⌘Ctrlk

What is ired.team notes?
- Pentesting Cheatsheets
- Active Directory & Kerberos Abuse
  From Domain Admin to Enterprise Admin
  Kerberoasting
  Kerberos: Golden Tickets
  Kerberos: Silver Tickets
  AS-REP Roasting
  Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled
  Kerberos Unconstrained Delegation
  Kerberos Constrained Delegation
  Kerberos Resource-based Constrained Delegation: Computer Object Takeover
  Domain Compromise via DC Print Server and Kerberos Delegation
  DCShadow - Becoming a Rogue Domain Controller
  DCSync: Dump Password Hashes from Domain Controller
  PowerView: Active Directory Enumeration
  Abusing Active Directory ACLs/ACEs
  Privileged Accounts and Token Privileges
  From DnsAdmins to SYSTEM to Domain Compromise
  Pass the Hash with Machine$ Accounts
  BloodHound with Kali Linux: 101
  Backdooring AdminSDHolder for Persistence
  Active Directory Enumeration with AD Module without RSAT or Admin Privileges
  Enumerating AD Object Permissions with dsacls
  Active Directory Password Spraying
  Active Directory Lab with Hyper-V and PowerShell
  ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate
  From Misconfigured Certificate Template to Domain Admin
  Shadow Credentials
  Abusing Trust Account$: Accessing Resources on a Trusted Domain from a Trusting Domain

Powered by GitBook

For the complete documentation index, see llms.txt. This page is also available as Markdown.

Pinned

Active Directory & Kerberos Abuse

A collection of techniques that exploit and abuse Active Directory, Kerberos authentication, Domain Controllers and similar matters.

From Domain Admin to Enterprise Admin Kerberoasting Kerberos: Golden Tickets Kerberos: Silver Tickets AS-REP Roasting Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled Kerberos Unconstrained Delegation Kerberos Constrained Delegation Kerberos Resource-based Constrained Delegation: Computer Object Takeover Domain Compromise via DC Print Server and Kerberos Delegation DCShadow - Becoming a Rogue Domain Controller DCSync: Dump Password Hashes from Domain Controller PowerView: Active Directory Enumeration Abusing Active Directory ACLs/ACEs Privileged Accounts and Token Privileges From DnsAdmins to SYSTEM to Domain Compromise Pass the Hash with Machine$ Accounts BloodHound with Kali Linux: 101 Backdooring AdminSDHolder for Persistence Active Directory Enumeration with AD Module without RSAT or Admin Privileges Enumerating AD Object Permissions with dsacls Active Directory Password Spraying Active Directory Lab with Hyper-V and PowerShell ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate From Misconfigured Certificate Template to Domain Admin Shadow Credentials Abusing Trust Account$: Accessing Resources on a Trusted Domain from a Trusting Domain

PreviousSQL Injection & XSS Playground NextFrom Domain Admin to Enterprise Admin

Last updated 7 years ago