Stealthy Domain Enumeration

Learn how to enumerate active directory domain stealthily

Ratings: 0.00 / 5.00




Description

In this course, you will learn how to enumerate domain information using c# stealthily.

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is a centralized repository that stores information and settings about a network's resources, such as users, groups, computers, printers, and more. Active Directory provides a single sign-on and centralized authentication and authorization mechanism, making it easier to manage and secure resources within a network.

Enumerating the AD is the most important part in any ad pentesting.

First we kickstart with writing a powershell loader that bypasses amsi, constrained languagemode and can even retrieve the ps scripts from url and execute them.

Then we do enumeration of some juicy domain info using c# like finding kerberoastable accounts, delegated accounts, dcsync accounts and much more.

we also see how to find juicy ACLs to find RBCD capable users etc

Finally we write our own psremoting checking script which checks for local admin access on any of the computers in the specified domain.

there are so many powershell shenanigans like iex execution, obfuscation to bypass defender etc.

but we will focus mainly with c#.

i used ps1loader and these binaries in one of my recent certifications without having to do some modifications to registry etc which course taught.

this  course is for pentesters, redteamers and anyone who want to tackle with active directory domain enumeration.

all of the code is given at the end of the course.


What You Will Learn!

  • Active Directory Enumeration
  • Creating a powershell script loader
  • Automating the finding of misconfigurations
  • Leveraging .NET for stealthy enumeration

Who Should Attend!

  • Penetration Testers
  • Red Teamers
  • Blue Teamers
  • Administrators