#activedirectory #video #playlist #offensive #summary
Пост про атаки на AD. Собираю информацию здесь:
Видео:
[*] Очень полезный плейлист с базовыми атаками на Active Directory
[*] Другой взгляд атакующего на ACL в AD, Павел Шлюндин
[*] Сетевые атаки. Спуффинг. MITM. Relay.
[*] Керберос. Использования аутентификационных протоколов Windows в тестировании на проникновении.
[*] Базовые атаки на AD
[*] AD. Яндекс
Статьи:
[*] Habr: Атаки на домен
[*] Habr: Продвинутые атаки на домен
[*] Kerberoasting. Kerberos ticket. Getting Passwords From Kerberos Pre-Authentication Packets
[*] Habr. Kerberoasting v2
[*] Infosecmatter: Top 16 Active Directory Vulnerabilities
[*] SecureAuth: Impacket
[*] IFCR: Active Directory Certificate Services
[*] Nettitude: WSUS
[*] Trusts: Guided atacks on trust
[*] LuemmelSec: Relaying 101
[*] Ardent101. Bloodhound
[*] Wald0: GPO Abuse
Райтапы на AD тачки
[*] https://grimmie.net/cyberseclabs-zero-write-up/
[*] https://grimmie.net/cyberseclabs-secret-write-up/
[*] https://grimmie.net/cyberseclabs-toast-write-up/
Инструменты:
[*] BloodHound: BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. (yay -S bloodhound)
[*] python-bloodhound: used to get network information (pip3 install bloodhound)
[*] Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
[*] Crackmapexec: A swiss army knife for pentesting networks
[*] ldap_shell: AD ACL abuse
[*] certipy: Tool for Active Directory Certificate Services enumeration and abuse
[*] DonPapi: Dumping DPAPI credz remotely
THM Лабы:
1. https://tryhackme.com/room/attacktivedirectory
2. https://tryhackme.com/room/winadbasics
3. https://tryhackme.com/room/postexploit
4. https://tryhackme.com/room/breachingad
5. https://tryhackme.com/room/adenumeration
6. https://tryhackme.com/room/enterprise
Читшиты:
[*] ze1to0: Attacking_ad
[*] Iredteam: AD Kerberos Abuse
[*] OrangeSec: AD Pentest MindMAP (sic!)
[*] SnovvCrash: AD wiki
Презенташки:
[*] Fun with LDAP and Kerberos* in AD environments
[*] Offensive Active Directory 101
Сайт:
[*] Целый сайт про AD Security
[*] Блог о компьютерной безопасности
Книжки:
1. "Active Directory Глазами Хакера". Вполне неплохо для новичка. Описаны основные атаки и инструменты.
Пост будет дополняться
Пост про атаки на AD. Собираю информацию здесь:
Видео:
[*] Очень полезный плейлист с базовыми атаками на Active Directory
[*] Другой взгляд атакующего на ACL в AD, Павел Шлюндин
[*] Сетевые атаки. Спуффинг. MITM. Relay.
[*] Керберос. Использования аутентификационных протоколов Windows в тестировании на проникновении.
[*] Базовые атаки на AD
[*] AD. Яндекс
Статьи:
[*] Habr: Атаки на домен
[*] Habr: Продвинутые атаки на домен
[*] Kerberoasting. Kerberos ticket. Getting Passwords From Kerberos Pre-Authentication Packets
[*] Habr. Kerberoasting v2
[*] Infosecmatter: Top 16 Active Directory Vulnerabilities
[*] SecureAuth: Impacket
[*] IFCR: Active Directory Certificate Services
[*] Nettitude: WSUS
[*] Trusts: Guided atacks on trust
[*] LuemmelSec: Relaying 101
[*] Ardent101. Bloodhound
[*] Wald0: GPO Abuse
Райтапы на AD тачки
[*] https://grimmie.net/cyberseclabs-zero-write-up/
[*] https://grimmie.net/cyberseclabs-secret-write-up/
[*] https://grimmie.net/cyberseclabs-toast-write-up/
Инструменты:
[*] BloodHound: BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. (yay -S bloodhound)
[*] python-bloodhound: used to get network information (pip3 install bloodhound)
[*] Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
[*] Crackmapexec: A swiss army knife for pentesting networks
[*] ldap_shell: AD ACL abuse
[*] certipy: Tool for Active Directory Certificate Services enumeration and abuse
[*] DonPapi: Dumping DPAPI credz remotely
THM Лабы:
1. https://tryhackme.com/room/attacktivedirectory
2. https://tryhackme.com/room/winadbasics
3. https://tryhackme.com/room/postexploit
4. https://tryhackme.com/room/breachingad
5. https://tryhackme.com/room/adenumeration
6. https://tryhackme.com/room/enterprise
Читшиты:
[*] ze1to0: Attacking_ad
[*] Iredteam: AD Kerberos Abuse
[*] OrangeSec: AD Pentest MindMAP (sic!)
[*] SnovvCrash: AD wiki
Презенташки:
[*] Fun with LDAP and Kerberos* in AD environments
[*] Offensive Active Directory 101
Сайт:
[*] Целый сайт про AD Security
[*] Блог о компьютерной безопасности
Книжки:
1. "Active Directory Глазами Хакера". Вполне неплохо для новичка. Описаны основные атаки и инструменты.
Пост будет дополняться
👍11