Comprehensive Guide to Active Directory (AD)

R3zk0n · October 2, 2025

API   Active Directory   Evasion   Exploitation   Network   Persistence   Recon   Security   Windows
Contents

    For main commands, go to https://github.com/qwutony/notes/edit/main/022-Active%20Directory/Commands.md

    Active Directory (AD) is a Microsoft technology used in Windows environments to manage computers and other devices on a network. It is a crucial component for network administrators as it helps in organizing and controlling permissions and access to network resources.

    Understanding Active Directory

    AD provides a variety of network services, including LDAP, Kerberos-based authentication, DNS-based naming and other network information. It allows administrators to manage permissions and access to network resources. Additionally, Active Directory supports the management of user data and enables the administrator to enforce security policy.

    For a comprehensive understanding of AD, check this high-level overview on HackTricks.

    Active Directory Resources for Further Reading

    1. Attacking AD: This guide offers insights into ways of attacking AD, highlighting vulnerabilities such as DNS Dynamic Updates.
    2. AD Cheat Sheet: A useful resource offering quick reference to common AD operations and exploitation techniques.
    3. Unconstrained Delegation & Forests Trusts: This post delves into the intricacies of Unconstrained Delegation and Forest Trusts within an AD environment.
    4. ACE Misconfiguration: This article explains how misconfigurations in Access Control Entries (ACEs) can be exploited for Remote Code Execution (RCE).
    5. WADComs: Known as the “GTFOBins for AD,” this resource provides a collection of commands useful for exploiting AD vulnerabilities.
    6. Kerberos Abuse: This guide explains how the Kerberos authentication protocol can be abused in AD environments.

    Active Directory Exploitation and Defense Courses and Labs

    1. Game of Active Directory: This is a training tool that offers a gamified approach to learning about AD vulnerabilities and exploits.
    2. DetectionLabs: This project provides pre-configured lab environments that make it easier to test the detection of attacks and breaches.
    3. Red Team Ops: A course that provides comprehensive training on red team operations, including AD attacks.

    Specific Topics in Active Directory

    Kerberos Relay

    Kerberos relay attacks occur when an attacker intercepts Kerberos traffic and reuses it to gain unauthorized access to a network resource. Resources for understanding and mitigating these attacks include:

    1. KrbRelay GitHub Repository
    2. Windows Exploitation Tricks: Relaying Kerberos

    Active Directory Certificate Services (AD CS)

    AD CS is a server role on Windows Server that allows administrators to issue and manage public key certificates. The following resource offers deep-dive into this topic:

    1. AD CS by Ifcr Research: This resource provides a deep dive into the vulnerabilities and potential escalations associated with AD CS, discussing topics like shadow credentials and golden certificates.

    Additional Active Directory Resources

    1. AD Cheatsheets: This resource provides quick and handy cheatsheets for dealing with various aspects of AD.
    2. Active Directory Python Edition: This is a Python-centric cheatsheet, focusing on how to interact with and exploit AD using Python.
    3. The Hacker Recipes: This is a comprehensive guide to AD, covering topics like reconnaissance, exploitation, persistence, and defense evasion.

    Twitter, Facebook