✒️
Pentesting Cheatsheet
  • Introduction
  • Basics
  • Information Gathering | OSINT
  • Penetration Testing
    • Scanning and Enumeration
    • HTTP and HTTPS
    • SMB | Windows Domain Enumeration
    • NFS
    • SMTP
    • Reverse Shells
    • Buffer Overflow | Buf Exploitation
    • Linux Privilege Escalation
    • Miscellaneous
    • Redis
  • Active Directory
    • AD Extras
    • Attack Vectors
    • Post Compromise Enumeration
    • Post Compromise Attacks
  • Pivoting
  • Windows Privesc
    • Window Tools/Resources
    • Meterpreter Privesc
    • Powershell Scripting
  • Vulnhub/ PG/ THM/ HTB
  • Apache Log4j
  • Linux Forensics Cheatsheet
Powered by GitBook
On this page
  • Pass the Hash / Password
  • Token Impersonation
  • Kerberoasting
  • GPP / cPasswords Attacks (Group Policy Preferences)
  • Mimikatz
  • Golden Ticket Attack

Was this helpful?

  1. Active Directory

Post Compromise Attacks

PreviousPost Compromise EnumerationNextPivoting

Last updated 3 years ago

Was this helpful?

Pass the Hash / Password

We can dump hashes with secretsdump.py and crack with Hashcat.

Token Impersonation

Kerberoasting

GPP / cPasswords Attacks (Group Policy Preferences)

Mimikatz

Golden Ticket Attack

LogoPentesting in the Real World: Group Policy Pwnage | Rapid7 BlogRapid7
LogoGitHub - gentilkiwi/mimikatz: A little tool to play with Windows securityGitHub
LogoMicrosoft Active Directory Golden Ticket Attacks Explained | QOMPLXRisk Management for Cyber Security, Insurance, & Finance | QOMPLX
Pass the Hash