Added resources AD CS Domain Escalation & tools Locksmith, FalconHound
parent
a22795a18c
commit
b7a2923c6c
|
@ -1,6 +1,6 @@
|
|||
# Active Directory Kill Chain Attack & Defense
|
||||
|
||||
<img width="650" src="https://camo.githubusercontent.com/9547d8152e3490a6e5e3da0279faab64340885be/68747470733a2f2f646f63732e6d6963726f736f66742e636f6d2f656e2d75732f616476616e6365642d7468726561742d616e616c79746963732f6d656469612f61747461636b2d6b696c6c2d636861696e2d736d616c6c2e6a7067">
|
||||
<img width="650" src="https://camo.githubusercontent.com/e86663235b4690432fc71048a0c53929ac2768171e31f45069a143b89d17b0c3/68747470733a2f2f692e696d6775722e636f6d2f414d5a394d4d352e6a706567">
|
||||
|
||||
## Summary
|
||||
This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
|
||||
|
@ -68,6 +68,7 @@ This document was designed to be a useful, informational asset for those looking
|
|||
|
||||
### Abusing Active Directory Certificate Services
|
||||
* [Certified Pre-Owned](https://posts.specterops.io/certified-pre-owned-d95910965cd2)
|
||||
* [AD CS Domain Escalation](https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation)
|
||||
|
||||
### PetitPotam
|
||||
* [PetitPotam](https://github.com/topotam/PetitPotam)
|
||||
|
@ -459,6 +460,8 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
|
|||
* [DFIR-O365RC](https://github.com/ANSSI-FR/DFIR-O365RC) - The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations.
|
||||
* [AzureADIncidentResponse](https://www.powershellgallery.com/packages/AzureADIncidentResponse/4.0) - Tooling to assist in Azure AD incident response
|
||||
* [ADTimeline](https://github.com/ANSSI-FR/ADTimeline) - The ADTimeline script generates a timeline based on Active Directory replication metadata for objects considered of interest.
|
||||
* [Locksmith](https://github.com/TrimarcJake/Locksmith) - A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
|
||||
* [FalconHound](https://github.com/FalconForceTeam/FalconHound) - FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.
|
||||
|
||||
### Sysmon Configuration
|
||||
* [sysmon-modular](https://github.com/olafhartong/sysmon-modular) - A Sysmon configuration repository for everybody to customise
|
||||
|
|
Loading…
Reference in New Issue