Active Directory Penetration Testing methods with simulations

Last update: Aug 12, 2021

Related tags

Testing Active-Directory-PT

Overview

AD penetration Testing Project

By Ruben Enkaoua - GL4Di4T0R

Based on the TCM PEH course (Heath Adams)

Index

1 - Setting Up the Lab

Intallation of a Windows Server 2016
Installation of the Windows 10 machines
Setting the domain configuration
Setting the domain virtual network

2 - Initial Attack Vector

LLMNR Poisoning (Attack / Defense)
Responder and Credentials Capture
SMB Relay (Attack / Defense)
Hosts Discovery
Setting Up LDAPS
IPv6 Overview (Attack / Defense)
IPv6 DNS Takeover - MITM6
Other Attacks Vectors and Strategies

3 - Post Compromise Enumeration

Uploading Content
Domain Enumeration - PowerView
Bloodhound Setup
Grabbing Data with Sharphound
Enumerating and Mapping Domain Data with Bloodhound

4 - Post Compromise Attack

Pass The Hash / Pass the Password (Attacks / Mitigations)
Installing CrackMapExec
Dumping Hashes with secretsdump
Token Impersonation - Incognito (Attack / Mitigation)
Kerberoasting (Attack / Mitigation)
Mimikatz and Credentials Dumping
Mimikatz - Golden Ticket Attack

Owner

GL4DI4T0R

GL4DI4T0R

GitHub Repository

Useful additions to Django's default TestCase

django-test-plus Useful additions to Django's default TestCase from REVSYS Rationale Let's face it, writing tests isn't always fun. Part of the reason

546 Dec 22, 2022

Python Rest Testing

pyresttest Table of Contents What Is It? Status Installation Sample Test Examples Installation How Do I Use It? Running A Simple Test Using JSON Valid

1.1k Dec 28, 2022

Python Projects - Few Python projects with Testing using Pytest

Python_Projects Few Python projects : Fast_API_Docker_PyTest- Just a simple auto

1 Jan 22, 2022

Make Selenium work on Github Actions

Make Selenium work on Github Actions Scraping with BeautifulSoup on GitHub Actions is easy-peasy. But what about Selenium?? After you jump through som

33 Dec 27, 2022

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

276 Mar 03, 2021

A web scraping using Selenium Webdriver

Savee - Images Downloader Project using Selenium Webdriver to download images from someone's profile on https:www.savee.it website. Usage The project

1 Dec 17, 2021

Mimesis is a high-performance fake data generator for Python, which provides data for a variety of purposes in a variety of languages.

Mimesis - Fake Data Generator Description Mimesis is a high-performance fake data generator for Python, which provides data for a variety of purposes

3.8k Dec 29, 2022

Selects tests affected by changed files. Continous test runner when used with pytest-watch.

This is a pytest plug-in which automatically selects and re-executes only tests affected by recent changes. How is this possible in dynamic language l

614 Dec 30, 2022

Docker-based integration tests

Docker-based integration tests Description Simple pytest fixtures that help you write integration tests with Docker and docker-compose. Specify all ne

326 Dec 27, 2022

Test for generating stylized circuit traces from images

I test of an image processing idea to take an image and make neat circuit board art automatically. Inspired by this twitter post by @JackRhysider

3 Dec 12, 2022

Headless chrome/chromium automation library (unofficial port of puppeteer)

Pyppeteer Pyppeteer has moved to pyppeteer/pyppeteer Unofficial Python port of puppeteer JavaScript (headless) chrome/chromium browser automation libr

3.5k Dec 30, 2022

A pytest plugin to run an ansible collection's unit tests with pytest.

pytest-ansible-units An experimental pytest plugin to run an ansible collection's unit tests with pytest. Description pytest-ansible-units is a pytest

9 Dec 09, 2022

d4rk Ghost is all in one hacking framework For red team Pentesting

d4rk ghost is all in one Hacking framework For red team Pentesting it contains all modules , information_gathering exploitation + vulnerability scanning + ddos attacks with 12 methods + proxy scraper

15 Dec 15, 2022

Sixpack is a language-agnostic a/b-testing framework

Sixpack Sixpack is a framework to enable A/B testing across multiple programming languages. It does this by exposing a simple API for client libraries

1.7k Dec 24, 2022

Pytest-typechecker - Pytest plugin to test how type checkers respond to code

pytest-typechecker this is a plugin for pytest that allows you to create tests t

2 Aug 20, 2022

A library for generating fake data and populating database tables.

Knockoff Factory A library for generating mock data and creating database fixtures that can be used for unit testing. Table of content Installation Ch

30 Sep 23, 2022

A collection of testing examples using pytest and many other libreris

Effective testing with Python This project was created for PyConEs 2021 Check out the test samples at tests Check out the slides at slides (markdown o

10 Oct 23, 2022

Cornell record & replay mock server

Cornell: record & replay mock server Cornell makes it dead simple, via its record and replay features to perform end-to-end testing in a fast and isol

134 Sep 15, 2022

The async ready version of the AniManga library created by centipede000.

Async-Animanga An Async/Aiohttp compatible library. Async-Animanga is an async ready web scraping library that returns Manga information from animepla

3 Sep 22, 2022

Free cleverbot without headless browser

Cleverbot Scraper Simple free cleverbot library that doesn't require running a heavy ram wasting headless web browser to actually chat with the bot, a

3 Sep 25, 2022