Active Directory Attacks
Comprehensive Active Directory attack techniques including Kerberoasting, AS-REP Roasting, NTLM relay, ACL abuse, and ticket attacks for red team operations.
Overview
Active Directory (AD) is the backbone of enterprise Windows environments and a primary target for attackers. Compromising AD often leads to complete domain control, making these techniques essential for penetration testers and red teamers.
Kerberos Attacks
Kerberos authentication provides multiple attack vectors:
- Kerberoasting - Extract and crack service account tickets
- AS-REP Roasting - Attack accounts without pre-authentication
- Silver Ticket Attack - Forge service tickets with compromised hashes
- KrbRelayUp - Kerberos relay for local privilege escalation
Relay Attacks
- NTLM Relay - Relay captured NTLM authentication
Permission Abuse
- ACL Abuse - Exploit misconfigured AD permissions
- DNSAdmins Exploitation - Abuse DNSAdmins group membership
Attack Methodology
Phase 1: Enumeration
Use BloodHound and PowerView to map the domain:
- Trust relationships
- Group memberships
- ACL misconfigurations
- Kerberoastable accounts
Phase 2: Initial Access
- Password spraying
- Credential harvesting
- Phishing for domain credentials
Phase 3: Privilege Escalation
- Target service accounts via Kerberoasting
- Abuse ACL misconfigurations
- Exploit trust relationships
Phase 4: Lateral Movement
- Use Impacket for remote execution
- Pass-the-Hash/Ticket attacks
- RDP/WinRM with compromised credentials
Phase 5: Persistence
- Golden/Silver ticket creation
- DC Shadow attacks
- ACL backdoors
Tools Reference
| Tool | Primary Use |
|---|---|
| BloodHound | Attack path visualization |
| PowerView | AD enumeration and exploitation |
| Impacket | Protocol-level attacks |
| Hashcat | Crack Kerberos tickets |
Related Resources
- Windows Security - Local privilege escalation
- Network Protocol Attacks - SMB and RDP exploitation
Last updated on
Ramblings of a Professional Hacker
Join me on an engaging journey where I share professional methodologies, practical techniques, and real-world experiences in penetration testing and cyber defense. Whether you're an aspiring ethical hacker or a seasoned cybersecurity professional, you'll discover actionable strategies and innovative tactics to fortify digital security.
Active Directory ACL Abuse: The Silent Path to Domain Admin
Deep dive into Access Control List exploitation in Active Directory, covering ACE permissions, BloodHound analysis, and practical attack paths for privilege escalation.