Active Directory Attacks

Purpose

Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege escalation, and domain dominance for red team operations and penetration testing.

Inputs/Prerequisites

• Kali Linux or Windows attack platform

• Domain user credentials (for most attacks)

• Network access to Domain Controller

• Tools: Impacket, Mimikatz, BloodHound, Rubeus, CrackMapExec

Outputs/Deliverables

• Domain enumeration data

• Extracted credentials and hashes

• Kerberos tickets for impersonation

• Domain Administrator access

• Persistent access mechanisms

Essential Tools

Tool Purpose

BloodHound AD attack path visualization

Impacket Python AD attack tools

Mimikatz Credential extraction

Rubeus Kerberos attacks

CrackMapExec Network exploitation

PowerView AD enumeration

Responder LLMNR/NBT-NS poisoning

Core Workflow

🧠 Knowledge Modules (Fractal Skills)

1. Step 1: Kerberos Clock Sync

2. Step 2: AD Reconnaissance with BloodHound

3. Step 3: PowerView Enumeration

4. Password Spraying

5. Kerberoasting

6. AS-REP Roasting

7. DCSync Attack

8. Pass-the-Ticket (Golden Ticket)

9. Silver Ticket

10. Pass-the-Hash

11. OverPass-the-Hash

12. Responder + ntlmrelayx

13. SMB Signing Check

14. ESC1 - Misconfigured Templates

15. ESC8 - Web Enrollment Relay

16. ZeroLogon (CVE-2020-1472)

17. PrintNightmare (CVE-2021-1675)

18. samAccountName Spoofing (CVE-2021-42278/42287)

19. Example 1: Domain Compromise via Kerberoasting

20. Example 2: NTLM Relay to LDAP