Świetne zestawienie narzędzi do Ataku & Obrony Active Directory obejmujące:
Discovery
- SPN Scanning
- Data Mining
- User Hunting
- LAPS
- AppLocker
- Active Directory Federation Services
Privilege Escalation
- Abusing Active Directory Certificate Services
- PetitPotam
- Zerologon
- Passwords in SYSVOL & Group Policy Preferences
- MS14-068 Kerberos Vulnerability
- DNSAdmins
- Kerberos Delegation
- Unconstrained Delegation
- Constrained Delegation
- Resource-Based Constrained Delegation
- Insecure Group Policy Object Permission Rights
- Insecure ACLs Permission Rights
- Domain Trusts
- DCShadow
- RID
- Microsoft SQL Server
- Red Forest
- Exchange
- NTLM Relay & LLMNR/NBNS
Lateral Movement
- Microsoft SQL Server Database links
- Pass The Hash
- System Center Configuration Manager (SCCM)
- WSUS
- Password Spraying
- Automated Lateral Movement
Defense Evasion
- In-Memory Evasion
- Endpoint Detection and Response (EDR) Evasion
- OPSEC
- Microsoft ATA & ATP Evasion
- PowerShell ScriptBlock Logging Bypass
- PowerShell Anti-Malware Scan Interface (AMSI) Bypass
- Loading .NET Assemblies Anti-Malware Scan Interface (AMSI) Bypass
- AppLocker & Device Guard Bypass
- Sysmon Evasion
- HoneyTokens Evasion
- Disabling Security Tools
Credential Dumping
- NTDS.DIT Password Extraction
- SAM (Security Accounts Manager)
- Kerberoasting
- Kerberos AP-REP Roasting
- Windows Credential Manager/Vault
- DCSync
- LLMNR/NBT-NS Poisoning
Persistence
- Golden Ticket
- SID History
- Silver Ticket
- DCShadow
- AdminSDHolder
- Group Policy Object
- Skeleton Keys
- SeEnableDelegationPrivilege
- Security Support Provider
- Directory Services Restore Mode
- ACLs & Security Descriptors
- Tools & Scripts
- Cheat Sheets
- Azure Active Directory
Defense & Detection
- Tools & Scripts
- Sysmon Configuration
Zestawienie zawiera również dodatek - Active Directory Security Checks (by Sean Metcalf – @Pyrotek3)
- General Recommendations
- Protect Admin Credentials
- Protect AD Admin Credentials
- Protect Service Account Credentials
- Protect Resources
- Protect Domain Controller
- Protect Workstations (& Servers)
- Logging
- Security Pro’s Checks
Szczegóły wraz z linkami do narzędzi można znaleźć na https://cybersecuritynews.com/active-directory-checklist/