xct's notes
Search…
Introduction
Red Team
Active Directory
Quick Wins
Spraying & Roasting
Domain Enum & Exploitation
Persistence
Payload Delivery
Getting & Using Credentials
Lateral Movement
Domain Trust
Misc
Host Enum
Payloads
Passwords
Privilege Escalation
Evasion & Bypasses
Concepts & Research
Binary Exploitation
Web
Cloud
Mobile
Hardware
Crypto
Templates
Misc
Blue Team
Active Directory
Malware Analysis
SIEM
Misc
Labs
Keys & Signing
Language & Framwork Specifics
Misc
HackTheBox
Crossfit
Luanne
APT
Attended
Delivery
Cereal
Powered By GitBook
Quick Wins
This is a collection of things to check for an easy way to domain admin

Top 10

  • Password Spraying (company name + year, season + year, initial passwords,...), both on premise and vs Azure AD
  • Kerberoast & ASREPRoast
  • Bloodhound: paths from initial owned users to high value targets
  • Credential reuse between low priv and high priv accounts
  • Common CVEs that give RCE
    • CVE-2020-0688 (Exchange)
    • CVE-2020-0708 (Bluekeep)
    • CVE-2020-0144 (Eternal Blue)
    • CVE-2020-0796 (SMBGhost)
    • CVE-2020-1472 (Zerologon)
  • Spoofing Attacks to capture & relay hashes
    • NBTNS & LLMNR Poisoning with responder or ntlmrelayx
    • MitM6
    • SSH-Honeypots (many companies autodiscover assets)
  • SSH via LDAP into Linux Boxes with normal User privileges
  • Abusing the Printerbug (relaying the authentication)
​
Red Team - Previous
Active Directory
Next
Spraying & Roasting
Last modified 10mo ago
Copy link