Active Directory Attack Paths
Active Directory is the backbone of enterprise identity management. This guide covers advanced techniques for identifying and exploiting attack paths to compromise the domain.
What You'll Learn
- Kerberos protocol exploitation
- Delegation abuse techniques
- ACL misconfiguration exploitation
- BloodHound attack path analysis
Attack Categories
Kerberos Attacks
Exploiting the Kerberos protocol: Kerberoasting, AS-REP Roasting, and forging Golden/Silver Tickets.
Delegation Attacks
Abusing Unconstrained, Constrained, and Resource-Based Constrained Delegation for privilege escalation.
ACL Abuse
Exploiting misconfigured Access Control Lists (GenericAll, WriteDACL, etc.) to take over objects.
BloodHound Analysis
Using graph theory to visualize and identify complex attack paths in Active Directory environments.
AD CS Abuse
Exploiting Active Directory Certificate Services (ESC1, ESC8) for privilege escalation and persistence.
Essential Tools
Impacket
Collection of Python classes for working with network protocols. Essential for AD attacks.
BloodHound
Single Page Application for visualising Active Directory trust relationships.
Rubeus
C# toolset for raw Kerberos interaction and abuses.
Mimikatz
A tool to play with Windows security (extracting passwords, tickets, etc.).
PowerView
PowerShell tool to gain network situational awareness on Windows domains.
PetitPotam
Tool to coerce Windows hosts to authenticate to other machines.
Certify
C# tool to enumerate and abuse Active Directory Certificate Services (AD CS).
⚠️ Legal Disclaimer
Active Directory attacks should only be performed on systems you own or have explicit written authorization to test. Unauthorized access to computer systems is illegal.