Active Directory Pentesting Methodology

The Active Directory methodology is a collection of attacks and techniques to abuse AD misconfiguration during pentation testing or red teaming engagements. Each section lists the types of attacks that can be performed, used tools, steps to achieve them, and resources for additional search. The methodology assumes the attacker has local administrative privileges on the compromised machine to run the needed tools and perform most attacks here. However, some will require additional privileges like domain or enterprise admins, which you can find in the attack's requirement section.

Domain Controller & Active Directory Overview

Domain Controller & Active Directory Fundamentals

Abusing NTLM Authentication

NTLM Authentication Fundamentals

Abusing Kerberos Authentication

Kerberos Authentication Overview

Initial Access Attacks

Initial access attacks are attackers' techniques to gain their foothold in the network. Most of Active Directory's initial attacks revolve around credential harvesting through protocol abuse (poisoning) like LLMNR attacks or phishing campaigns (capturing domain user credentials).

Non-Credentials Access

Initial Enumeration (No domain Creds)

Credentialed Access

🔥 Initial Access to Active Directory Environment

Finding Domains and Domain Controllers

Active Directory Pentesting Methodology

Table of Contents

Domain Controller & Active Directory Overview

Abusing NTLM Authentication

Abusing Kerberos Authentication

Initial Access Attacks