Please enable JavaScript.
Coggle requires JavaScript to display documents.
Active Directory :explode: - Coggle Diagram
Active Directory :explode:
Active Directory Introduction and Enumeration
Active Directory Manual
Enumeration
Enumerate Active Directory using legacy
Windows applications
Use PowerShell and .NET to perform
additional AD enumeration
Manual Enumeration
Expanding our Repertoire
Enumerate Operating Systems Permissions
and logged on users
Enumerate Through Service Principal Names
Enumerate Object Permissions
Explore Domain Shares
Active Directory
Automated Enumeration
Collect domain data using SharpHound
Analyze domain data using BloodHound
Attacking Active Directory Authentication
Use password attacks to obtain valid user
credentials
Abuse the enabled use account options
Abuse the Kerberos SPN authentication
mechanism
Forge service tickets
Impersonate a domain controller to retrieve
any domain user credentials
Lateral Movement in Active Directory
Active Directory LAteral
Movement Techniques
Understand WMI, WinRS, and WinRM lateral
movement techniques
Abuse PsExec for lateral movement
Learn about Pass The Hash and Overpass
The Hash as lateral movement techniques
Misuse DCOM to move laterally
Active Directory
Persistence
Understand the general purpose of
persistence techniques
Leverage golden tickets as a persistence
attack
Learn about shadow copies and how they
can be abused for persistence
Assembling the Pieces
Enumerating the Public Network
Enumerate machines on a public network
Obtain useful information to utilize for later attacks
Attacking WEBSRV1
Utilize vulnerabilities in WordPress Plugins
Crack the passphrase of a SSH private key
Elevate privileges using sudo commands
Leverage developer artifacts to obtain
sensitive information
Gaining Access to the Internal Network
Validate domain credentials from a
non-domain-joined machine
Perform phishing to get access to internal
network
Enumerating the Internal Network
Gain situational awareness in a network
Enumerate hosts, services, and sessions in a
target network
Identify attack vectors in target network
Attacking the Web Application on INTERNALSRV1
Perform Kerberoasting
Abuse a WordPress Plugin function for a
Relay attack
Gaining Access to the Domain Controller
Gather information to prepare client-side
attacks
Leverage client fingerprinting to obtain
information
Attacking Active Directory Authentication
Become familiar with cached AD Credentials
Understand Kerberos Authentication
Understand NTLM Authentication