Home / Active Directory

🏢 Active Directory Security

Comprehensive Active Directory penetration testing guide. Learn AD enumeration, Kerberos attacks, credential harvesting, privilege escalation, and domain domination techniques.

Legal Notice: Only test Active Directory environments you own or have explicit written authorization to assess. Unauthorized AD access violates computer crime laws.

Kerberoasting

High

Request TGS tickets for service accounts, crack offline to find weak passwords.

Full Guide

AS-REP Roasting

High

Request AS-REP tickets for accounts with "Do not require Kerberos preauthentication".

Full Guide

Golden Ticket

Critical

Forge TGT using KRBTGT hash. Persistent domain admin access that lasts years.

Full Guide

Pass the Hash

High

Authenticate using NTLM hash instead of password. Over-pass-the-hash techniques.

Full Guide

Pass the Ticket

High

Use extracted Kerberos tickets for lateral movement and privilege escalation.

Full Guide

NTLM Relay

Critical

LLMNR/NBT-NS poisoning, SMB relay attacks, credential capture and relay.

Full Guide

DCSync Attack

Critical

Replicate domain credentials using DRS (Directory Replication Service).

Full Guide

AD Enumeration

High

BloodHound enumeration, LDAP queries, PowerView reconnaissance.

Full Guide

🛠️ Essential Tools

BloodHound

AD attack path analysis. Graph database for finding privilege escalation paths to DA.

Mimikatz

Credential extraction, pass-the-hash, pass-the-ticket, golden ticket, DCSync.

Rubeus

Kerberos attack toolkit. Kerberoasting, AS-REP roasting, ticket manipulation.

Responder

LLMNR/NBT-NS/mDNS poisoner. SMB relay, HTTP auth capture, credential stealing.

CrackMapExec

Swiss army knife for AD pentesting. Network attacking, credential dumping.

SharpHound

BloodHound data collector for AD enumeration. User, group, ACL collection.

Back to Home