Pentesting and Red Teaming Notes
  • 🖥️Pentesting and Red Teaming Cheatsheet
  • Web Application Pentesting(BlackBox)
    • SQL Injection
    • Blind SQL Injection
    • Path Traversal
    • Attacking Authentication
    • Race Conditions
    • Business Logic Vulnerabilities
    • Command Injections
    • Information disclosure
    • Access Controls
    • File upload Attacks
    • XXE
    • Server Side Request Forgery
    • Api Testing
    • noSQL
    • DOM based vulnerabilities
    • Cross Site scripting
  • Infrastructure Pentesting
    • Windows Privilege Escalation
    • Attacking Active Directory
    • File Transfers and Download
    • Pivoting(Tunneling and Port Forwarding)
    • Linux Privilege Escalation
    • Stealing NTLM hashes
    • Tricks and Tips
  • Active Directory Pentesting
    • powershell theory
    • Methodology
    • domain enumeration
    • File Transfer
    • PowerShell ADModule
    • Local Privilege Escalation
    • PowerView Commands
    • ACLs Descriptions
    • ACLs Abuse
    • ACL
    • Trusts
    • User Hunting
    • group policy
    • Mimikatz
    • BloodHound
    • LateralMovement
    • Kerberoasting
    • defense bypasses
    • Set-SPN
    • ASREProasting
    • Unconstrained Delegation
    • Constrained Delegation
    • Resource Based Constrained Delegation
    • AD CS
    • Persistance
    • Priv Esc Trusts Inside Forest
    • MSSQL Servers
    • Priv Esc Trusts Across Forest
    • Tips And Tricks
    • Service Tickets and Abuses
  • Reconnaissance
    • Web Application Reconnaissance
    • External Reconnaissance
Powered by GitBook
On this page
  • Configure collector(SharpHound)
  • Less detection
  • Avoid MDI Detections
  • NOTE:
  • To-do
  1. Active Directory Pentesting

BloodHound

Configure collector(SharpHound)

  • First use Invisi shell then again bypass .net AMSI for powershell using the provided AMSI bypass in lab manual then

. C:\AD\Tools\BloodHound-master\Collectors\SharpHound.ps1
Invoke-BloodHound -CollectionMethod All

OR

SharpHound.exe --CollectionMethods All

Less detection

Invoke-BloodHound -Stealth
SharpHound.exe --Stealth

Avoid MDI Detections

Invoke-BloodHound -ExcludeDCs

NOTE:

Use compitable version of bloodhound and sharphound

To-do

  • Upload the data to bloodhound and check shortest path to domain admins, this should be done after doing priv esc on compromised machine and finding local admin access because latest version of bloodhound 4.2.0 has a bug where it doesnot show a user's local admin rights on another machine.

PreviousMimikatzNextLateralMovement

Last updated 10 months ago