Just another potato website.

Home
About Me
Contact Me
Privacy Policy

Active Directory Pentesting Checklist

16-06-2025

AD Attack Paths

✅ Active Directory Pentesting Checklist

A structured guide to learning every major technique and path in AD exploitation, based on the visual map by Orange Cyberdefense

✅ Active Directory Pentesting Checklist

🧭 Initial Access

Spearphishing Attachment
Spearphishing Link
Valid Accounts (default/reused creds)
Exploit Public-Facing App
Drive-by Compromise

⚙️ Execution

PowerShell
Cmd Shell
Scheduled Task/Job
Malicious Service
Office Macros

🗺️ Discovery

Account Enumeration
Group Enumeration
Domain Trust Enumeration
GPO & ACL Enumeration
DNS Enumeration
SPN Enumeration / Kerberoasting
AS-REP Roasting

📡 Lateral Movement

SMB / PSExec
WinRM / WMI
RDP
Token Impersonation
Kerberos Delegation
RBCD (Resource-Based Constrained Delegation)
DCOM Abuse

🛑 Privilege Escalation

UAC Bypass
Abuse SeDebug / SeImpersonate
Credential Theft & Reuse
GPO Misconfiguration Abuse
DLL Hijacking
AlwaysInstallElevated
Unquoted Service Path

🔐 Credential Access

LSASS Dumping
SAM Dump
NTDS.dit Extraction
secretsdump.py / DCSync
LSA Secret Extraction
Cleartext Password Discovery
Credential Manager Theft

🧠 Defense Evasion

Script Obfuscation
Timestomping
Event Log Clearing
AMSI Bypass
Disabling Defender
EDR Tampering

🏰 Persistence

Golden Ticket
Silver Ticket
Skeleton Key
AdminSDHolder Abuse
DCShadow
Create Shadow Admin Account
WMI Event Subscription

🧨 Domain Dominance

Full Domain Hash Dump
KRBTGT Account Compromise
Rogue Domain Controller (backdoor)
Trust Path Abuse (forest/domain trust manipulation)

🔎 Collection

File Share Harvesting
Email Harvesting
Clipboard Monitoring
Keylogging
Screenshot / Webcam Capture

☁️ Hybrid / Azure AD

AzureAD Token Theft
AzureAD Enumeration
Conditional Access Bypass
AzureAD Privilege Escalation
Hybrid Join Attack Paths
AAD Connect Abuse

🛠 Tool Recommendations

BloodHound / SharpHound
Mimikatz / Rubeus / Kekeo
CrackMapExec / Evil-WinRM
Impacket (secretsdump.py, wmiexec)
AADInternals / Roadtools

About Ardi Jonias Fortuna

Roses are red, violets are blue. There is nothing can’t to do

About Me

Information

Recent Posts

Memahami Lifecycle Serangan Ransomware: Dari Awal Hingga Enkripsi Data
Apa Itu Credential Attack? Kenali dan Cegah Sebelum Terlambat
Web Phishing itu HTTP atau HTTPS?
Cara Memvalidasi Konfigurasi SPF, DKIM, dan DMARC dengan Mudah
Convert PFX, CRT, and PEM Azure SSL/TLS Certificates

Categories

Defensive
Development
Offensive
Reversing
Web Hacking

Tags

Challenges (9) DNS (4) Docker (1) Dvcs-Ripper (3) End-User (1) End-Users (3) Fail2ban (1) File Upload (1) Git (4) Gitdumper (3) Githack (3) Github Pages (1) Incident Response (1) Infostealer (2) Internet (12) Intrusion Prevention System (1) Intrusion Prevention Systems (1) LFI (2) Malang Hacker Link (1) Phishing (6) Ransomware (1) RCE (2) Retas Labs (2) SQLI (2) Surabaya Hacker Link (6) Telegram Bot (1) Terminal (1) Text Editor (1) Users (7) VIM (1) Virtual Machine (1) Wordpress (1) Write Up (34) XSS (3) Zimbra Mail Server (1)

Social

[email protected]

© 2025 Ardi Jonias Fortuna. Generated with Hugo and Mainroad theme.