active-directory-attacks

Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege escalation, and domain dominance for red team operations and penetration testing. Kerberos requires clock synchronization (±5 minutes): Extract service account TGS tickets and crack offline: Target accounts with "Do not require Kerberos preauthentication": Extract credentials directly from DC (requires Replicating Directory Changes rights): Forge TGT with krbtgt hash for any user: Forge TGS for specific service: Convert NTLM hash to Kerberos ticket: Must: Must Not: Should: For advanced techniques including delegation attacks, GPO abuse, RODC attacks, SCCM/WSUS deployment, ADCS exploitation, trust relationships, and Linux AD integration, see references/advanced-attacks.md . This skill is applicable to execute the workflow or actions described in the overview. - Kali Linux or Windows attack platform - Domain user credentials (for most attacks) - Network access to Domain Controller - Tools: Impacket, Mimikatz, BloodHound, Rubeus, CrackMapExec - Domain enumeration data - Extracted credentials and hashes - Kerberos tickets for impersonation - Domain Administrator access - Persistent access mechanisms - Synchronize time with DC before Kerberos attacks - Have valid domain credentials for most attacks -...