I'm currently going through GOAD with a friend, and before writing up any of the actual attack paths we traverse, i wanted to put down the foundation that makes everything else makes sense.
This post covers:
- Interactive learning quizzes so you really remember the foundations
- Domains, trees, forests — and why the forest is the boundary that actually matters
- The Domain Controller: what it does, why it should do nothing else, and why it's our primary target
- Kerberos SSO and why a single domain account gives you far more visibility than people expect
- PDC/BDC history → multi-master replication → the PDC Emulator and why it keeps coming up
- RODCs and why they exist
No exploits yet. Just the stuff that needs to be load-bearing
before anything offensive makes sense.
Full post (with interactive knowledge checks) on my blog →
Active Directory Pentesting: Part 01
Before we get offensive, we get grounded. This post covers the AD fundamentals every pentester needs locked in: domains, trees, forests, the Domain Controller as crown jewel, Kerberos SSO, multi-master replication, and why even a low-privileged domain account is worth more than it looks.
niklas-heringer.com
Top comments (0)