#activedirectory #video #playlist #offensive #summary

Пост про атаки на AD. Собираю информацию здесь:

Видео:
[*] Очень полезный плейлист с базовыми атаками на Active Directory
[*] Другой взгляд атакующего на ACL в AD, Павел Шлюндин
[*] Сетевые атаки. Спуффинг. MITM. Relay.
[*] Керберос. Использования аутентификационных протоколов Windows в тестировании на проникновении.
[*] Базовые атаки на AD
[*] AD. Яндекс

Статьи:
[*] Habr: Атаки на домен
[*] Habr: Продвинутые атаки на домен
[*] Kerberoasting. Kerberos ticket. Getting Passwords From Kerberos Pre-Authentication Packets
[*] Habr. Kerberoasting v2
[*] Infosecmatter: Top 16 Active Directory Vulnerabilities
[*] SecureAuth: Impacket
[*] IFCR: Active Directory Certificate Services
[*] Nettitude: WSUS
[*] Trusts: Guided atacks on trust
[*] LuemmelSec: Relaying 101
[*] Ardent101. Bloodhound
[*] Wald0: GPO Abuse

Райтапы на AD тачки
[*] https://grimmie.net/cyberseclabs-zero-write-up/
[*] https://grimmie.net/cyberseclabs-secret-write-up/
[*] https://grimmie.net/cyberseclabs-toast-write-up/

Инструменты:
[*] BloodHound: BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. (yay -S bloodhound)
[*] python-bloodhound: used to get network information (pip3 install bloodhound)
[*] Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
[*] Crackmapexec: A swiss army knife for pentesting networks
[*] ldap_shell: AD ACL abuse
[*] certipy: Tool for Active Directory Certificate Services enumeration and abuse
[*] DonPapi: Dumping DPAPI credz remotely

THM Лабы:

1. https://tryhackme.com/room/attacktivedirectory
2. https://tryhackme.com/room/winadbasics
3. https://tryhackme.com/room/postexploit
4. https://tryhackme.com/room/breachingad
5. https://tryhackme.com/room/adenumeration
6. https://tryhackme.com/room/enterprise

Читшиты:
[*] ze1to0: Attacking_ad
[*] Iredteam: AD Kerberos Abuse
[*] OrangeSec: AD Pentest MindMAP (sic!)
[*] SnovvCrash: AD wiki


Презенташки:
[*] Fun with LDAP and Kerberos* in AD environments
[*] Offensive Active Directory 101

Сайт:
[*] Целый сайт про AD Security
[*] Блог о компьютерной безопасности

Книжки:
1. "Active Directory Глазами Хакера". Вполне неплохо для новичка. Описаны основные атаки и инструменты.

Пост будет дополняться

#recomendation #info #summary

Не реклама. Авторская подборка телеграм каналов и чатов по инфосек тематике. Читаю их все по мере поступления новой инфы. Решил поделиться блогами коллег. Думаю, найдете для себя что-то интересное :)

https://xn--r1a.website/pathsecure *
https://xn--r1a.website/ap_security
https://xn--r1a.website/appsexnotes
https://xn--r1a.website/ArroizX_Notes
https://xn--r1a.website/android_guards_today
https://xn--r1a.website/androidMalware
https://xn--r1a.website/alarm_vali
https://xn--r1a.website/alexmakus
https://xn--r1a.website/alexredsec
https://xn--r1a.website/AlienHardware
https://xn--r1a.website/api_0 *
https://xn--r1a.website/api_00
https://xn--r1a.website/appsec_job
https://xn--r1a.website/APT_Notes *
https://xn--r1a.website/avdno
https://xn--r1a.website/avleonovrus
https://xn--r1a.website/beaverdreamer
https://xn--r1a.website/bureaucraticsecurity *
https://xn--r1a.website/BugBountyPLZ
https://xn--r1a.website/bugbeer
https://xn--r1a.website/bughuntertips *
https://xn--r1a.website/bughunter_circuit
https://xn--r1a.website/bughunter_omsk
https://xn--r1a.website/bbountykz
https://xn--r1a.website/bh_cat
https://xn--r1a.website/castercanal
https://xn--r1a.website/CherepawwkaChannel
https://xn--r1a.website/chtivvvo
https://xn--r1a.website/critical_bug *
https://xn--r1a.website/citsecurity
https://xn--r1a.website/cryptooffensive *
https://xn--r1a.website/cyb3r53cr3t5 *
https://xn--r1a.website/CyberSecurityTechnologies *
https://xn--r1a.website/cybersecurity_for_all
https://xn--r1a.website/cybersecurity_memes_off
https://xn--r1a.website/cybred
https://xn--r1a.website/CyberR3bel
https://xn--r1a.website/cloud_sec *
https://xn--r1a.website/darkfox_info
https://xn--r1a.website/dbc_pentesting
https://xn--r1a.website/dc7342
https://xn--r1a.website/dc7495
https://xn--r1a.website/defisec
https://xn--r1a.website/deteact_rnd
https://xn--r1a.website/dl_konserva
https://xn--r1a.website/poxek
https://xn--r1a.website/dotrubic
https://xn--r1a.website/disasm_me_ch
https://xn--r1a.website/dxe_0x0
https://xn--r1a.website/Ent_TranslateIB
https://xn--r1a.website/failauth
https://xn--r1a.website/f10vv
https://xn--r1a.website/gebutcher *
https://xn--r1a.website/GigaHack
https://xn--r1a.website/hacker_volodya
https://xn--r1a.website/hackerbiker
https://xn--r1a.website/k3vg3n_ch
https://xn--r1a.website/package_security
https://xn--r1a.website/pentest_mentor
https://xn--r1a.website/pentestnotes
https://xn--r1a.website/purple_medved
https://xn--r1a.website/hacker_frei
https://xn--r1a.website/HackingForRamen
https://xn--r1a.website/hashbin20
https://xn--r1a.website/hahacking
https://xn--r1a.website/HNews *
https://xn--r1a.website/nwnotes
https://xn--r1a.website/hybgl *
https://xn--r1a.website/internal_pentest
https://xn--r1a.website/InfoSec_and_Risk_Management
https://xn--r1a.website/infobes
https://xn--r1a.website/infosec1z
https://xn--r1a.website/infosecmemes
https://xn--r1a.website/InfoSecMemesProblemes *
https://xn--r1a.website/justsecurity
https://xn--r1a.website/k8security *
https://xn--r1a.website/lamerZen
https://xn--r1a.website/linkersec
https://xn--r1a.website/malwarehunters
https://xn--r1a.website/makrushind
https://xn--r1a.website/markcda_blog
https://xn--r1a.website/mavisgpt
https://xn--r1a.website/m1swarr1or
https://xn--r1a.website/mobile_appsec_world *
https://xn--r1a.website/moseedo
https://xn--r1a.website/monkey_hacker
https://xn--r1a.website/myappsec
https://xn--r1a.website/naryl_sec
https://xn--r1a.website/naked_perimeter
https://xn--r1a.website/ocherkbb
https://xn--r1a.website/offensiveosint
https://xn--r1a.website/pain_test
https://xn--r1a.website/personal_oblivion
https://xn--r1a.website/P0x3k
https://xn--r1a.website/pigPeter *
https://xn--r1a.website/pntests
https://xn--r1a.website/ph4ntomsnotes
https://xn--r1a.website/podium_palace
https://xn--r1a.website/postImpact
https://xn--r1a.website/ptswarm
https://xn--r1a.website/puni_ne_hacker
https://xn--r1a.website/pwnai
https://xn--r1a.website/r1v3ns_life
https://xn--r1a.website/RalfHackerChannel *
https://xn--r1a.website/ra1jin_notes
https://xn--r1a.website/RedTeambro *
https://xn--r1a.website/redteamalerts
https://xn--r1a.website/RedTeamFeed
https://xn--r1a.website/redfoxsec
https://xn--r1a.website/reworr_notes
https://xn--r1a.website/reverse_dungeon
https://xn--r1a.website/road_to_oscp
https://xn--r1a.website/router_os *
https://xn--r1a.website/sanspie_notes
https://xn--r1a.website/SarSec
https://xn--r1a.website/sec_devops *
https://xn--r1a.website/secinfosec *
https://xn--r1a.website/secinfosex
https://xn--r1a.website/s3Ch1n7
https://xn--r1a.website/secharvester
https://xn--r1a.website/ShizoPrivacy
https://xn--r1a.website/shybertchannel
https://xn--r1a.website/ScriptKiddieNotes
https://xn--r1a.website/skvortscov_bugbounty_vlog
https://xn--r1a.website/slonser_notes
https://xn--r1a.website/SidneyJobChannel
https://xn--r1a.website/someSecurityNotes
https://xn--r1a.website/s0i37_channel
https://xn--r1a.website/system32_pentest
https://xn--r1a.website/s3c4rch
https://xn--r1a.website/technical_private_cat
https://xn--r1a.website/tomhunter
https://xn--r1a.website/TrickeryHub
https://xn--r1a.website/true_sec *
https://xn--r1a.website/unidataline *
https://xn--r1a.website/v01dch4nn3l
https://xn--r1a.website/w2hack *
https://xn--r1a.website/webpwn *
https://xn--r1a.website/wr3dmast3rvs
https://xn--r1a.website/YouPentest
https://xn--r1a.website/zema_notes





PS: Пишите в комменты другие интересные чаты и каналы - заценю :)