Skip to content
Cyberforce Academy
  • Home
  • What is Pentesting?
  • Our Services
  • Playground
  • Academy
  • TactixC2
  • Login
  • My Profile
  • Home
  • Training

Active Directory Attacks

Curriculum

  • 16 Sections
  • 44 Lessons
  • Lifetime
Expand all sectionsCollapse all sections
  • Introduction
    2
    • 1.1
      Introduction
    • 1.2
      The Active Directory Kill Chain
  • Lab Access
    1
    • 2.1
      Complete Lab Setup with Terraform
  • Module 1: Enumeration
    3
    • 3.1
      Host Discovery
    • 3.2
      Service Discovery
    • 3.3
      User enumeration over LDAP
  • Module 2: Breached Credentials
    4
    • 4.1
      Assumed Breach
    • 4.2
      OSINT
    • 4.3
      Brute Forcing Passwords
    • 4.4
      Password Spraying
  • Module 3: LLMNR Poisoning
    2
    • 5.1
      LLMNR/NBT-NS Poisoning
    • 5.2
      Cracking NTLMv2 Hashes with Hashcat
  • Module 4: SMB/NTLM Relay
    3
    • 6.1
      SMB Relay
    • 6.2
      Dump SAM hashes via Relay attack
    • 6.3
      Shell Access
  • Module 5: IPv6 DNS Takeover
    1
    • 7.1
      IPv6 DNS Takeover/LDAP Relay
  • Module 6: AS-REP Roasting
    1
    • 8.1
      AS-REP Roasting
  • Module 7: Domain Discovery
    3
    • 9.1
      ADPulse
    • 9.2
      BloodHound
    • 9.3
      powerview.py
  • Module 8: Shell Access
    4
    • 10.1
      Shell Access with Impacket
    • 10.2
      Shell Access with Metasploit
    • 10.3
      Shell Access with Evil-WinRM
    • 10.4
      Coding Custom Shellcode
  • Module 9: File Transfers
    2
    • 11.1
      File Transfers over HTTP
    • 11.2
      File Transfers over SMB
  • Module 10: Post Exploitation
    6
    • 12.1
      System Enumeration
    • 12.2
      Enumeration using CMD and Powershell
    • 12.3
      Search Filesystem
    • 12.4
      Data Mining Windows
    • 12.5
      Dump LSASS with Mimikatz
    • 12.6
      Local Privilege Escalation
  • Module 11: Lateral Movement
    5
    • 13.1
      PtH with CrackMapExec / NetExec
    • 13.2
      Lateral Movement with CrackMapExec / NetExec
    • 13.3
      Lateral Movement with Impacket
    • 13.4
      PSRemoting
    • 13.5
      Lateral movement via RDP
  • Module 12: Privilege Escalation
    4
    • 14.1
      Kerberoasting
    • 14.2
      ACL Abuse
    • 14.3
      Unconstrained Delegation
    • 14.4
      AD CS Attacks
  • Module 13: Domain Compromise
    2
    • 15.1
      Dump NTDS.dit
    • 15.2
      Cross-Trust Attacks
  • Module 14: Domain Persistence
    1
    • 16.1
      Forging a Golden Ticket
This content is protected, please login and enroll in the course to view this content!
OSINT
Prev
Password Spraying
Next
Designed by Nasio Themes || Powered by WordPress