Windows Active Directory Penetration Testing Study Notes is an extensive study guide and command reference for Windows Active Directory (AD) Penetration Testing. It is structured into four core parts:

• AD Basics – foundational concepts such as Domains, Domain Controllers, Forests, Trees, Organizational Units (OUs), Trusts, Global Catalog, and AD Server Roles.
• Enumeration Techniques – tools and commands for discovering users, groups, policies, services, and defenses across an AD environment.
• Exploitation & Privilege Escalation – attack methods including DCSync, BloodHound analysis, ACL abuse, token impersonation, SPN exploitation, and Group Policy misconfigurations.
• Post-Exploitation & Persistence – methods to harvest credentials, establish persistence, and move laterally using techniques like Pass-the-Hash, Kerberos attacks, and privilege escalation exploits.

Table of Contents

• Windows Domain
• Active Directory
• Domain Controller
• Trees
• Forests
• AD Trust
• Security Groups vs OUs
• Group Policy
• Authentication Protocols in AD

• Users, Groups and Machines Enumeration
• Enumerating Defences and SecuritySettings
• Enumeration with Automated Scripts
• Enumeration with Powerview.ps1
• Enumeration with Metasploit andPowerspolit
• AD Enumeration with DSquery
• Enumerating Services and Processes

Exploitation and Privilege Escalation

• BloodHound
• Data Interpretation in BloodHound
• Exploiting ACEs and PermissionDelegations
• Exploiting Active Directory using DCOMwith Macro-Enabled MS Excel
• Performing DCSync Attack
• Exploiting SeBackupPrivilege
• Using the Diskshadow method andPowershell
• By copying the SAM and SYSTEM
• Registry hives
• Exploiting PAC in Kerebros
• Exploiting Server Operators Group
• Exploiting DNS Admin Group
• Exploiting Group Policy Preferences
• Manual Methods
• Exploitation with Powersploit
• Token Impersonation
• Kerberos Delegation Exploitation
• Exploiting Delegation With Powerview.ps1

Credential Harvesting & Persistence Attacks

• Kerberos Attacks
• Password Spraying Attack
• ASREP ROASTING
• Brute forcing usernames and passwords with Kereberos
• Keberosting using cracked credentials
• Brute forcing a user hash given a list of users and hashes by performing TGTs retrieval
• Kerberos Golden and Silver Tickets
• Cracking ntds.dit and registry file system
• LDAP Pass-back attack
• Harvesting Credentials from Config Files
• Harvesting Credentials From SAM
• Harvesting From Credential Manager
• Harvesting using Local Administrator
• Password Solution (LAPS)
• Persistence through SID History
• Persistence Through Group Policy
• Persistence through Nested Groups
• Persistence Through Logon Script
• Deployment

Post Exploitation

• Credential Harvesting
• Dumping certificates from target machine with powershell and Mimikatz in memory
• Infecting other domain joined machines using WMI method from Powerview
• Downloading and executing a powershell script in memory ( Mimikatz.ps1 ) to harvest admin password on the targeted domain controller.
• Powershell script that Downloads Mimikatz and executes it on multiple defined machines using WMI.
• Credential Harvesting Using LDAP Queries
• Accessing the netlogon share on DC

Lateral Movement

• Definition
• With PsExec
• With WINRM
• With Service Management Tools SC
• With Scheduled Tasks
• With WMI
• Using PassTheHash
• Using Pass The Ticket
• Using Overpass-the-hash / Pass-the-Key
• Using Port Forwarding
• SSH Tunneling
• With Socat
• Dynamic Forwarding with SOCKS

Who is this study guide for?

• Penetration Testers
• Aspiring learners who are looking to learn Windows Active Directory Penetration Testing

Format:

• PDF

Page count: 152

Note: This product is not eligible for a refund.

If you have concerns regarding the product, kindly contact [email protected] and clarify your issue and explain why the eligibility for a refund.