![[FCO]FreeCoursesOnline](https://onehack.us/uploads/default/original/3X/b/4/b4d2fc8468becec1e9976784dba394e5a378ec81.jpg){kind=small}
This cheat sheet contains common enumeration and attack methods for Windows Active Directory.
This cheat sheet is inspired by the PayloadAllTheThings repo.
Summary
- Active Directory Exploitation Cheat Sheet
- Summary
- Tools
- Domain Enumeration
- Using PowerView
- Using AD Module
- Using BloodHound
- Remote BloodHound
- On Site BloodHound
- Using Adalanche
- Remote adalanche
- Useful Enumeration Tools
- Local Privilege Escalation
- Useful Local Priv Esc Tools
- Lateral Movement
- Powershell Remoting
- Remote Code Execution with PS Credentials
- Import a PowerShell Module and Execute its Functions Remotely
- Executing Remote Stateful commands
- Mimikatz
- Remote Desktop Protocol
- URL File Attacks
- Useful Tools
- Domain Privilege Escalation
- Kerberoast
- ASREPRoast
- Password Spray Attack
- Force Set SPN
- Abusing Shadow Copies
- List and Decrypt Stored Credentials using Mimikatz
- Unconstrained Delegation
- Constrained Delegation
- Resource Based Constrained Delegation
- DNSAdmins Abuse
- Abusing Active Directory-Integraded DNS
- Abusing Backup Operators Group
- Abusing Exchange
- Weaponizing Printer Bug
- Abusing ACLs
- Abusing IPv6 with mitm6
- SID History Abuse
- Exploiting SharePoint
- Zerologon
- PrintNightmare
- Active Directory Certificate Services
- No PAC
- Domain Persistence
- Golden Ticket Attack
- DCsync Attack
- Silver Ticket Attack
- Skeleton Key Attack
- DSRM Abuse
- Custom SSP
- Cross Forest Attacks
- Trust Tickets
- Abuse MSSQL Servers
- Breaking Forest Trusts
Tools
- Powersploit
- PowerUpSQL
- Powermad
- Impacket
- Mimikatz
- Rubeus → Compiled Version
- BloodHound
- AD Module
- ASREPRoast
- Adalanche
GitHub:
ENJOY & HAPPY LEARNING! 