Active Directory 49
- 01 - Introduction to Domain Reconnaissance
- 01 - Introduction to User Impersonation
- [ACL] ForceChangePassword Abuse
- [ACL] GenericAll, GenericWrite and Dacl Abuse
- [ACL] ReadGMSAPassword Abuse
- [ACL] WriteOwner Abuse
- [AD CS] 01 - Introduction
- [AD CS] Misconfigured Certificate Template Exploit
- [AD CS] NTLM Relaying to ADCS HTTP Endpoints
- [AD CS] User & Computer Persistence
- [Credential Theft] 01 - Introduction
- [Credential Theft] DCSync Attack
- [Credential Theft] Domain Cache Credentials
- [Credential Theft] Extracting Kerberos Tickets
- [Credential Theft] Kerberos Encryption Keys
- [Credential Theft] NTLM Hashes
- [Credential Theft] Security Account Manager
- [CVE-2021-42278 / CVE-2021-42287] noPac Exploit
- [Domain Dominance] Diamond Ticket
- [Domain Dominance] Golden Ticket
- [Domain Dominance] Silver Ticket
- [Kerberos] 01 - Introduction
- [Kerberos] AllowToDelegate Abuse (Constrained Delegation)
- [Kerberos] AS-REP Roasting
- [Kerberos] Constrained Delegation
- [Kerberos] Kerberoasting
- [Kerberos] Resource-Based Constrained Delegation (RBCD)
- [Kerberos] S4U2Self Abuse
- [Kerberos] Shadow Credentials
- [Kerberos] Unconstrained Delegation
- [MS14-068] Microsoft Kerberos Checksum Validation Vulnerability Exploit
- AD Recycle Abuse
- AdminSDHolder Modification
- From DnsAdmins to SYSTEM to Domain Compromise
- Golden Ticket
- Ntds.dit Password Extraction
- Part 1 - Domain Enumeration with PowerView
- Part 1 - Zerologon (CVE-2020–1472)
- Part 2 - Domain Enumeration with AD Module
- Part 2 - User Enumeration
- Part 3 - Domain Enumeration with Bloodhound
- Part 4 - Another Tools for AD Enumeration
- Part 4 - LLMNR Poisoning
- Part 5 - SMB Relay Attack
- Part 6 - IPv6 Attack
- Part 7 - Another Attack Vectors
- Pass-Attack
- Password Spraying
- Plaintext Password Extraction through Group Policy Preferences (GPP)