search

Active Directory & Kerberos Abuse

A collection of techniques that exploit and abuse Active Directory, Kerberos authentication, Domain Controllers and similar matters.

From Domain Admin to Enterprise Adminchevron-rightKerberoastingchevron-rightKerberos: Golden Ticketschevron-rightKerberos: Silver Ticketschevron-rightAS-REP Roastingchevron-rightKerberoasting: Requesting RC4 Encrypted TGS when AES is Enabledchevron-rightKerberos Unconstrained Delegationchevron-rightKerberos Constrained Delegationchevron-rightKerberos Resource-based Constrained Delegation: Computer Object Takeoverchevron-rightDomain Compromise via DC Print Server and Kerberos Delegationchevron-rightDCShadow - Becoming a Rogue Domain Controllerchevron-rightDCSync: Dump Password Hashes from Domain Controllerchevron-rightPowerView: Active Directory Enumerationchevron-rightAbusing Active Directory ACLs/ACEschevron-rightPrivileged Accounts and Token Privilegeschevron-rightFrom DnsAdmins to SYSTEM to Domain Compromisechevron-rightPass the Hash with Machine$ Accountschevron-rightBloodHound with Kali Linux: 101chevron-rightBackdooring AdminSDHolder for Persistencechevron-rightActive Directory Enumeration with AD Module without RSAT or Admin Privilegeschevron-rightEnumerating AD Object Permissions with dsaclschevron-rightActive Directory Password Sprayingchevron-rightActive Directory Lab with Hyper-V and PowerShellchevron-rightADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificatechevron-rightFrom Misconfigured Certificate Template to Domain Adminchevron-rightShadow Credentialschevron-rightAbusing Trust Account$: Accessing Resources on a Trusted Domain from a Trusting Domainchevron-right
PreviousSQL Injection & XSS PlaygroundNextFrom Domain Admin to Enterprise Admin

Last updated