AD penetration Testing Project
By Ruben Enkaoua - GL4Di4T0R
Based on the TCM PEH course (Heath Adams)
Index
1 - Setting Up the Lab
- Intallation of a Windows Server 2016
- Installation of the Windows 10 machines
- Setting the domain configuration
- Setting the domain virtual network
2 - Initial Attack Vector
- LLMNR Poisoning (Attack / Defense)
- Responder and Credentials Capture
- SMB Relay (Attack / Defense)
- Hosts Discovery
- Setting Up LDAPS
- IPv6 Overview (Attack / Defense)
- IPv6 DNS Takeover - MITM6
- Other Attacks Vectors and Strategies
3 - Post Compromise Enumeration
- Uploading Content
- Domain Enumeration - PowerView
- Bloodhound Setup
- Grabbing Data with Sharphound
- Enumerating and Mapping Domain Data with Bloodhound
4 - Post Compromise Attack
- Pass The Hash / Pass the Password (Attacks / Mitigations)
- Installing CrackMapExec
- Dumping Hashes with secretsdump
- Token Impersonation - Incognito (Attack / Mitigation)
- Kerberoasting (Attack / Mitigation)
- Mimikatz and Credentials Dumping
- Mimikatz - Golden Ticket Attack
