search
LinkedinTwitterGRC Newsletter

AD Enumeration

hashtag
Enumeration:

Remote AD Enumeration - https://github.com/UserExistsError/adenum.pyarrow-up-right

Enumeration via COM objects - https://www.mandiant.com/resources/blog/hunting-com-objectsarrow-up-right

[ File transfer ]

Portable Python - https://sourceforge.net/projects/portable-python/arrow-up-right [ can install with admin privilege ]

IP address and their subnet mask:

type ipconfig /all

get the mask details and find the mask value by using below image.

Stealing NTLM Hash : smb signing and not required based vulnerability https://infosecwriteups.com/abusing-ntlm-relay-and-pass-the-hash-for-admin-d24d0f12bea0arrow-up-right

ADRecon Tools:

-- https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/bloodhoundarrow-up-right

Bloodhound custom queries

Cheatsheet https://wadcoms.github.io/arrow-up-right https://gtfobins.github.io/arrow-up-right https://lolbas-project.github.io/#arrow-up-right

Responder - https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.htmlarrow-up-right

Hashes and tickets - https://dmcxblue.net/2021/07/18/playing-with-hashes-and-tickets/arrow-up-right

smbexec - https://dmcxblue.net/2021/02/20/a-dive-on-smbexec/arrow-up-right

fileless malware - https://dmcxblue.net/2021/08/30/fileless-malware/arrow-up-right

ACL Abuse

- https://www.youtube.com/watch?v=z8thoG7gPd0arrow-up-right

PreviousRed Team SimulationNextPowerview

Last updated