TL;DR · AD pentesting is different from traditional app testing, focusing onmisconfigurations, permissions, and relationships. · The goal is to move from a foothold to the Domain Controller (DC) byescalating privileges and leveraging lateral movement. · Key steps after gaining a foothold: escalate privileges, enumeratepermissions, map the network, and pivot. · Common tools: SharpUp, BloodHound, Mimikatz, Rubeus, PowerView. · OpSec
Read More
TL;DR Joining Kali Machine to AD: Change DNS Server: Edit `/etc/resolv.conf` to set the AD server as DNS. Install Tools: Run `sudo apt update` and install required packages. Join Domain: Discover the domain with `sudo realm discover THEHIVE.LOCAL` and join with `sudo realm join –user=<username> <DOMAIN NAME> Common Errors: No Installation Candidate: Add the correct
Read More
TL;DR Kerberos is a robust network authentication protocol that uses secret-key cryptography to verify users and services in a secure manner. Major components include: Key Distribution Center (KDC) consisting of Authentication Service (AS) and Ticket Granting Service (TGS) Service Ticket Granting Ticket (TGT). The authentication flow involves the client obtaining a TGT from the Authentication
Read More
TL;DR Active Directory (AD) is an identity management solution that stores information about an organization’s resources (hardware, software, user info) and manages authentication and authorization in a Windows domain network. Azure Active Directory (Azure AD) supports cloud-hosted infrastructures, and Azure AD Connect bridges on-premises AD with cloud resources. Active Directory works by storing information in
Read More