40% off for Members
Windows Active Directory Penetration Testing Study Notes
40% off for Full Access | Study Notes Members. Promotion auto-applied on checkout.
Windows Active Directory Penetration Testing Study Notes is an extensive study guide and command reference for Windows Active Directory (AD) Penetration Testing. It is structured into four core parts:
- AD Basics – foundational concepts such as Domains, Domain Controllers, Forests, Trees, Organizational Units (OUs), Trusts, Global Catalog, and AD Server Roles.
- Enumeration Techniques – tools and commands for discovering users, groups, policies, services, and defenses across an AD environment.
- Exploitation & Privilege Escalation – attack methods including DCSync, BloodHound analysis, ACL abuse, token impersonation, SPN exploitation, and Group Policy misconfigurations.
- Post-Exploitation & Persistence – methods to harvest credentials, establish persistence, and move laterally using techniques like Pass-the-Hash, Kerberos attacks, and privilege escalation exploits.
Table of Contents
AD Basics
- Windows Domain
- Active Directory
- Domain Controller
- Trees
- Forests
- AD Trust
- Security Groups vs OUs
- Group Policy
- Authentication Protocols in AD
Enumeration
- Users, Groups and Machines Enumeration
- Enumerating Defences and SecuritySettings
- Enumeration with Automated Scripts
- Enumeration with Powerview.ps1
- Enumeration with Metasploit andPowerspolit
- AD Enumeration with DSquery
- Enumerating Services and Processes
Exploitation and Privilege Escalation
- BloodHound
- Data Interpretation in BloodHound
- Exploiting ACEs and PermissionDelegations
- Exploiting Active Directory using DCOMwith Macro-Enabled MS Excel
- Performing DCSync Attack
- Exploiting SeBackupPrivilege
- Using the Diskshadow method andPowershell
- By copying the SAM and SYSTEM
- Registry hives
- Exploiting PAC in Kerebros
- Exploiting Server Operators Group
- Exploiting DNS Admin Group
- Exploiting Group Policy Preferences
- Manual Methods
- Exploitation with Powersploit
- Token Impersonation
- Kerberos Delegation Exploitation
- Exploiting Delegation With Powerview.ps1
Credential Harvesting & Persistence Attacks
- Kerberos Attacks
- Password Spraying Attack
- ASREP ROASTING
- Brute forcing usernames and passwords with Kereberos
- Keberosting using cracked credentials
- Brute forcing a user hash given a list of users and hashes by performing TGTs retrieval
- Kerberos Golden and Silver Tickets
- Cracking ntds.dit and registry file system
- LDAP Pass-back attack
- Harvesting Credentials from Config Files
- Harvesting Credentials From SAM
- Harvesting From Credential Manager
- Harvesting using Local Administrator
- Password Solution (LAPS)
- Persistence through SID History
- Persistence Through Group Policy
- Persistence through Nested Groups
- Persistence Through Logon Script
- Deployment
Post Exploitation
- Credential Harvesting
- Dumping certificates from target machine with powershell and Mimikatz in memory
- Infecting other domain joined machines using WMI method from Powerview
- Downloading and executing a powershell script in memory ( Mimikatz.ps1 ) to harvest admin password on the targeted domain controller.
- Powershell script that Downloads Mimikatz and executes it on multiple defined machines using WMI.
- Credential Harvesting Using LDAP Queries
- Accessing the netlogon share on DC
Lateral Movement
- Definition
- With PsExec
- With WINRM
- With Service Management Tools SC
- With Scheduled Tasks
- With WMI
- Using PassTheHash
- Using Pass The Ticket
- Using Overpass-the-hash / Pass-the-Key
- Using Port Forwarding
- SSH Tunneling
- With Socat
- Dynamic Forwarding with SOCKS
Who is this study guide for?
- Penetration Testers
- Aspiring learners who are looking to learn Windows Active Directory Penetration Testing
Format:
Page count: 152
Note: This product is not eligible for a refund.
If you have concerns regarding the product, kindly contact consultation@motasem-notes.net and clarify your issue and explain why the eligibility for a refund.