Learn how advanced Active Directory Attacks are executed and secure your infrastructure.
On Going Study…
Table of Contents
Domain Enumeration with PowerView
Active Directory Attacks – Initial Attack Vectors
active directory vulnerabilities
LLMNR Poisoning / SMB Relay Attacks
https://attack.mitre.org/techniques/T1557/001/
Capturing NTLMv2 Hashs
SMB Signing Disable
Passback Attack
Enumerating Domain Data with Bloodhound
Active Directory Attacks – Post-Compromise
Pass the Hash / Password Overview
Active Directory Abusing ZeroLogon
active directory attacks 2020
TryhackMe Windows PrivEsc Walkthrough
PrintNightmare (CVE-2021-1675) Walkthrough
Sources: TrendMicro ZeroLogon
Active Directory (AD) is a critical component of many organizations’ IT infrastructure, and it’s often targeted by attackers seeking to gain access to sensitive data or systems.
Total Time: 1 hour
AD Password attacks
Active Directory (AD) password attacks are a common type of attack used by cybercriminals to gain unauthorized access to AD user accounts.
AD Pass-the-hash attacks
Pass-the-hash attacks are a type of attack used by cybercriminals to gain access to Windows-based systems, including those that are part of an Active Directory (AD) domain. In a pass-the-hash attack, the attacker steals the hashed password of a domain user and uses it to authenticate as that user without needing to know the actual password.
AD Domain controller attacks
Active Directory (AD) Domain Controllers (DCs) are critical components of an organization’s IT infrastructure, and they are often targeted by cybercriminals seeking to gain unauthorized access to sensitive data or systems.
AD Golden ticket attacks
Golden ticket attacks are a type of attack that can be used to gain unauthorized access to an Active Directory (AD) domain. In a golden ticket attack, the attacker creates a forged Kerberos ticket-granting ticket (TGT) that grants them access to the domain as a privileged user, such as a domain administrator.
AD Domain hijacking
AD domain hijacking is a type of attack where an attacker gains control of an Active Directory (AD) domain, typically by compromising one or more domain controllers. Once the attacker has control of the domain, they can create new user accounts, modify existing accounts, grant themselves elevated privileges, and potentially access sensitive data or systems.
Supply:
- Password attacks
- Pass-the-hash attacks
- Domain controller attacks
- Golden ticket attacks
- Domain hijacking
Tools:
- CrackMapExec
Why do attackers target Active Directory?
Attackers target Active Directory because it is a critical component of many organizations’ IT infrastructure, and compromising it can give them access to sensitive data or systems.
What is a password attack?
A password attack is a type of attack where an attacker tries to guess or crack a user’s password to gain access to their account.
What is a domain controller?
A domain controller is a server that manages the authentication and authorization of users and computers in an Active Directory domain.
What is a golden ticket attack?
A golden ticket attack is a type of attack where an attacker forges a Kerberos ticket that grants them unlimited access to the Active Directory domain.
How can organizations prevent Active Directory attacks?
Organizations can prevent Active Directory attacks by implementing strong password policies, regularly patching and updating their AD infrastructure, implementing two-factor authentication, limiting access to sensitive AD functions, and conducting regular security audits and penetration testing.
