Skip to content

πŸ“š Recommended resources

In this article there are many resources linked, and you are encouraged to follow them to learn more. However, there are some special sites that I consider very good and with lots of on Active Directory information:

There many other incredible sites with Active Directory posts, but I these are special relevant since described many topics and are specially dedicated to Active Directory.

Apart from blogs, here I let you a selection of great Active Directory oriented tools, that apart from being useful, could allow you to learn a lot of Active Directory mechanism and protocols by reviewing its code. (This is far from being an exhaustive list and many more are listed and shown in the article).

  • mimikatz: Probably the most famous tool for attacking Windows and Active Directory. It implements in CΒ all kind of attacksΒ to retrieve credentials from Windows machines and impersonate users in Active Directory.
  • impacket: Impacket implements many of the protocols described here in python and it is worth to know how it works to learn about them. It also include many examples that implement attacks described here.
  • responder.py: Responder allows you to perform a lot of PitM attacks abusing Windows resolution protocols and giving you a lot of protocol servers that will collect NTLM hashes. Worth to know how it works.
  • Rubeus: Rubeus is a C# suite to perform Kerberos attacks from Windows machines. You can check it to learn a lot about how Kerberos work.
  • CrackMapExec: CME is a python tool that allows you to perform a lot of different attacks described here in an easy way.
  • BloodHound: BloodHound allows you to map the Active Directory network with many different LDAP requests and others. You should check it if you want to learn about Active Directory reconnaissance.
  • Powerview: A Powershell tool that implements a lot of Active Directory LDAP and other protocol queries to retrieveΒ all kind of informationΒ from Active Directory.
  • Empire: A suite to deploy agents in Active Directory machines that allows you to perform all kind of attacks. TheΒ data/module_sourceΒ directory contains a lot of tools to perform reconnaissance and attacks over Active Directory that are worth to check.