Attacking Active Directory for Pentesters


This guide is designed to look at Active Directory from an attacker’s point of view. We will review different aspects of Active Directory and the terminology that all penetration testers should master to better understand Active Directory-related cyberattacks.

In order to understand Active Directory attack techniques, I believe it is important to understand not only the relevant tools but also how those tools work, the protocols/mechanisms used, and what those mechanisms/protocols were designed for.

The same is true when it comes to technology. The information provided here comes from the open-source community and from my own experience with Active Directory. However, I cannot guarantee that everything stated here is correct, so I encourage you to test it yourself.

If you find any mistakes, please email me. Of course, it is difficult to cover every aspect of Active Directory in one blog post, nevertheless, this guide will provide a basic understanding of Active Directory and its attack techniques.

I will continue to contribute to this article in the future. So please feel free to contact me if you need to add some aspect of Active Directory penetration techniques.

What is Active Directory?

In my opinion, Active Directory is a system by which we can manage a set of computers and users connected to the same network through a central server. Of course, this definition is far from entirely accurate, but it is simple enough to be sufficient to understand what AD is.

       ____                         __ 
  o   |    |                       |==|
 /|\  |____| <--------.    .-----> |  |
 / \  /::::/          |    |       |__|
                      v    v
                      /   /|
                     .---. |
                     |   | '
                     |   |/ 
       ____          ^    ^        ____ 
  o   |    |         |    |       |    |  \o/
 /|\  |____| <-------'    '-----> |____|   | 
 / \  /::::/                      /::::/  / \