Active Directory Exploitation Cheat Sheet Logo

Active Directory Exploitation Cheat Sheet

0
Free
Visit Website

This cheat sheet contains common enumeration and attack methods for Windows Active Directory. This cheat sheet is inspired by the PayloadAllTheThings repo. Tools: - Domain Enumeration - Using PowerView - Using AD Module - Using BloodHound - Remote BloodHound - On Site BloodHound - Using Adalanche - Remote adalanche Useful Enumeration Tools: - Local Privilege Escalation - Useful Local Priv Esc Tools Lateral Movement: - Powershell Remoting - Remote Code Execution with PS Credentials - Import a PowerShell Module and Execute its Functions Remotely - Executing Remote Stateful commands - Mimikatz - Remote Desktop Protocol - URL File Attacks Useful Tools: - Domain Privilege Escalation - Kerberoast - ASREPRoast - Password Spray Attack - Force Set SPN - Abusing Shadow Copies - List and Decrypt Stored Credentials using Mimikatz - Unconstrained Delegation - Constrained Delegation - Resource Based Constrained Delegation - DNSAdmins Abuse - Abusing Active Directory-Integrated DNS - Abusing Backup Operators Group - Abusing Exchange - Weaponizing Printer Bug - Abusing ACLs - Abusing IPv6 with mitm6 - SID History Abuse - Exploiting SharePoint - Zerologon - PrintNightmare - Active

FEATURES

ALTERNATIVES

edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.

An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.

A non-commercial wargame site offering pwn challenges related to system exploitation with different difficulty levels.

Interactive challenges demonstrating attacks on real-world cryptography.

Blue-team capture the flag competition for improving cybersecurity skills.

An intentionally insecure Android app designed to teach developers and security professionals about common app vulnerabilities.

Comprehensive reference guide for bug bounty hunters with detailed information on various vulnerabilities, platforms, tools, and best practices.

Practical security handbook for .NET developers.