PwC安全技术小组
  • PwC安全技术小组须知
  • 技术
    • 技术 - Web安全测试技术点
      • XS-Search
      • XSSI (Cross-Site Script Inclusion)
      • XSS (Cross Site Scripting)
        • PDF Injection
        • DOM XSS
        • Server Side XSS (Dynamic PDF)
        • XSS Tools
      • XXE - XEE - XML External Entity
      • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
      • XPATH injection
      • Web Tool - WFuzz
      • Unicode Normalization vulnerability
      • SSTI (Server Side Template Injection)
      • SSRF (Server Side Request Forgery)
      • SQL Injection
        • MSSQL Injection
        • Oracle injection
        • PostgreSQL injection
          • dblink/lo_import data exfiltration
          • PL/pgSQL Password Bruteforce
          • Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
          • Big Binary Files Upload (PostgreSQL)
          • RCE with PostgreSQL Extensions
        • MySQL injection
          • Mysql SSRF
        • SQLMap - Cheetsheat
        • sqlmap
          • Second Order Injection - SQLMap
      • Reset/Forgotten Password Bypass
      • Regular expression Denial of Service - ReDoS
      • Rate Limit Bypass
      • Race Condition
      • PostMessage Vulnerabilities
      • Parameter Pollution
      • OAuth to Account takeover
      • LDAP Injection
      • NoSQL injection
      • JWT Vulnerabilities (Json Web Tokens)
      • IDOR
      • HTTP Request Smuggling / HTTP Desync Attack
      • Formula Injection
      • File Upload
        • PDF Upload - XXE and CORS bypass
      • File Inclusion/Path traversal
        • phar:// deserialization
        • LFI - Linux List
      • Email Header Injection
      • Deserialization
        • Java JSF ViewState (.faces) Deserialization
        • NodeJS - __proto__ & prototype Pollution
        • Basic Java Deserialization (ObjectInputStream, readObject)
        • Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
        • CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
        • Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
        • Exploiting __VIEWSTATE knowing the secrets
        • Exploiting __VIEWSTATE without knowing the secrets
      • Domain/Subdomain takeover
      • CSRF (Cross Site Request Forgery)
      • Dangling Markup - HTML scriptless injection
      • CRLF (%0D%0A) Injection
      • Cross-site WebSocket hijacking (CSWSH)
      • CORS - Misconfigurations & Bypass
      • Cookies Hacking
      • Content Security Policy (CSP) Bypass
      • Client Side Template Injection (CSTI)
      • Command Injection
      • Clickjacking
      • Cache Poisoning and Cache Deception
      • Captcha Bypass
      • Bypass Payment Process
      • Abusing hop-by-hop headers
      • 2FA/OTP Bypass
    • 技术 - 安全开发知识库
      • 代码审计
        • Cobra安装与使用
        • 智能合约代码审计
        • FindSecBugs安装与使用
        • SonarQube踩坑记
        • SonarQube安装与使用
      • 移动安全
        • 移动安全扫描
        • 移动安全工具
      • 安全开发
        • API网关
        • API网关设计
      • 安全防护
        • 全站https
        • waf
        • waf
        • waf
      • 安全测试
        • API安全测试
        • APP安全测试
        • 安全测试checklist
        • DAST&SAST&IAST
        • tools-skills
          • APP脱壳技巧
          • https抓包
          • 抓包技巧
          • 信息泄漏漏洞利用
          • Web安全工具
      • 漏洞管理
    • 技术 - 红队攻击手段介绍
      • offensive-security-experiments
        • Active Directory & Kerberos Abuse
        • Pentesting Cheatsheets
        • active-directory-kerberos-abuse
          • From Domain Admin to Enterprise Admin
          • Kerberoasting
          • Kerberos: Golden Tickets
          • Kerberos: Silver Tickets
          • AS-REP Roasting
          • Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled
          • Kerberos Unconstrained Delegation
          • Kerberos Constrained Delegation
          • Kerberos Resource-based Constrained Delegation: Computer Object Take Over
          • Domain Compromise via DC Print Server and Kerberos Delegation
      • offensive-security
        • Red Team Infrastructure
        • Initial Access
        • Code Execution
        • Code & Process Injection
        • Defense Evasion
        • Enumeration and Discovery
        • Privilege Escalation
        • Credential Access & Dumping
        • Lateral Movement
        • Persistence
        • Exfiltration
      • miscellaneous-reversing-forensics
        • Windows / OS Internals
        • Cloud
        • Neo4j
        • Dump Virtual Box Memory
        • AES Encryption Using Crypto++ .lib in Visual Studio C++
        • Reversing Password Checking Routine
  • 工具
    • 工具 - BloodHound基础使用
    • 工具 - CobaltStrike基础使用
      • 目录
      • Cobalt Strike简介
      • Cobalt Strike基本使用
      • Cobalt Strike Beacon命令
      • Cobalt Strike脚本使用
      • Cobalt Strike脚本编写
      • Cobalt Strike扩展
      • Cobalt Strike原理介绍
        • 介绍
        • Payload生成分析
      • Cobalt Strike攻击防御
      • 说明
      • cobalt-strikejiao-ben-bian-xie
        • COM劫持利用脚本编写
        • aggressor-script文档翻译
        • ArtifactPayloadGenerator.cna脚本bug修复
        • TODO
      • cobalt-strikeji-ben-shi-yong
        • 界面功能介绍
        • CS4.0功能演示
        • 监听器(Listener)
      • cobalt-strikekuo-zhan
        • Malleable C2
        • External C2
        • CS证书相关
        • CS Beacon和监听器
        • 转发重定向
        • CDN代理转发
        • CDN与转发器
        • CS部分功能启用
        • CS检测工具CobaltStrikeScan绕过
        • 联动Core impact
由 GitBook 提供支持
在本页

这有帮助吗?

  1. 技术
  2. 技术 - 红队攻击手段介绍
  3. offensive-security-experiments

Active Directory & Kerberos Abuse

上一页offensive-security-experiments下一页Pentesting Cheatsheets

最后更新于4年前

这有帮助吗?

Active Directory & Kerberos Abuse

A collection of techniques that exploit and abuse Active Directory, Kerberos authentication, Domain Controllers and similar matters.

Here are the articles in this section:

From Domain Admin to Enterprise AdminExplore Parent-Child Domain Trust Relationships and abuse it for Privilege Escalation
KerberoastingCredential Access
Kerberos: Golden TicketsPersistence and Privilege Escalation with Golden Kerberots tickets
Kerberos: Silver TicketsCredential Access
AS-REP Roasting
Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled
Kerberos Unconstrained Delegation
Kerberos Constrained Delegation
Kerberos Resource-based Constrained Delegation: Computer Object Take Over
Domain Compromise via DC Print Server and Kerberos Delegation
DCShadow - Becoming a Rogue Domain Controller
DCSync: Dump Password Hashes from Domain Controller
PowerView: Active Directory Enumeration
Abusing Active Directory ACLs/ACEs
Privileged Accounts and Token Privileges
From DnsAdmins to SYSTEM to Domain Compromise
Pass the Hash with Machine$ Accounts
BloodHound with Kali Linux: 101
Backdooring AdminSDHolder for Persistence
Active Directory Enumeration with AD Module without RSAT or Admin Privileges
Enumerating AD Object Permissions with dsaclsEnumeration, living off the land
Active Directory Password Spraying
Active Directory Lab with Hyper-V and PowerShell