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical and artefact analysis fundamentals.
Free
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Commercial
Security Operations
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Commercial
Application Security
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Commercial
IAM
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security