Active Directory Penetration Testing methods with simulations

Overview

AD penetration Testing Project

By Ruben Enkaoua - GL4Di4T0R

Based on the TCM PEH course (Heath Adams)

Index

1 - Setting Up the Lab

  • Intallation of a Windows Server 2016
  • Installation of the Windows 10 machines
  • Setting the domain configuration
  • Setting the domain virtual network

2 - Initial Attack Vector

  • LLMNR Poisoning (Attack / Defense)
  • Responder and Credentials Capture
  • SMB Relay (Attack / Defense)
  • Hosts Discovery
  • Setting Up LDAPS
  • IPv6 Overview (Attack / Defense)
  • IPv6 DNS Takeover - MITM6
  • Other Attacks Vectors and Strategies

3 - Post Compromise Enumeration

  • Uploading Content
  • Domain Enumeration - PowerView
  • Bloodhound Setup
  • Grabbing Data with Sharphound
  • Enumerating and Mapping Domain Data with Bloodhound

4 - Post Compromise Attack

  • Pass The Hash / Pass the Password (Attacks / Mitigations)
  • Installing CrackMapExec
  • Dumping Hashes with secretsdump
  • Token Impersonation - Incognito (Attack / Mitigation)
  • Kerberoasting (Attack / Mitigation)
  • Mimikatz and Credentials Dumping
  • Mimikatz - Golden Ticket Attack
You might also like...
pytest plugin for distributed testing and loop-on-failures testing modes.

xdist: pytest distributed testing plugin The pytest-xdist plugin extends pytest with some unique test execution modes: test run parallelization: if yo

Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

Hypothesis Hypothesis is a family of testing libraries which let you write tests parametrized by a source of examples. A Hypothesis implementation the

Generic automation framework for acceptance testing and RPA

Robot Framework Introduction Installation Example Usage Documentation Support and contact Contributing License Introduction Robot Framework is a gener

Scalable user load testing tool written in Python
Scalable user load testing tool written in Python

Locust Locust is an easy to use, scriptable and scalable performance testing tool. You define the behaviour of your users in regular Python code, inst

A modern API testing tool for web applications built with Open API and GraphQL specifications.
A modern API testing tool for web applications built with Open API and GraphQL specifications.

Schemathesis Schemathesis is a modern API testing tool for web applications built with Open API and GraphQL specifications. It reads the application s

Sixpack is a language-agnostic a/b-testing framework

Sixpack Sixpack is a framework to enable A/B testing across multiple programming languages. It does this by exposing a simple API for client libraries

Automatically mock your HTTP interactions to simplify and speed up testing

VCR.py 📼 This is a Python version of Ruby's VCR library. Source code https://github.com/kevin1024/vcrpy Documentation https://vcrpy.readthedocs.io/ R

Scalable user load testing tool written in Python
Scalable user load testing tool written in Python

Locust Locust is an easy to use, scriptable and scalable performance testing tool. You define the behaviour of your users in regular Python code, inst

Automatically mock your HTTP interactions to simplify and speed up testing

VCR.py 📼 This is a Python version of Ruby's VCR library. Source code https://github.com/kevin1024/vcrpy Documentation https://vcrpy.readthedocs.io/ R

Owner
GL4DI4T0R
GL4DI4T0R
PyBuster A directory busting tool for web application penetration tester, written in python

PyBuster A directory busting tool for web application penetration tester, written in python. Supports custom wordlist,recursive search. Screenshots Pr

Anukul Pandey 4 Jan 30, 2022
PacketPy is an open-source solution for stress testing network devices using different testing methods

PacketPy About PacketPy is an open-source solution for stress testing network devices using different testing methods. Currently, there are only two c

null 4 Sep 22, 2022
fsociety Hacking Tools Pack – A Penetration Testing Framework

Fsociety Hacking Tools Pack A Penetration Testing Framework, you will have every script that a hacker needs. Works with Python 2. For a Python 3 versi

Manisso 8.2k Jan 3, 2023
A Modular Penetration Testing Framework

fsociety A Modular Penetration Testing Framework Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety [-h] [-i] [-

fsociety-team 802 Dec 31, 2022
Automated Penetration Testing Framework

Automated Penetration Testing Framework

OWASP 2.1k Jan 1, 2023
WEB PENETRATION TESTING TOOL 💥

N-WEB ADVANCE WEB PENETRATION TESTING TOOL Features ?? Admin Panel Finder Admin Scanner Dork Generator Advance Dork Finder Extract Links No Redirect H

null 56 Dec 23, 2022
Python tools for penetration testing

pyTools_PT python tools for penetration testing Please don't use these tool for illegal purposes. These tools is meant for penetration testing for leg

Gourab 1 Dec 1, 2021
Penetration testing

Penetration testing

null 3 Jan 11, 2022
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the

mitmproxy 29.7k Jan 2, 2023
RAT-el is an open source penetration test tool that allows you to take control of a windows machine.

To prevent RATel from being detected by antivirus, please do not upload the payload to TOTAL VIRUS. Each month I will test myself if the payload gets detected by antivirus. So you’ll have a photo every month to prove RAtel’s discretion.

null 218 Dec 16, 2022