This project simulates internal penetration testing scenarios in a self-hosted, vulnerable Active Directory (AD) environment. It demonstrates real-world attack techniques used by threat actors to escalate privileges and compromise domain controllers.
The goal of this lab is to understand the risks associated with misconfigured or vulnerable AD environments, test offensive security skills, and evaluate effective mitigation strategies.
- Environment: Self-hosted using VMware
- Operating Systems: Windows Server (Domain Controller), Windows 11 (Workstation), Kali Linux (Attacker)
- Domain Configuration: Single-domain forest with realistic misconfigurations
- Enumerated domain users, groups, and computers using PowerView and SharpHound
- Mapped Active Directory trust relationships and privilege paths
- Exploited misconfigured services (e.g., SMB, RDP, WinRM)
- Performed password spraying and Kerberoasting
- Leveraged vulnerable service permissions and unquoted service paths
- Conducted token impersonation and pass-the-hash attacks
- Performed Kerberos delegation abuse (Unconstrained & Constrained)
- Escalated to Domain Admin privileges
- Dumped NTDS.dit and extracted domain credentials
Each attack path is documented with:
- Step-by-step commands and screenshots
- MITRE ATT&CK mappings
- Tools used and their configurations
- Detection and mitigation strategies
Reports are included
The project also outlines defenses against each simulated attack, including:
- Least privilege enforcement
- Secure service configurations
- Credential hygiene
- Monitoring with Windows Event Logs and Sysmon
- Attack path detection with BloodHound and Defender for Identity
This lab is intended for educational and ethical use only. All testing was performed in a controlled, isolated environment. Never use these techniques on networks you do not own or have explicit permission to test.