s1ckb0y1337 / active-directory-exploitation-cheat-sheet Goto Github PK
View Code? Open in Web Editor NEWA cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
License: MIT License
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
License: MIT License
cool stuff
o alh8inos egw
Integrating a mindmap like this could also be really helpful :)
https://www.xmind.net/m/5dypm8/
https://github.com/Orange-Cyberdefense/arsenal/tree/master/mindmap
Like
CVE-2020-0932
CVE-2019-1257
CVE-2019-0604
When you pwned the SharePoint, you get more domain accounts
ref https://www.zerodayinitiative.com/blog?tag=SharePoint
Noticed you went for title case, however some sections, do not respect this (OCD alert).
Could you please address this or would you prefer me opening a PR?
hi @S1ckB0y1337 , I'm trying to conduct RBCD, and really confused with this note:
In Constrain and Resource-Based Constrained Delegation if we don't have the password/hash of the account with TRUSTED_TO_AUTH_FOR_DELEGATION that we try to abuse, we can use the very nice trick "tgt::deleg" from kekeo or "tgtdeleg" from rubeus and fool Kerberos to give us a valid TGT for that account. Then we just use the ticket instead of the hash of the account to perform the attack.
suppose I have machine acc MACHINE$ which has RBCD over DC
userAccountControl : WORKSTATION_TRUST_ACCOUNT, TRUSTED_TO_AUTH_FOR_DELEGATION
msDS-AllowedToDelegateTo : cifs/DC01.domain.local
but I dont know MACHINE$'s pass/rc4, how exctly I can request TGT for it? Rubeus.exe tgtdeleg
will return TGT for my current user, and I cannot run it under machnie's context since I dont now its passwd
These notes could be compiled into an Obsidian
-compatible ultimate cheat sheet for Red Teaming
, this would allow leveraging the features of Obsidian, e.g. search
and tagging
features.
All that would be needed would be a refactoring of this large Readme.md
into smaller chunks logically organised within folders
.
In case you might be interested in adding an Active Directory Recon Tool to the documentation under Tools:
ADDS_Tool (An Active Directory Recon Tool)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.