Active Directory Premium

Active Directory Trust Attacks

AD trusts extend the attack surface beyond a single domain. A parent-child trust is transitive — own the child domain, escalate to the parent's Enterprise Admins. Cross-forest trusts have SID filtering by default, but misconfigurations bypass it. ExtraSids injection, SID history abuse, and golden tickets with ExtraSids are the tools. This covers the full trust escalation chain.

Related Articles

Related Cheatsheets

4
active-directory

Responder — LLMNR/NBT-NS Poisoning

Responder poisons LLMNR, NBT-NS, and mDNS to capture NTLMv2 hashes from Windows hosts on t…

169 views
active-directory

NetExec (CrackMapExec) — AD Lateral Movement

NetExec (nxc) — the Swiss Army knife for Windows/AD lateral movement, credential spraying,…

150 views
active-directory

Impacket — Windows & Active Directory Attacks

Impacket Python library with tools for SMB, MSRPC, Kerberos, NTLM, WMI, and AD attacks.

150 views
network-pentest

Nmap — Network Scanning & Enumeration

Complete Nmap reference for host discovery, port scanning, service detection, and NSE scri…

135 views

Related Courses

3
⭐ Premium
Intermediate

Network Penetration Testing

From host discovery to Active Directory attacks

3 · 8.2h
Beginner

Networking Fundamentals for Pentesters

Understand how networks actually work — so you can break them. TCP/IP, routing, protocols,…

1 · 5.9h
⭐ Premium
Intermediate

Windows Privilege Escalation — Complete Course

From whoami /priv to NT AUTHORITY\SYSTEM — every technique, tool, and HTB/THM/PG practice …

1 · 8.0h