Pentesting Active Directory and Windows-based Infrastructure

Preface

1 Getting the Lab Ready and Attacking Exchange Server

Technical requirements

Lab architecture and deployment

Active Directory kill chain

Why we will not cover initial access and host-related topics

Attacking Exchange Server

User enumeration and password spraying

Dumping and exfiltrating

Zero2Hero exploits

Gaining a foothold

Summary

2 Defense Evasion

Technical requirements

AMSI, PowerShell CLM, and AppLocker

Antimalware Scan Interface

Way 1 – Error forcing

Way 2 – Obfuscation

Way 3 – Memory patch

AppLocker and PowerShell CLM

PowerShell Enhanced Logging and Sysmon

Event Tracing for Windows (ETW)

Summary

References

3 Domain Reconnaissance and Discovery

Technical requirements

Enumeration ...

Get Pentesting Active Directory and Windows-based Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting Active Directory and Windows-based Infrastructure by Denis Isakov

Table of Contents

Preface

1

Getting the Lab Ready and Attacking Exchange Server

Technical requirements

Lab architecture and deployment

Active Directory kill chain

Why we will not cover initial access and host-related topics

Attacking Exchange Server

User enumeration and password spraying

Dumping and exfiltrating

Zero2Hero exploits

Gaining a foothold

Summary

Further reading

2

Defense Evasion

Technical requirements

AMSI, PowerShell CLM, and AppLocker

Antimalware Scan Interface

Way 1 – Error forcing

Way 2 – Obfuscation

Way 3 – Memory patch

AppLocker and PowerShell CLM

PowerShell Enhanced Logging and Sysmon

Event Tracing for Windows (ETW)

Summary

References

Further reading

3

Domain Reconnaissance and Discovery

Technical requirements

Enumeration ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly