Pass-the-Hash & Pass-the-Ticket
In a Windows network you almost never need to crack a password. You just need to find where the secret that proves it is sitting i…
Active Directory → All Active Directory articles
In a Windows network you almost never need to crack a password. You just need to find where the secret that proves it is sitting i…
BloodHound changed AD pentesting permanently. It models AD as a graph database — users, groups, computers, and their relationships…
LDAP is the query interface to Active Directory. Every AD tool speaks LDAP under the hood. Understanding raw LDAP lets you enumera…
ACL misconfigurations are the silent privilege escalation path most AD assessments miss without BloodHound. GenericAll, WriteDACL,…
Write access to a GPO linked to Domain Computers OU is code execution on every workstation. Write access to a Domain Controllers O…
Getting Domain Admin is step one. Keeping access through a Blue Team response is step two. Golden Tickets survive password resets …
Kerberos delegation lets services authenticate to other services on behalf of users. Unconstrained delegation captures TGTs from a…
Purple teaming is collaborative security testing where red and blue teams work together in real time. The red team executes a tech…
Active Directory is a database of objects. Every user, computer, group, OU, and GPO is an object with a class and attributes. Unde…
Active Directory doesn't just use DNS — it IS DNS. DC locator queries are SRV-based, Kerberos requires DNS, replication uses hostn…