Active Directory Pentesting

cateOVRcateOVR
2 min read

Introduction

My final year project at the University of Malaga (Spain) is the creation of an Active Directory environment for its exploitation. The objective of this project is to highlight the most common attacks that occur in real business environments. To achieve this, an experimental pilot has been carried out in which an Active Directory environment with vulnerabilities has been created in order to show the known weaknesses and configuration errors that could allow a real attacker to compromise the entire enterprise system. Mitigating measures that should be implemented to avoid the most common vulnerabilities and attacks in this type of environment are also presented.

Achieving a remarkable 9.5/10 grade for our recent project, I'm excited to share with you the step-by-step guide on setting up a test lab, along with the comprehensive methodology we employed during the various attacks. While the original document is in my native language, I'm committed to making this information accessible to a wider audience by translating it into a series of blog posts.

These upcoming posts will cater to readers who may not possess extensive experience with Active Directory environments, ensuring a smooth learning experience from the ground up. In these forthcoming articles, we'll delve into a range of techniques, including:

  • NTLM poisoning

  • SMB Relay

  • ASREPRoast

  • Kerberoasting

  • Golden Ticket

  • Silver Ticket

  • Pass the Hash

  • Overpass the Hash

  • Pass the Key

  • Pass The Ticket

  • Bypass PowerShell Malicious Detection (Obfuscating the malware)

Finally, I am developing an Active Directory pentesting tool to exploit all vulnerabilities derived from a default AD configuration. Soon I will be commenting on the new features of this tool.

Intrusion assessment of Active Directory-based environments

0
Subscribe to my newsletter

Read articles from cateOVR directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

cateOVR
cateOVR