Certified Red Team Professional (CRTP) - Notes
HomeGitHubPortfolioTwitter/XMediumCont@ct
  • 📝Certified Red Team Professional (CRTP) - Notes
    • â„šī¸0 - Course Summary
    • 1ī¸âƒŖ1 - Active Directory (AD)
      • 1.1 - Introduction to Active Directory (AD)
      • 1.2 - Physical Components of AD
      • 1.3 - Logical Components of AD
    • 2ī¸âƒŖ2 - PowerShell
      • 2.1 - Introduction to PowerShell
      • 2.2 - Security and Detection
    • 3ī¸âƒŖ3 - AD Enumeration
      • 3.1 - Host & User Identification
      • 3.2 - Common Services Enum
        • 3.2.1 - LDAP & DNS Enum
        • 3.2.2 - SMB Enum & Common Attacks
      • 3.3 - Domain Enumeration
        • 3.3.1 - PowerView
          • 3.3.1.1 - Domain Enumeration (Video Lab)
        • 3.3.2 - BloodHound
    • 4ī¸âƒŖ4 - Trust and Privileges Mapping
      • 4.1 - Access Control (ACL/ACE)
      • 4.2 - Group Policy
      • 4.3 - Trusts
    • 5ī¸âƒŖ5 - Local Privilege Escalation
      • 5.1 - Privilege Escalation
        • 5.1.1 - Feature Abuse
        • 5.1.2 - Relaying
        • 5.1.3 - GPO Abuse
        • 5.1.4 - Unquoted Service Path
      • 5.2 - Tools
    • 7ī¸âƒŖ6 - Lateral Movement
      • 6.1 - PowerShell Remoting & Tradecraft
      • 6.2 - Credentials Extraction & Mimikatz
    • 9ī¸âƒŖ7 - Kerberos Attack and Privelege Escalation
      • 7.1 - Kerberos Intro
      • 7.2 - User Enum in Kerberos
      • 7.3 - AS-REP Roasting
      • 7.4 - Kerberoasting
      • 7.5 - Kerberos Delegation
        • Uncostrained Delegation
        • Constrained Delegation
      • 7.6 - Accross Trusts
        • Page
        • External Trust
        • Forest
        • Domain Trust
    • 8ī¸âƒŖ8 - Persistence
      • 8.1 - Golden Ticket
      • 8.2 - Silver Ticket
      • 8.3 - Diamond Ticket
      • 8.4 - Skeleton Key
      • 8.5 - DSRM
      • 8.6 - Custom SSP
      • 8.7 - Persistence via ACLs
        • 8.7.1 - AdminSDHolder
        • 8.7.2 - DCSync Attack
        • 8.7.3 - Security Descriptors
    • 9ī¸âƒŖ9 - Detection and Defense
    • Lab
      • 0 - Lab Instructions
      • 1 - LO 1ī¸
      • 2 - LO2ī¸
      • 3 - LO 3ī¸
      • 4 - LO 4ī¸
      • 5 - LO 5ī¸
      • 6 - LO 6ī¸
      • 7 - LO 7ī¸
      • 8 - LO8ī¸
      • 9 - LO9ī¸
      • 10 - LO1ī¸0ī¸
      • 11 - LO1ī¸1ī¸
      • 12 - LO1ī¸2ī¸
      • 13 - LO1ī¸3ī¸
      • 14 - LO1ī¸4ī¸
      • 15 - LO1ī¸5ī¸
      • 16 - LO1ī¸6ī¸
      • 17 - LO1ī¸7ī¸
      • 18 - LO1ī¸8ī¸
      • 19 - LO1ī¸9ī¸
      • 20 - LO2ī¸0ī¸
      • 21 - LO2ī¸1ī¸
      • 22 - LO 2ī¸2ī¸
      • 23 - LO2ī¸3ī¸
    • 📄Report
      • How to write a PT Report
  • đŸ›Ŗī¸RoadMap / Exam Preparation
  • 📔CRTP Cheat Sheet
Powered by GitBook
On this page
  1. Certified Red Team Professional (CRTP) - Notes

1 - Active Directory (AD)

Previous0 - Course SummaryNext1.1 - Introduction to Active Directory (AD)

Last updated 2 days ago

Topics

❗ Disclaimer

Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!❗

📝
1ī¸âƒŖ
Building a Vulnerable Active Directory Lab: A Practical Approach
Introduction to Active Directory (AD)
Physical Components of AD
Logical Components of AD
Active Directory Domain Services Overviewdocsmsft
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
Logo