This cheat sheet contains common enumeration and attack methods for Windows Active Directory.

This cheat sheet is inspired by the PayloadAllTheThings repo.

Summary

• Active Directory Exploitation Cheat Sheet
• Summary
• Tools
• Domain Enumeration
• Using PowerView
• Using AD Module
• Using BloodHound
• Remote BloodHound
• On Site BloodHound
• Using Adalanche
• Remote adalanche
• Useful Enumeration Tools
• Local Privilege Escalation
• Useful Local Priv Esc Tools
• Lateral Movement
• Powershell Remoting
• Remote Code Execution with PS Credentials
• Import a PowerShell Module and Execute its Functions Remotely
• Executing Remote Stateful commands
• Mimikatz
• Remote Desktop Protocol
• URL File Attacks
• Useful Tools
• Domain Privilege Escalation
• Kerberoast
• ASREPRoast
• Password Spray Attack
• Force Set SPN
• Abusing Shadow Copies
• List and Decrypt Stored Credentials using Mimikatz
• Unconstrained Delegation
• Constrained Delegation
• Resource Based Constrained Delegation
• DNSAdmins Abuse
• Abusing Active Directory-Integraded DNS
• Abusing Backup Operators Group
• Abusing Exchange
• Weaponizing Printer Bug
• Abusing ACLs
• Abusing IPv6 with mitm6
• SID History Abuse
• Exploiting SharePoint
• Zerologon
• PrintNightmare
• Active Directory Certificate Services
• No PAC
• Domain Persistence
• Golden Ticket Attack
• DCsync Attack
• Silver Ticket Attack
• Skeleton Key Attack
• DSRM Abuse
• Custom SSP
• Cross Forest Attacks
• Trust Tickets
• Abuse MSSQL Servers
• Breaking Forest Trusts

Tools

• Powersploit
• PowerUpSQL
• Powermad
• Impacket
• Mimikatz
• Rubeus → Compiled Version
• BloodHound
• AD Module
• ASREPRoast
• Adalanche

GitHub:

ENJOY & HAPPY LEARNING!