performing-active-directory-penetration-test

# Performing Active Directory Penetration Test ## Overview Active Directory (AD) penetration testing targets the central identity and access management system used by over 95% of Fortune 500 companies. The test identifies misconfigurations, weak credentials, dangerous delegation settings, vulnerable certificate templates, and attack paths that enable an attacker to escalate from a standard domain user to Domain Admin or Enterprise Admin. ## When to Use - When conducting security assessments that involve performing active directory penetration test - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Standard domain user credentials (minimum starting point) - Network access to domain controllers (LDAP/389, Kerberos/88, SMB/445, DNS/53) - Tools: BloodHound, Impacket, Certipy, Rubeus, NetExec, Mimikatz - Kali Linux or Windows attack machine with domain access ## Phase 1 — AD Enumeration ### Domain Information Gathering ```bash # Basic domain enumeration netexec smb 10.0.0.5 -u 'testuser' -p 'Password123' -d corp.local --groups netexec smb 10.0.0.5 -u 'testuser' -p 'Password123' -d corp.local --users # LDAP enumeration — domain controllers ldapsearch -x -H ldap://10.0.0.5 -D "testuser@corp.local" -w "Password123" \ -b "OU=Domain Controllers,DC=corp,DC=local" "(objectClass=computer)" dNSHostName # Enu...