Valid User (No Password)
Valid User (No Password) techniques and commands for Active Directory security assessment.
Trusts
Trusts techniques and commands for Active Directory security assessment.
SCCM
SCCM techniques and commands for Active Directory security assessment.
Persistence
Persistence techniques and commands for Active Directory security assessment.
Mirage - HTB
Mirage is a hard Windows AD machine involving NFS report leaks, DNS hijack to capture NATS credentials, Kerberoasting, gMSA abuse, and ESC10 certificate misuse to reach DCSync.
Fluffy - HTB
Easy Windows AD chain starting from provided creds, NTLM capture via CVE-2025-24071, shadow credentials to WinRM, then ADCS abuse to Administrator.
Man In The Middle (Listen and Relay)
Man In The Middle (Listen and Relay) techniques and commands for Active Directory security assessment.
Kerberos Delegation
Kerberos Delegation techniques and commands for Active Directory security assessment.