| Ressource | Description | Author |
|---|---|---|
| Attack AD: 0 to 0.9 | The encyclopedia to start your journey in AD security. My TOP 1. | Eloy Pérez González |
| Bloodhound Nodes | Must-read to understand AD attack paths. | SperterOps |
| Bloodhound Edges | Must-read to understand AD attack paths. | SpecterOps |
| thehacker.recipes | pages after /ad/movement/ : credentials, mitm-and-coerced-authentications, ntlm, kerberos, dacl, group-policies, trusts, netlogon, ad-cs, sccm-mecm, exchange-services, print-spooler-service, domain-settings | @_nwodtuhs |
| CERT-FR checklist | ANSSI | |
| CME wiki | First thing first. Can I make it with CME? | porchetta, mpgn64 |
| GOAD tutorial | Best to practice, prepare tooling. | mayfly277 |
| activedirectoryrights | List of ActiveDirectoryRights values. | Microsoft |
| well-known SIDs | List of Well-Known SIDs. | Microsoft |
| SDDL | Understand ACE premissions. | |
| Attack bookmarks | Curated list to deepdive a particluar topic. | infosecn1nja |
| Dog Whisperer | How-to for Bloodhound and more. | SadProcessor |
| Cypher Queries | Hunting with BloodHound. STEP 2 after the pre-built queries. | hausec |
| KRB Attacks 101 | Good redacting effort. | m0chan |
| harden | ||
| harden |
azure
dfir
| Cheatsheet | Description | Author |
|---|---|---|
| Hunting Windows PrivEsc | Awesome presentation covering how to hunt the named pipes and much more. | Kaspersky |
| Windows Logon workflow | Awesome schema sequencing the security event IDs for windows logon. | Andrei Miroshnikov |
powershell
| Ressource | Description | Author |
|---|---|---|
| AD Discovery | - | Haboob Team |
| AD Exploitation | Contains the CLI of the most well-known tools for common enumeration and attack methods: Local PrivEsc, Lateral Movement, Domain PrivEsc, Domain Persistence, Cross Forests Attacks | S1ckB0y1337 |
| PS cheatsheet 1 | The best CRTP + CRTO cheatsheet for lab certifications made by pentesteracademy. | casvancooten |
| PS cheatsheet 2 | PowerView, PowerUp, PowerSploit, and Empire cheatsheets. | HarmJ0y |
| PS toolbox 1 | Tools used for the offensive powershell training provided by specterops. | specterops.io |
| PS toolbox 2 | Collection of tools. | varonis |
| PS snippet gallery | Snipets. | powershellgallery |
| PS old stuffs | - | ethicalhackersacademy |
talks
| Year | Ressource | Author | Description |
|---|---|---|---|
| 2017 (blackhat) | An ACE Up The Sleeve | Andy Robbins & Will Shroeder | Abusing ACLs… |
| 2019 (defcon 27) | Kerberos Ticketing & Delegations | Elad Shamir, Matt Bush | Workshop using rollercoaster metaphor for explaining KRB ticket and abuse. |