This comprehensive Active Directory cheat sheet provides offensive, defensive, and investigative commands for cybersecurity professionals, inspired by real-world labs and CTF challenges. It emphasizes the importance of network reconnaissance, privilege escalation, and detection techniques to maintain or compromise enterprise AD environments. #ActiveDirectory #BloodHound
Keypoints
- Initial network enumeration involves scanning subnets with tools like nmap and CME for active hosts and services.
- Active Directory discovery can be performed using commands to leak DNS records, SMB shares, and domain controller information.
- Gaining foothold often includes password spraying, AS-REP roasting, and LLMNR poisoning techniques.
- Lateral movement and post-exploitation utilize tools for credential dumping, Kerberoasting, and privilege escalation.
- Defenders should monitor logs, enable SMB signing, and regularly rotate critical credentials like krbtgt passwords.