Learn how advanced Active Directory Attacks are executed and secure your infrastructure.

On Going Study…

Domain Enumeration with PowerView

Active Directory Attacks – Initial Attack Vectors

active directory vulnerabilities

LLMNR Poisoning / SMB Relay Attacks

https://attack.mitre.org/techniques/T1557/001/

Capturing NTLMv2 Hashs

SMB Signing Disable

Passback Attack

Enumerating Domain Data with Bloodhound

Active Directory Attacks – Post-Compromise

Pass the Hash / Password Overview

Active Directory Abusing ZeroLogon

active directory attacks 2020

TryhackMe Windows PrivEsc Walkthrough

PrintNightmare (CVE-2021-1675) Walkthrough

How to Install Impacket

Sources: TrendMicro ZeroLogon

dirkjanm CVE-2020-1472

SecuraBV ZeroLogon Checker

Active Directory Attacks

Active Directory (AD) is a critical component of many organizations’ IT infrastructure, and it’s often targeted by attackers seeking to gain access to sensitive data or systems.

Total Time: 1 hour

AD Password attacks

Active Directory (AD) password attacks are a common type of attack used by cybercriminals to gain unauthorized access to AD user accounts.

AD Pass-the-hash attacks

Pass-the-hash attacks are a type of attack used by cybercriminals to gain access to Windows-based systems, including those that are part of an Active Directory (AD) domain. In a pass-the-hash attack, the attacker steals the hashed password of a domain user and uses it to authenticate as that user without needing to know the actual password.

AD Domain controller attacks

Active Directory (AD) Domain Controllers (DCs) are critical components of an organization’s IT infrastructure, and they are often targeted by cybercriminals seeking to gain unauthorized access to sensitive data or systems.

AD Golden ticket attacks

Golden ticket attacks are a type of attack that can be used to gain unauthorized access to an Active Directory (AD) domain. In a golden ticket attack, the attacker creates a forged Kerberos ticket-granting ticket (TGT) that grants them access to the domain as a privileged user, such as a domain administrator.

AD Domain hijacking

AD domain hijacking is a type of attack where an attacker gains control of an Active Directory (AD) domain, typically by compromising one or more domain controllers. Once the attacker has control of the domain, they can create new user accounts, modify existing accounts, grant themselves elevated privileges, and potentially access sensitive data or systems.

Supply:

  • Password attacks
  • Pass-the-hash attacks
  • Domain controller attacks
  • Golden ticket attacks
  • Domain hijacking

Tools:

  • CrackMapExec

Why do attackers target Active Directory?

Attackers target Active Directory because it is a critical component of many organizations’ IT infrastructure, and compromising it can give them access to sensitive data or systems.

What is a password attack?

A password attack is a type of attack where an attacker tries to guess or crack a user’s password to gain access to their account.

What is a domain controller?

A domain controller is a server that manages the authentication and authorization of users and computers in an Active Directory domain.

What is a golden ticket attack?

A golden ticket attack is a type of attack where an attacker forges a Kerberos ticket that grants them unlimited access to the Active Directory domain.

How can organizations prevent Active Directory attacks?

Organizations can prevent Active Directory attacks by implementing strong password policies, regularly patching and updating their AD infrastructure, implementing two-factor authentication, limiting access to sensitive AD functions, and conducting regular security audits and penetration testing.

Oh hi there 👋 It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Read our privacy policy for more info.

PopLAbSec_Logo

Hacking tips!

We don’t spam! Read our privacy policy for more info.