Class One - Notes

Active Directory look like

Structure

PowerShell Scripts and Modules

PowerShell Script Excecution

Bypassing PowerShell Security

Offensive .NET - Tradecraft - AV bypass – Source Code Obfuscation

Offensive .NET - Tradecraft - Payload Delivery

Attack Methodology

---

Domain Enumeration

23MB

Attacking_and_Defending_ActiveDirectory - SlideNotes.pdf

PDF

Open

Import-Module Microsoft.ActiveDirector

Import-Module Microsoft.ActiveDirectory.Management.dll
Import-Module ActiveDirectory.psd1
. C:\AD\Tools\PowerView.ps1

PS C:\Users\student113> Get-Domain

Forest                  : moneycorp.local
DomainControllers       : {dcorp-dc.dollarcorp.moneycorp.local}
Children                : {us.dollarcorp.moneycorp.local}
DomainMode              : Unknown
DomainModeLevel         : 7
Parent                  : moneycorp.local
PdcRoleOwner            : dcorp-dc.dollarcorp.moneycorp.local
RidRoleOwner            : dcorp-dc.dollarcorp.moneycorp.local
InfrastructureRoleOwner : dcorp-dc.dollarcorp.moneycorp.local
Name                    : dollarcorp.moneycorp.local

PS C:\Users\student113> Get-Domain -Domain moneycorp.local

Forest                  : moneycorp.local
DomainControllers       : {mcorp-dc.moneycorp.local}
Children                : {dollarcorp.moneycorp.local}
DomainMode              : Unknown
DomainModeLevel         : 7
Parent                  :
PdcRoleOwner            : mcorp-dc.moneycorp.local
RidRoleOwner            : mcorp-dc.moneycorp.local
InfrastructureRoleOwner : mcorp-dc.moneycorp.local
Name                    : moneycorp.local

Find Shares

BloodHound

---

Domain Enumeration - ACLs

---

Domain Enumeration - Group Policy (GPO & OU)

---

Domain Trust Enumeration

Forest Enumeration

---

Domain Enumeration - User Hunting