Active Directory Penetration Testing methods with simulations

Last update: Aug 12, 2021

Related tags

Testing Active-Directory-PT

Overview

AD penetration Testing Project

By Ruben Enkaoua - GL4Di4T0R

Based on the TCM PEH course (Heath Adams)

Index

1 - Setting Up the Lab

Intallation of a Windows Server 2016
Installation of the Windows 10 machines
Setting the domain configuration
Setting the domain virtual network

2 - Initial Attack Vector

LLMNR Poisoning (Attack / Defense)
Responder and Credentials Capture
SMB Relay (Attack / Defense)
Hosts Discovery
Setting Up LDAPS
IPv6 Overview (Attack / Defense)
IPv6 DNS Takeover - MITM6
Other Attacks Vectors and Strategies

3 - Post Compromise Enumeration

Uploading Content
Domain Enumeration - PowerView
Bloodhound Setup
Grabbing Data with Sharphound
Enumerating and Mapping Domain Data with Bloodhound

4 - Post Compromise Attack

Pass The Hash / Pass the Password (Attacks / Mitigations)
Installing CrackMapExec
Dumping Hashes with secretsdump
Token Impersonation - Incognito (Attack / Mitigation)
Kerberoasting (Attack / Mitigation)
Mimikatz and Credentials Dumping
Mimikatz - Golden Ticket Attack

Owner

GL4DI4T0R

GL4DI4T0R

GitHub Repository

Green is a clean, colorful, fast python test runner.

Green -- A clean, colorful, fast python test runner. Features Clean - Low redundancy in output. Result statistics for each test is vertically aligned.

756 Dec 22, 2022

pytest plugin that let you automate actions and assertions with test metrics reporting executing plain YAML files

pytest-play pytest-play is a codeless, generic, pluggable and extensible automation tool, not necessarily test automation only, based on the fantastic

67 Dec 01, 2022

This is a web test framework based on python+selenium

Basic thoughts for this framework There should have a BasePage.py to be the parent page and all the page object should inherit this class BasePage.py

2 Mar 09, 2022

Ab testing - The using AB test to test of difference of conversion rate

Facebook recently introduced a new type of offer that is an alternative to the current type of bidding called maximum bidding he introduced average bidding.

5 Nov 21, 2022

Avocado is a set of tools and libraries to help with automated testing.

Welcome to Avocado Avocado is a set of tools and libraries to help with automated testing. One can call it a test framework with benefits. Native test

1 Nov 19, 2021

Code coverage measurement for Python

Coverage.py Code coverage testing for Python. Coverage.py measures code coverage, typically during test execution. It uses the code analysis tools and

2.3k Jan 04, 2023

pytest plugin to test mypy static type analysis

pytest-mypy-testing — Plugin to test mypy output with pytest pytest-mypy-testing provides a pytest plugin to test that mypy produces a given output. A

21 Dec 21, 2022

Selenium Page Object Model with Python

Page-object-model (POM) is a pattern that you can apply it to develop efficient automation framework.

1 Nov 29, 2021

Checks for a 200 response from your subdomain list.

Check for available subdomains Written in Python, this terminal based application looks for a 200 response from the subdomain list you've provided. En

1 Nov 03, 2021

RAT-el is an open source penetration test tool that allows you to take control of a windows machine.

To prevent RATel from being detected by antivirus, please do not upload the payload to TOTAL VIRUS. Each month I will test myself if the payload gets detected by antivirus. So you’ll have a photo eve

218 Dec 16, 2022

This file will contain a series of Python functions that use the Selenium library to search for elements in a web page while logging everything into a file

element_search with Selenium (Now With docstrings 😎 ) Just to mention, I'm a beginner to all this, so it it's very possible to make some mistakes The

2 Aug 12, 2021

WomboAI Art Generator

WomboAI Art Generator Automate AI art generation using wombot.art. Also integrated into SnailBot for you to try out. Setup Install Python Go to the py

7 Dec 03, 2022

GitHub action for AppSweep Mobile Application Security Testing

GitHub action for AppSweep can be used to continuously integrate app scanning using AppSweep into your Android app build process

14 Oct 06, 2022

AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

6 Jan 28, 2022

MongoDB panel for the Flask Debug Toolbar

Flask Debug Toolbar MongoDB Panel Info: An extension panel for Rob Hudson's Django Debug Toolbar that adds MongoDB debugging information Author: Harry

4 Dec 11, 2019

Testing - Instrumenting Sanic framework with Opentelemetry

sanic-otel-splunk Testing - Instrumenting Sanic framework with Opentelemetry Test with python 3.8.10, sanic 20.12.2 Step to instrument pip install -r

1 Nov 26, 2021

Multi-asset backtesting framework. An intuitive API lets analysts try out their strategies right away

Multi-asset backtesting framework. An intuitive API lets analysts try out their strategies right away. Fast execution of profit-take/loss-cut orders is built-in. Seamless with Pandas.

39 Jan 06, 2023

Redis fixtures and fixture factories for Pytest.

Redis fixtures and fixture factories for Pytest.This is a pytest plugin, that enables you to test your code that relies on a running Redis database. It allows you to specify additional fixtures for R

86 Dec 23, 2022

This repository contains a testing script for nmigen-boards that tries to build blinky for all the platforms provided by nmigen-boards.

Introduction This repository contains a testing script for nmigen-boards that tries to build blinky for all the platforms provided by nmigen-boards.

4 Jul 23, 2022

Python package to easily work with selenium and manage tabs effectively.

Simple Selenium The aim of this package is to quickly get started with working with selenium for simple browser automation tasks. Installation Install

1 Oct 27, 2021