Active Directory Audit - PingCastle

This video shows how a Pentester can use PingCastle to quickly build and attack methodology with in Active Directory. Link: https://www.pingcastle.com/

www.youtube.com

PingCastle vs Purple Knight - Active Directory Security

Having managed (and attacked) an on-premises Microsoft Active Directory domain for many years, I want to ensure our domain is secure. Many organization are looking for a good place to start in reviewing their Active Directory (AD) environment for vulnerabilities. Based on my observations, the longer an AD environment has been around, the more misconfigurations and attack paths are available.

medium.com

[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory

www.youtube.com

Create a Fully Loaded, Free Active Directory Lab in 15 Minutes

With a populated and isolated Active Directory, you can run, develop, and test on a domain without any adverse reaction to a production environment. Run tests to see if the security tools you bought actually work! You can set up red and blue team exercises without needing to attack and defend your real domain!

www.secframe.com

GitHub - AutomatedLab/AutomatedLab: AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.

github.com

Building an Active Directory Lab - Part 1A: AutomatedLab

So you'd like to build an Active Directory (AD) lab and have no idea how to get started. I learnt how to build labs manually however this was quite time consuming and didn't allow much flexibility (which I'll cover in a future article). To setup an AD lab today we'll be leveraging AutomatedLab.

Cloudformation_templates/Windows_Single_Server_Active_Directory.template at master · ankitkl/Cloudformation_templates

This repository consists if sample templates using different scenario - Cloudformation_templates/Windows_Single_Server_Active_Directory.template at master · ankitkl/Cloudformation_templates

github.com

Azure AD introduction for red teamers

Azure AD serves as an identity management platform for Microsoft Applications, Azure Resources Manager and basically anything else you integrate it with. Source: https://docs.microsoft.com/en-gb/azure/active-directory/manage-apps/what-is-application-management. Despite the misleading name, Azure AD is not Active Directory in the cloud. However, a parallel between the two solutions can be established: Source: https://troopers.de/downloads/troopers19/TROOPERS19_AD_Im_in_your_cloud.pdf There are many ways to interact with Azure AD: The Azure Portal.

www.synacktiv.com

www.hub.trimarcsecurity.com

www.centrel-solutions.com

www.centrel-solutions.com

Active Directory Enumeration

viperone.gitbook.io

Windows/inventory.ps1 at main · Argandov/Windows

This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters You can't perform that action at this time. You signed in with another tab or window.

github.com

Securing Active Directory: Performing an Active Directory Security Review

During the Trimarc Webcast on June 17, 2020, Sean Metcalf covered a number of Active Directory (AD) components and areas that should be reviewed for potential security issues. The presentation included PowerShell code in the presentation and that code is incorporated in the PowerShell script Trimarc released for free that can be used to perform an AD security scan.

www.hub.trimarcsecurity.com

Active Directory Methodology

From: https://techterms.com/definition/active_directory

book.hacktricks.xyz

AAD Internals

AADInternals toolkit is a PowerShell module containing tools for administering and hacking Azure AD and Office 365. It is listed in MITRE ATT&CK with id S0677.

o365blog.com

Huge List Of PowerShell Commands for Active Directory, Office 365 and more

This is the ultimate collection of PowerShell commands for Active Directory, Office 365, Windows Server and more. These commands will help with numerous tasks and make your life easier. Table of Contents: get-command -Module ActiveDirectory Get-ADDomain Get-ADDomainController -filter * | select hostname, operatingsystem Get-ADFineGrainedPasswordPolicy -filter * Gets the password policy from the logged in domain Get-ADDefaultDomainPasswordPolicy This will back up the domain controllers system state data.

activedirectorypro.com

Powershell System Inventory Script Using Active Directory - Collect RAM, CPU, Storage, etc. from Multiple Remote Systems

In my line of work we often evaluate new ways to do things, specifically new platforms for server hosting, disaster recovery, backups, etc. One of the requests that often comes from vendors is "How big is your environment?"

www.kiloroot.com

PowerSploit/PowerView.ps1 at dev · PowerShellMafia/PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework - PowerSploit/PowerView.ps1 at dev · PowerShellMafia/PowerSploit

github.com

GitHub - lefayjey/linWinPwn: linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script uses a number of tools and serves as wrapper of them. Tools include: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, certipy, silenthound, and others.

github.com

ActiveDirectory Module

Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.

docs.microsoft.com

Net Commands for Operating Systems - Windows Server

This article provides some information about Net Commands on Operating Systems. Applies to: Windows Server 2012 R2 Original KB number: 556003 This article was written by Nirmal Sharma, Microsoft MVP. The following knowledgebase will explain the uses of Net commands in Windows Operating Systems. Net Commands On Windows Operating Systems The following Net Commands can be used to perform operations on Groups, users, account policies, shares, and so on.

docs.microsoft.com

ActiveDirectory Module

Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.

docs.microsoft.com

Active Directory - Security Hardening, Auditing and Detection Rules - Blue Team Blog

This post is inspired by a thread on my twitter recently where I brought up and discussed the issue and importance of Active Directory security. The purpose of this article is to share all the useful resources I have found myself, or through this thread; and to summarise them in one easy to digest place.

blueteamblog.com

Best Practices for Securing Active Directory

Learn more about: Best Practices for Securing Active Directory

docs.microsoft.com

DETECT MALICIOUS ACTIVE DIRECTORY LOGS USING SIEM

Active Directory is a major part of most businesses IT infrastructure. It manages permissions and access to networked resources on your domain, among a variety of other tasks. Due to this, Active Directory is usually one of the first log types added to a SIEM.

blueteamblog.com

Documentation - PingCastle

PingCastleReporting can produce an Excel file containing all the rules. PingCastle can produce an HTML report containing the same data. As part of our continuous integration process, the most recent list is available here.

www.pingcastle.com

www.famu.edu

identityandsecuritydotcom.files.wordpress.com

identityandsecuritydotcom.files.wordpress.com

Active Directory

A database and set of services that allows administrators to manage permissions, access to network resources, and stored data objects (user, group, application, or devices) Platforms: Azure AD, Windows Last Modified: 30 March 2022

attack.mitre.org

Top 16 Active Directory Vulnerabilities - InfosecMatter

Most organizations and business around the world today use Active Directory in their infrastructure as central management solution for managing their resources. But as any other similar technology, Active Directory is very complex and securing it requires significant effort and years of experience.

www.infosecmatter.com

GitHub - phillips321/adaudit: Powershell script to do domain auditing automation

PowerShell Script to perform a quick AD audit _____ ____ _____ _ _ _ | _ | \ | _ |_ _ _| |_| |_ | | | | | | | | . | | _| |__|__|____/ |__|__|___|___|_|_| by phillips321 If you have any decent powershell one liners that could be used in the script please let me know.

github.com

Pentesting_Active_directory

XMind is the most professional and popular mind mapping tool. Millions of people use XMind to clarify thinking, manage complex information, brainstorming, get work organized, remote and work from home WFH.

www.xmind.net

Red Teaming Active Directory

When delivering an advanced penetration test or red team exercise, we want our activities to look like normal actions. Not only we will be stealthy this way, but we will minimize the posssibilities of disrupting normal operations as well. AD grants access based on Kerberos Tickets. Non-Windowsdevices can also authenticate using LDAP or RADIUS.

Windows Server 2022 | Microsoft Evaluation Center

In addition to your trial experience of Windows Server 2022, you can more easily add and manage languages and Features on Demand with the new Languages and Optional Features ISO. Download this ISO. This ISO is only available on Windows Server 2022 and combines the previously separate Features on Demand and Language Packs ISOs, and can be used as a FOD and Language pack repository.

www.microsoft.com

Kerberoasting Attack

In a Kerberoasting attack, an adversary may target as many service accounts as possible or conduct internal reconnaissance to find specific service accounts with privileges they desire. In either case, the attacker needs to enumerate the servicePrincipalNames (SPNs) for the service accounts being targeted.

www.netwrix.com

How to Prevent Kerberoasting Attacks

Kerberos is an authentication protocol that uses tickets to provide strong authentication for client/server applications and became the default authentication method for Windows 2000 and later versions. The Kerberos protocol uses either symmetric-key or public-key cryptography to provide secure communication with other services and applications on the network.

www.lepide.com