Active Directory

 Active Directory (AD) is a directory service and identity management system

developed by Microsoft.
 It is primarily used in Windows-based networks to centralize and manage network
resources, including users, computers, printers, and other network-connected devices.
 Active Directory plays a critical role in authentication, authorization, and directory
services, making it an essential component in many organizations' IT infrastructures.
 Active Directory is a directory service, which means it stores information about
network resources in a structured and hierarchical manner.
 Active Directory provides authentication services, ensuring that users and devices are
who they claim to be before granting them access to resources.
Active Directory Enumeration
 Active Directory Enumeration is a process of gathering information about an Active
Directory environment.
 It's a crucial step for both administrators and potentially malicious actors (hackers) as
it helps them understand the network structure, discover vulnerabilities, and plan their
actions.
 Enumeration may involve:
 Enumerating Users and Groups
 Enumerating Computers and Servers
 Enumerating Shares and Permissions
 Enumerating Domain Controllers
Tools for Active Directory Enumeration & Exploitation:
 PowerShell:
- PowerShell is a powerful scripting language in Windows that can be used to query
and interact with Active Directory.
- There are various PowerShell modules, such as Active Directory Module, that
facilitate AD enumeration and management.
 Net Command:
- The "net" command in Windows provides various functionalities for enumerating
users, groups, shares, and other AD-related information.
 LDAP Enumeration Tools:
- LDAP (Lightweight Directory Access Protocol) enumeration tools like ldapsearch
can be used to query AD for information about users, groups, and other directory
objects.
 Enum4linux:
- Enum4linux is a Linux-based tool for enumerating information from Windows
machines, including information related to the Active Directory domain, shares,
and more.
 BloodHound:
- BloodHound is a popular tool for analysing and visualizing Active Directory trust
relationships and permissions.
- It helps identify attack paths and potential security issues.
 Mimikatz:
- A tool that can extract plaintext passwords, hashes, tickets, and keys from
Windows systems.
- It can also perform pass-the-hash, pass-the-ticket, overpass-the-hash, and other
credential theft and reuse attacks
Practical
HacktheBox – Dancing Machine

References
1. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/
active-directory-domain-services-overview
2. https://www.paessler.com/it-explained/active-directory
3. https://www.cyberark.com/what-is/active-directory/
4. https://www.hackthebox.com/blog/active-directory-penetration-testing-cheatsheet-and-
guide