windows-ad-pentesting
by ErenYeager29
Windows AD pentesting beginner to master. Trigger on: Kerberoasting, AS-REP Roasting, Golden/Silver/Diamond/Sapphire Tickets, Pass-the-Ticket, Overpass-the-Hash, noPac, unconstrained/constrained/RBCD delegation, KrbRelay, Bronze Bit, Timeroasting, BloodHound/SharpHound, lateral movement (PsExec, WMI, WinRM, DCOM, PtH), ACL abuse (GenericAll, WriteDACL, GPO, AdminSDHolder, shadow credentials, DNSAdmin), DCSync, credential dumping (Mimikatz, secretsdump, LSASS, DPAPI, DonPAPI, domain backup key), NTLM relay (Responder, ntlmrelayx, PetitPotam), AD CS (ESC1-16, Certifried, Certipy, PKINIT), MSSQL (mssqlclient, xp_cmdshell, linked servers), gMSA, Windows LAPS, ADIDNS/wpad, SCCM/MECM/SharpSCCM, WSUS, persistence, forest/trust attacks, AMSI/ETW/process injection evasion. Vague triggers: "pwn AD", "get DA", "domain admin", "krbtgt", "ntds.dit", "AD lab". All topics: concept, commands, OPSEC, detection.