Active Directory Penetration Testing methods with simulations

Last update: Aug 12, 2021

Related tags

Testing Active-Directory-PT

Overview

AD penetration Testing Project

By Ruben Enkaoua - GL4Di4T0R

Based on the TCM PEH course (Heath Adams)

Index

1 - Setting Up the Lab

Intallation of a Windows Server 2016
Installation of the Windows 10 machines
Setting the domain configuration
Setting the domain virtual network

2 - Initial Attack Vector

LLMNR Poisoning (Attack / Defense)
Responder and Credentials Capture
SMB Relay (Attack / Defense)
Hosts Discovery
Setting Up LDAPS
IPv6 Overview (Attack / Defense)
IPv6 DNS Takeover - MITM6
Other Attacks Vectors and Strategies

3 - Post Compromise Enumeration

Uploading Content
Domain Enumeration - PowerView
Bloodhound Setup
Grabbing Data with Sharphound
Enumerating and Mapping Domain Data with Bloodhound

4 - Post Compromise Attack

Pass The Hash / Pass the Password (Attacks / Mitigations)
Installing CrackMapExec
Dumping Hashes with secretsdump
Token Impersonation - Incognito (Attack / Mitigation)
Kerberoasting (Attack / Mitigation)
Mimikatz and Credentials Dumping
Mimikatz - Golden Ticket Attack

Owner

GL4DI4T0R

GL4DI4T0R

GitHub Repository

A simple Python script I wrote that scrapes NASA's James Webb Space Telescope tracker website using Selenium and returns its current status and location.

A simple Python script I wrote that scrapes NASA's James Webb Space Telescope tracker website using Selenium and returns its current status and location.

9 Feb 10, 2022

1st Solution to QQ Browser 2021 AIAC Track 2

1st Solution to QQ Browser 2021 AIAC Track 2 This repository is the winning solution to QQ Browser 2021 AI Algorithm Competition Track 2 Automated Hyp

24 Sep 10, 2022

Pytest support for asyncio.

pytest-asyncio: pytest support for asyncio pytest-asyncio is an Apache2 licensed library, written in Python, for testing asyncio code with pytest. asy

1.1k Jan 02, 2023

Turn any OpenAPI2/3 and Postman Collection file into an API server with mocking, transformations and validations.

Prism is a set of packages for API mocking and contract testing with OpenAPI v2 (formerly known as Swagger) and OpenAPI v3.x. Mock Servers: Life-like

3.3k Jan 05, 2023

Selenium Manager

SeleniumManager I'm fed up with always having to struggle unnecessarily when I have to use Selenium on a new machine, so I made this little python mod

1 Dec 24, 2021

hCaptcha solver and bypasser for Python Selenium. Simple website to try to solve hCaptcha.

hCaptcha solver for Python Selenium. Many thanks to engageub for his hCaptcha solver userscript. This script is solely intended for the use of educati

59 Dec 25, 2022

Selects tests affected by changed files. Continous test runner when used with pytest-watch.

This is a pytest plug-in which automatically selects and re-executes only tests affected by recent changes. How is this possible in dynamic language l

614 Dec 30, 2022

Let your Python tests travel through time

FreezeGun: Let your Python tests travel through time FreezeGun is a library that allows your Python tests to travel through time by mocking the dateti

3.5k Dec 29, 2022

Useful additions to Django's default TestCase

django-test-plus Useful additions to Django's default TestCase from REVSYS Rationale Let's face it, writing tests isn't always fun. Part of the reason

546 Dec 22, 2022

Code coverage measurement for Python

Coverage.py Code coverage testing for Python. Coverage.py measures code coverage, typically during test execution. It uses the code analysis tools and

2.3k Jan 04, 2023

A toolbar overlay for debugging Flask applications

Flask Debug-toolbar This is a port of the excellent django-debug-toolbar for Flask applications. Installation Installing is simple with pip: $ pip ins

863 Dec 29, 2022

Django-google-optimize is a Django application designed to make running server side Google Optimize A/B tests easy.

Django-google-optimize Django-google-optimize is a Django application designed to make running Google Optimize A/B tests easy. Here is a tutorial on t

39 Oct 25, 2022

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

💼 The Social-Engineer Toolkit (SET) 💼 Copyright 2020 The Social-Engineer Toolkit (SET) Written by: David Kennedy (ReL1K) @HackingDave Company: Trust

8.4k Dec 31, 2022

No longer maintained, please migrate to model_bakery

Model Mommy: Smart fixtures for better tests IMPORTANT: Model Mommy is no longer maintained and was replaced by Model Bakery. Please, consider migrati

917 Oct 04, 2022

A modern API testing tool for web applications built with Open API and GraphQL specifications.

Schemathesis Schemathesis is a modern API testing tool for web applications built with Open API and GraphQL specifications. It reads the application s

1.6k Jan 06, 2023

A tool to auto generate the basic mocks and asserts for faster unit testing

Mock Generator A tool to generate the basic mocks and asserts for faster unit testing. 🎉 New: you can now use pytest-mock-generator, for more fluid p

31 Dec 24, 2022

A Proof of concept of a modern python CLI with click, pydantic, rich and anyio

httpcli This project is a proof of concept of a modern python networking cli which can be simple and easy to maintain using some of the best packages

17 Nov 15, 2022

py.test fixture for benchmarking code

Overview docs tests package A pytest fixture for benchmarking code. It will group the tests into rounds that are calibrated to the chosen timer. See c

1k Jan 03, 2023

PyAutoEasy is a extension / wrapper around the famous PyAutoGUI, a cross-platform GUI automation tool to replace your boooring repetitive tasks.

PyAutoEasy PyAutoEasy is a extension / wrapper around the famous PyAutoGUI, a cross-platform GUI automation tool to replace your boooring repetitive t

7 Oct 27, 2022

Bayesian A/B testing

bayesian_testing is a small package for a quick evaluation of A/B (or A/B/C/...) tests using Bayesian approach.

35 Dec 15, 2022