Before we can Exploit Active Directory Misconfigurations for Privilege Escalation - Lateral Movement we need to Achieve Initial Access.
This Module Contains Authentication Methods, LDAP - MDT - NTLM and usual Locations of the Configuration Files that can contain Exposed Credentials.
Once we have the first set of Active Directory Credentials, we can start Enumerating various Details about the AD Setup and Structure with Authenticated Access.
This Module contains Command Line - Powershell Enumeration Techniques.
Techniques used to Move Around the Network while creating as few Alerts as Possible.
This Module Contains Kerberos - NetNTLM Authentication Methods and how to Circumvent those Methods. Guides on how to Spawn Process Remotely.
- Remote Desktop Protocol Hijacking
- Port Forwarding with Tools such as
Socat - Chisel - SSH - Installation of MSI Packages through WMI
This Phase Exploits Misconfigurations to perform a combination of Lateral Movement and Privilege Escalation.
This Module Contains Permission Delegation - Kerberos Delegation - Automated Relays - Group Policy Objects - Certificates - Domain Trusts.
This Phase Covers several methods that can be used to Persist in Active Directory.
This Module Contains AD Credentials and DCSync-ing - Silver and Golden Tickets - AD Certificates - AD Security Identifiers (SIDs) - Access Control Lists - Group Policy Objects (GPOs).
This Module discusses the fundamental knowledge on how to take Advantage of obtained Credentials to perform Lateral Movement and Access Resources within the Active Directory Environment.