Intro to Active Directory HTB-Academy
Tags
attack-pattern: Data Model Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Credentials - T1589.001 Dcsync - T1003.006 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domain Account - T1087.002 Domain Account - T1136.002 Domain Accounts - T1078.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Golden Ticket - T1558.001 Hardware - T1592.001 Ip Addresses - T1590.005 Kerberoasting - T1558.003 Local Account - T1087.001 Local Account - T1136.001 Local Groups - T1069.001 Network Devices - T1584.008 Ntds - T1003.003 Powershell - T1059.001 Python - T1059.006 Reversible Encryption - T1556.005 Screensaver - T1546.002 Security Account Manager - T1003.002 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Software - T1592.002 Steal Or Forge Kerberos Tickets - T1558 Windows Remote Management - T1021.006 Web Service - T1481 Tool - T1588.002 Vulnerabilities - T1588.006 Credential Dumping - T1003 Dcshadow - T1207 Kerberoasting - T1208 Powershell - T1086 Screensaver - T1180 Windows Remote Management - T1028 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID b42da108-0225-40fc-9215-c8cdb8bc62e8
Fingerprint 82986d904ce02385
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 21, 2024, 8:29 a.m.
Added to db Oct. 21, 2024, 11:17 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Intro to Active Directory HTB-Academy
Title Intro to Active Directory HTB-Academy
Detected Hints/Tags/Attributes 167/1/138
Source URLs
Redirection Url
Details Source https://medium.com/@404niraj/intro-to-active-directory-htb-academy-85835be5af12?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 91 
cve-2021-34527
Details CVE 217 
cve-2020-1472
Details Domain 452 
msrc.microsoft.com
Details Domain 622 
en.wikipedia.org
Details Domain 47 
www.slideshare.net
Details Domain 5 
shenaniganslabs.io
Details Domain 4127 
github.com
Details Domain 4 
blog.harmj0y.net
Details Domain 1 
www.dcshadow.com
Details Domain 3 
wald0.com
Details Domain 768 
www.youtube.com
Details Domain 30 
adsecurity.org
Details Domain 1373 
twitter.com
Details Domain 2 
admin.dev
Details Domain 1 
ldapwiki.com
Details Domain 1 
hierarchy.ad
Details Domain 707 
google.com
Details Domain 1 
networkencyclopedia.com
Details Domain 360 
attack.mitre.org
Details Domain 207 
learn.microsoft.com
Details Domain 281 
docs.microsoft.com
Details Domain 1 
blog.palantir.com
Details Domain 397 
www.microsoft.com
Details Email 1 
bjones@inlanefreight.local
Details Email 1 
htb-student@inlanefreight.local
Details Email 1 
andromeda.cepheus@inlanefreight.local
Details File 1 
ad.png
Details File 5 
wagging-the-dog.html
Details File 32 
powerview.ps1
Details File 1 
domain.png
Details File 1 
wiki.jsp
Details File 1 
rdn.png
Details File 6 
netdom.exe
Details File 1 
examples.png
Details File 1 
authentication.png
Details File 1 
dns.png
Details File 1 
session.png
Details File 1 
authenticatoin.png
Details File 2 
practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
Details File 1 
groups.png
Details File 38 
details.aspx
Details File 2125 
cmd.exe
Details File 1 
gpo.png
Details File 1 
presedence.png
Details File 1 
hive.png
Details File 1 
override.png
Details File 1 
policy.png
Details File 1 
inheritance.png
Details Github username 3 
bc-security
Details Github username 3 
leechristensen
Details Github username 2 
vletoux
Details Github username 18 
empireproject
Details Github username 4 
powershellempire
Details Github username 29 
gentilkiwi
Details Github username 12 
byt3bl33d3r
Details Github username 14 
secureauthcorp
Details Github username 7 
darkoperator
Details Github username 22 
powershellmafia
Details Github username 10 
spiderlabs
Details Github username 10 
bloodhoundad
Details Github username 7 
lgandx
Details Github username 6 
fsecurelabs
Details Github username 5 
parrotsec
Details md5 1 
aad3c435b514a4eeaad3b935b51304fe
Details md5 1 
e46b9e548fa0d122de7f59fb6d48eaa2
Details md5 1 
88dcbe4446168966a153a0064958dac6
Details md5 1 
e4e938d12fe5974dc42a90120bd9c90f
Details sha1 1 
f128d84e86e675f1ad65c4b9b05bd529e1f9dc7c
Details sha1 1 
fdfd47c0a1e06e529bf31c93da7caed3479d08e1
Details sha1 1 
c02c74853298ea52a2bfaa4d250c3898886a44ac
Details sha256 1 
1695122ff2b5844b625f6d05c9274ce0a8b75b9b7cde84386df07e24ae98181b
Details IPv4 1 
172.16.6.5
Details IPv4 1 
10.129.41.19
Details IPv4 1 
10.129.43.9
Details MITRE ATT&CK Techniques 289 
T1003
Details MITRE ATT&CK Techniques 27 
T1558
Details Url 5 
https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34527
Details Url 4 
https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-1472
Details Url 1 
https://en.wikipedia.org/wiki/active_directory_federation_services
Details Url 1 
https://en.wikipedia.org/wiki/claims-based_identity
Details Url 1 
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-group-managed
Details Url 1 
https://en.wikipedia.org/wiki/printnightmare
Details Url 1 
https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab
Details Url 1 
https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware
Details Url 1 
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/01/the-story-of-zerologon
Details Url 1 
https://www.slideshare.net/harmj0y/derbycon-2019-kerberoasting-revisited
Details Url 4 
https://shenaniganslabs.io/2019/01/28/wagging-the-dog.html
Details Url 1 
https://github.com/bc-security/empire
Details Url 3 
https://github.com/leechristensen/spoolsample
Details Url 1 
https://blog.harmj0y.net/redteaming/from-kekeo-to-rubeus
Details Url 1 
https://blog.harmj0y.net/redteaming/not-a-security-boundary-breaking-forest-trusts
Details Url 1 
https://www.dcshadow.com
Details Url 1 
https://github.com/vletoux/pingcastle/commits/master?after=f128d84e86e675f1ad65c4b9b05bd529e1f9dc7c
Details Url 1 
https://blog.harmj0y.net/activedirectory/roasting-as-reps
Details Url 1 
https://www.slideshare.net/harmj0y/ace-up-the-sleeve
Details Url 1 
https://blog.harmj0y.net/redteaming/a-guide-to-attacking-domain-trusts
Details Url 3 
https://wald0.com/?p=68
Details Url 1 
https://www.youtube.com/watch?v=wp8zcczc1ou
Details Url 7 
https://github.com/empireproject/empire
Details Url 1 
https://blog.harmj0y.net/redteaming/powerview-2-0
Details Url 1 
https://github.com/powershellempire/powertools
Details Url 14 
https://github.com/gentilkiwi/mimikatz
Details Url 1 
https://github.com/byt3bl33d3r/crackmapexec/releases?page=3
Details Url 1 
https://adsecurity.org/?p=1667
Details Url 1 
https://github.com/secureauthcorp/impacket/releases?page=2
Details Url 1 
https://github.com/darkoperator/veil-powerview/commit/fdfd47c0a1e06e529bf31c93da7caed3479d08e1#diff
Details Url 5 
https://github.com/powershellmafia/powersploit
Details Url 2 
https://github.com/powershellmafia/powersploit/blob/master/recon/powerview.ps1
Details Url 1 
https://twitter.com/timmedin
Details Url 1 
https://github.com/spiderlabs/responder/commits/master?after=c02c74853298ea52a2bfaa4d250c3898886a44ac
Details Url 1 
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
Details Url 1 
https://ldapwiki.com/wiki/wiki.jsp?page=well
Details Url 1 
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption
Details Url 1 
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card
Details Url 1 
https://docs.microsoft.com/en-us/windows-server/security/kerberos/whats-new-in-kerberos-authentication
Details Url 1 
https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/whats-new-in-credential-protection
Details Url 1 
https://docs.microsoft.com/en-us/windows-server/identity/whats-new-active-directory-domain-services#privileged
Details Url 1 
https://en.wikipedia.org/wiki/remote_procedure_call
Details Url 1 
https://en.wikipedia.org/wiki/openldap
Details Url 1 
https://networkencyclopedia.com/local-security-authority-lsa
Details Url 1 
https://github.com/bloodhoundad
Details Url 1 
https://stealthbits.com/blog/making-internal-reconnaissance-harder-using-netcease-and-samri1o
Details Url 4 
https://attack.mitre.org/techniques/t1003/003
Details Url 2 
https://github.com/byt3bl33d3r/crackmapexec
Details Url 4 
https://github.com/lgandx/responder
Details Url 2 
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
Details Url 1 
https://attack.mitre.org/techniques/t1558/001
Details Url 1 
https://learn.microsoft.com/en-us/windows/win32/ad/user-object-attributes
Details Url 1 
https://docs.microsoft.com/en-us/windows/win32/ad/group-objects
Details Url 1 
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups#protected
Details Url 1 
https://docs.microsoft.com/en-us/windows/win32/winrm/portal
Details Url 1 
https://github.com/fsecurelabs/sharpgpoabuse
Details Url 4 
https://github.com/parrotsec/mimikatz
Details Url 1 
https://blog.palantir.com/windows-privilege-abuse-auditing-detection-and-defense-3078a403d74e
Details Url 1 
https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/privilege-escalation-abusing-tokens
Details Url 3 
https://www.microsoft.com/en-us/download/details.aspx?id=46899
Details Url 1 
https://docs.microsoft.com/en-us/powershell/module/grouppolicy/?view=windowsserver2022
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\SECURITY\Cache