Introduction
My final year project at the University of Malaga (Spain) is the creation of an Active Directory environment for its exploitation. The objective of this project is to highlight the most common attacks that occur in real business environments. To achieve this, an experimental pilot has been carried out in which an Active Directory environment with vulnerabilities has been created in order to show the known weaknesses and configuration errors that could allow a real attacker to compromise the entire enterprise system. Mitigating measures that should be implemented to avoid the most common vulnerabilities and attacks in this type of environment are also presented.
Achieving a remarkable 9.5/10 grade for our recent project, I'm excited to share with you the step-by-step guide on setting up a test lab, along with the comprehensive methodology we employed during the various attacks. While the original document is in my native language, I'm committed to making this information accessible to a wider audience by translating it into a series of blog posts.
These upcoming posts will cater to readers who may not possess extensive experience with Active Directory environments, ensuring a smooth learning experience from the ground up. In these forthcoming articles, we'll delve into a range of techniques, including:
NTLM poisoningSMB RelayASREPRoastKerberoastingGolden TicketSilver TicketPass the HashOverpass the HashPass the KeyPass The TicketBypass PowerShell Malicious Detection (Obfuscating the malware)
Finally, I am developing an Active Directory pentesting tool to exploit all vulnerabilities derived from a default AD configuration. Soon I will be commenting on the new features of this tool.