sec-notes
  • Whoami
  • WEP-Pen
    • Reconnaissance
    • Enumeration
    • OWSAP TOP 10
      • Cryptographic Failures
        • Weak Encoding for Password
        • Improper Following of a Certificate's Chain of Trust
          • Understanding Digital Certificates : Self-Signed and CA-Signed Certificate **
          • Transport Layer Security (TLS) and SSL **
        • Clear Text Transmission Of Sensitive Data
          • SSLStripping **
      • Broken Access Control
        • Path Traversal
        • Sensitive Cookie with Improper SameSite Attribute
        • Link Following
        • Incorrect Default Permissions
        • Information disclosure
        • CSRF
          • csrf checklist
        • 403 bypass
        • Exposure of WSDL File Containing Sensitive Information
        • bussiness logic checklist
        • 2FA bypass checklist
        • admin panal checklist
        • idor checklist
        • Authentication checklist
        • reset_password_checklist
        • ATO
      • Injection
        • Cross Site Scripting
          • Cross Site Scripting
          • Exploitation
          • Protections
        • SQL Injection
          • SQL Injection Overview
        • NoSQL Injection
        • CRLF Injection
        • XML Injection
      • Insecure Design
      • Security Misconfiguration
        • CORS Miscofigration
        • Mail Server Misconfiguration
      • Vulnerable and Outdated Components
      • Identification and Authentication Failures
      • Software and Data Integrity Failures
      • Security Logging and Monitoring Failures
      • Server-Side Request Forgery (SSRF)
    • Checklists
      • mass assignment
      • aem misconfiguration
      • exif_geo
      • xss
      • Session Management
      • Authorization
      • cookie
      • Django
      • Symfony
      • json
      • bypass rate limit
      • Rce
      • Register Page
    • JWT Hacking
    • GraphQL Vulnerabilities
    • PostMessage Vulnerabilities
      • PostMessage Vulnerabilities
      • Blocking main page to steal postmessage
      • Bypassing SOP with Iframes - part 1
      • Bypassing SOP with Iframes - part 2
      • Steal postmessage modifying iframe location
  • API-Pen
    • API Discovry
    • Reverse Engineering API Documentation
    • Excessive Data Exposure
    • Vulnerability Scanning
    • API Authentication Attacks
      • Classic Authentication Attacks
      • API Token Attacks
    • API Authorization Attacks
      • Broken Object Level Authorization (BOLA)
      • Broken Function Level Authorization
    • Improper Assets Management
    • Mass Assignment
    • SSRF
    • Injection Attacks in API
    • Evasive Maneuvers
  • NET-Pen
    • Active Directory Pentesting
      • Active Directory Components
      • Initial Attack Vectors
        • LLMNR Poisoning
        • SMB Relay Attacks
        • IPv6 Attacks ( IPv6 DNS Takeover )
        • Printer Hacking
        • Methodology
        • Some Other Attacks
          • Zerologon (CVE-2020-1472)
          • PrintNightmare (CVE-2021-1675)
      • Post-Compromise Attacks
        • Pass Attacks
        • Kerberoasting Attack
        • Token Impersonation Attack
        • LNK File Attack
        • GPP / cPassword Attacks
        • Mimikatz
        • Methodology
      • We've Compromised the Domain
        • Dumping the NTDS.dit
        • Golden Ticket Attacks
        • Methodology
      • Case Study
      • Password Attacks
    • Attack Vectors by Port
      • FTP 21
      • SSH 22
      • Telnet 23 - 2323
      • SMTP 25
      • DNS 53
      • Kerberos 88
      • POP 110-995
      • RPC 111
      • Ident 113
      • NNTP 119
      • NetBIOS 137-138
      • SMB / Samba 135-139, 445
      • MSRPC 135
      • SNMP 161
      • LDAP 389,636
      • Modbus 502
      • OpenSSL 1337
      • Ms-SQL 1433
      • Oracle Listener 1521 1522 1529
      • NFS 2049
      • MySql 3306
      • RDP 3389
      • ADB Android Debug Bridge 5555
      • WinRM 5985 5986
      • VNC 5800 5900
      • Redis 6379
      • Unreal IRC 6667
      • Tomcat 8080
      • MongoDB 27017
      • http 80
    • Network basics
    • Information Gathering
    • Privilege Escalation
      • Windows Privilege Escalation
      • Linux Privilege Escalation
  • write-ups
    • How i found a Privilege Escalation via Impersonation Features feature
    • How I Bypassed SAML Authentication, Leading to Admin Panel Access.
    • How I was able to discover ATO Via IDOR vulnerability
    • Easy full Account Takeover via Facebook OAuth Misconfiguration
Powered by GitBook
On this page
  1. NET-Pen

Active Directory Pentesting

PreviousNET-PenNextActive Directory Components

Last updated 1 month ago

Active Directory Components
Initial Attack Vectors
Post-Compromise Attacks
We've Compromised the Domain
Case Study
Password Attacks