Żądny wiedzy? Wbijaj na Mega Sekurak Hacking Party w maju! -30% z kodem: majearly
Hackowanie Active Directory – gigantyczny poradnik.
Materiałów o bezpieczeństwie Windows – czy w szczególności Active Directory mamy tyle co węgla w polskich składach węglowych ;-) Warto więc zapewne zapoznać się z tym rozbudowanym poradnikiem. Mamy tutaj:
- Wstęp co to w ogóle jest AD / w tym podstawowe definicje
- Przydatne narzędzia, w tym przykłady ich użyć:
- Modele uwierzytelniania (w tym Kerberos)
- Kwestie współpracy z systemami Linuksowymi
- Na końcu opracowania mamy kolejne polecane materiały / blogi oraz wylistowane najciekawsze narzędzia, co pozwolę sobie zacytować w całości:
- mimikatz: Probably the most famous tool for attacking Windows and Active Directory. It implements in C all kind of attacks to retrieve credentials from Windows machines and impersonate users in Active Directory.
- impacket: Impacket implements many of the protocols described here in python and it is worth to know how it works to learn about them. It also include many examples that implement attacks described here.
- responder.py: Responder allows you to perform a lot of PitM attacks abusing Windows resolution protocols and giving you a lot of protocol servers that will collect NTLM hashes. Worth to know how it works.
- Rubeus: Rubeus is a C# suite to perform Kerberos attacks from Windows machines. You can check it to learn a lot about how Kerberos work.
- CrackMapExec: CME is a python tool that allows you to perform a lot of different attacks described here in an easy way.
- BloodHound: BloodHound allows you to map the Active Directory network with many different LDAP requests and others. You should check it if you want to learn about Active Directory reconnaissance.
- Powerview: A Powershell tool that implements a lot of Active Directory LDAP and other protocol queries to retrieve all kind of information from Active Directory.
- Empire: A suite to deploy agents in Active Directory machines that allows you to perform all kind of attacks. The data/module_source directory contains a lot of tools to perform reconnaissance and attacks over Active Directory that are worth to check.
~Michał Sajdak
