AD penetration Testing Project

By Ruben Enkaoua - GL4Di4T0R

Based on the TCM PEH course (Heath Adams)

Index

1 - Setting Up the Lab

• Intallation of a Windows Server 2016
• Installation of the Windows 10 machines
• Setting the domain configuration
• Setting the domain virtual network

2 - Initial Attack Vector

• LLMNR Poisoning (Attack / Defense)
• Responder and Credentials Capture
• SMB Relay (Attack / Defense)
• Hosts Discovery
• Setting Up LDAPS
• IPv6 Overview (Attack / Defense)
• IPv6 DNS Takeover - MITM6
• Other Attacks Vectors and Strategies

3 - Post Compromise Enumeration

• Uploading Content
• Domain Enumeration - PowerView
• Bloodhound Setup
• Grabbing Data with Sharphound
• Enumerating and Mapping Domain Data with Bloodhound

4 - Post Compromise Attack

• Pass The Hash / Pass the Password (Attacks / Mitigations)
• Installing CrackMapExec
• Dumping Hashes with secretsdump
• Token Impersonation - Incognito (Attack / Mitigation)
• Kerberoasting (Attack / Mitigation)
• Mimikatz and Credentials Dumping
• Mimikatz - Golden Ticket Attack