This project documents my hands-on journey in learning and conducting internal Active Directory (AD) penetration testing. The exercises simulate real-world cyberattacks to better understand security weaknesses in AD environments and how to detect, exploit, and mitigate them.
This repository contains detailed notes, proof-of-concepts (PoCs), attack paths, and defense strategies used in various phases of an AD-focused penetration test. The project is structured week-by-week and includes environment setup, enumeration, exploitation, post-exploitation, and reporting.
- Understand Active Directory architecture and its security mechanisms.
- Perform internal network reconnaissance and enumeration.
- Simulate real-world attacks such as LLMNR poisoning, SMB relay, Kerberoasting, Pass-the-Hash, and Golden Ticket attacks.
- Practice privilege escalation using tools like PowerView, BloodHound, and Mimikatz.
- Write structured, actionable penetration testing reports with executive summaries and mitigation steps.
-
🔍 Enumeration & Scanning:
NmapNetExecKerbruteResponderGreenbone OpenVASPassive_discovery6
-
🧨 Exploitation:
Impacket toolkitResponder + ntlmrelayxHashcatMetasploitMITM6
-
🔐 Post-Exploitation & Privilege Escalation:
PowerViewBloodHoundMimikatzSecretsdumpTicketer.py
- LLMNR/NBT-NS Poisoning
- SMB Relay Attack
- Kerberoasting / AS-REP Roasting
- Pass-the-Hash & Pass-the-Ticket
- Golden Ticket Attack
- Token Impersonation
- RID Brute-Forcing
- IPv6 MITM6 Attacks
- LDAP Injection & DNS Poisoning
- Zero-Day Testing (CVE-2024-49113 - LDAP Nightmare)
The test environment includes:
- DC1: Domain Controller for
FAMILYGUY.local - PC1 / PC2: Domain-joined clients with local admin misconfigurations
- Attacker VM: Parrot with all tools installed
- Hack The Box AD VM: External closed-box test environment
The content is divided by weekly progress:
Week 1: AD fundamentals & pentesting conceptsWeek 2-3: Reconnaissance & enumerationWeek 4-5: Exploitation techniquesWeek 6-7: Privilege escalationWeek 8-9: Post-exploitation & mitigationWeek 10-11: HTB AD pentest simulation & reporting
A sample pentest report is included following industry standards:
- Executive summary
- Severity rating
- Technical findings with screenshots
- Remediation recommendations
This project is intended strictly for educational and ethical use only. Do not use any techniques documented here on systems you do not own or have permission to test.
- HackTheBox Blog: AD Pentest Cheatsheet
- MITRE ATT&CK: AD-related techniques
- Microsoft Security Docs
- Other resources listed in the journal
Sherwin Laconsay
Cybersecurity Enthusiast | Network Analyst
Connect with me on LinkedIn or check out more of my work here.