πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes
Introduction
Red Team Notes 2.0
Red Team
Initial Access
Execution
Persistence
Privesc
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Active Directory
Introduction
Kerberos
LDAP
Enumeration
Attacks
Detection
Detection
Initial Access
Execution
Resources & References
References & Resources
Powered By GitBook
Introduction
Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.
Active Directory (AD) is a Microsoft product that consists of several services that run on Windows Server to manage permissions and access to networked resources.
Active Directory stores data as objects. An object is a single element, such as a user, group, application or device, such as a printer. Objects are normally defined as either resources -- such as printers or computers -- or security principals -- such as users or groups.
Active Directory categorizes objects by name and attributes. For example, the name of a user might include the name string, along with information associated with the user, such as passwords and Secure Shell (SSH) keys.
The main service in Active Directory is Domains Services (AD DS), which stores directory information and handles the interaction of the user with the domain. AD DS verifies access when a user signs into a device or attempts to connect to a server over a network. AD DS controls which users have access to each resource. For example, an administrator typically has a different level of access to data than an end user.
Several other services compromise Active Directory. They are Lightwegiht Directory Services, Certificate Services, Federation Services and Right Management Services. Each service expands the product's directory management capabilities.
LDAP is an application protocol used to access and maintain directory services over a network. LDAP stores objects -- such as usernames and passwords -- in directory services -- such as Active Directory -- and shares that object data across the network.
Active Directory is Microsoft's Directory service which acts as a centralized repository that holds all the data related to users, computers, servers, resources etc. Of an organization and it makes administrations & management very easy for System Administrators. Using AD, workstations can be updated, configured and maintained remotely. It is a single management interface that is accessible from anywhere on the network.
A group of AD domains that shares a contiguous namespace is called AD Tree. Objects in tree always follow hierarchy. (Example If an AD Forest dominioncyber.local, computer1 is in its child domain IT, it's FQDN would be computer1.IT.dominioncyber.local)
And a collection of domain trees is called a Forest. A domain is always a part of a forest even if there is just a single domain. A Forest is composed of one or more trees. unlike tree, a forest can contain several non-contiguous namespaces.

AD Domain Controller host the service that authenticates user and computer accounts when they log on to the domain, so all users and computers must connect to AD DS domain controllers when signing into the network, that's why AD DS is the primary means by which you can configure/manage user and computer accounts on your network. In corporate environment with big infra and lot of users. Microsoft Active Directory is quite famous.
Note: AD DS stands for "Active Directory Domain Services"

The information on user identity, computers, groups, services and resources etc. Are stored in the Active Directory database wich is made up of a single file named ntds.dit. By default, it is stored in the %SYSTEMROOT%\NTDS folder.

Ldap stands for Lightweight Directory Access Protocol. This service is responsible for keeping track of what is on the network.

DNS is important for Active Directory to work. There are several DNS records that AD requires to determine what services are available on the domain and who provides what. There records are managed automatically when you configure DNS in AD.

Kerberos is the service that allows you to use one username and password to log into multiple computers throughout the domain. It basically handles Single Sign On throughout the domain.
​

Group Policy is used to define user, security and networking policies at the machine level. Administrators can apply group policies from a centralized location to the whole domain or few computers/user. There are still many security professionals who aren't very familiar with AD and many concepts of AD.

In Active Directory environment, trust enables you to grant access to resources to users, groups and computers across entities by linking up the authentication systems of two domains and allows authentication traffic flow between them through a system of referrals. It's a two-step process. First step is to establish the trust. Second step is to assign the permissions.

Trusts can be one-way or two-way trust. In a two-way trust, the domain on either side can access the other side. And in one-way trust "Domain A trusts domain B", which means that domain A is the trusting domain and domain B will be the trusted domain. For a user in a certain domain to access a resource in another domain, the user needs to be in the trusted domain.
Let me explain with a small analogy using my mentor. Let's say that Cyrus were to give David access to his AD Lab, he is establishing a trust between him and David(Not to Hack outside of it or Crash it ;] ). Cyrus is the trusting domain, and David is the trusted domain. Once the AD Lab the next step is to allow access to the VPN File to connect to the AD. So this trust is only one direction, i.e. Cyrus trusts David.
As we can see AD is a vast topic that I cannot simply explain on a simple post, and of course I have near nowhere the experience these infosec researchers have in explaining this. I left a few links that can help on understanding better this topic and give you a better understanding than what I did.
Resources:
Kerberos, Active Directory’s Secret Decoder Ring
Active Directory Security
What is Active Directory (AD)?
SearchWindowsServer
Active Directory
docsmsft
AD Reading: Active Directory Core Concepts
Active Directory Security
https://0xdarkvortex.dev/index.php/2018/06/09/active-directory-penetration-dojo-setup-of-ad-penetration-lab-part-1/
0xdarkvortex.dev
​
​
Previous
Impact
Next
Kerberos
Last modified 2yr ago
Copy link
On this page
AD Domain Controller
AD Database
LDAP
AD integrated DNS
Kerberos
Group Policies
Active Directory Trusts
Trust Direction (One-way or two way)