# Active Directory & Kerberos Abuse

- [Active Directory & Kerberos Abuse](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/active-directory-and-kerberos-abuse.md): Links
- [From Domain Admin to Enterprise Admin](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/from-domain-admin-to-enterprise-admin.md): Explore Parent-Child Domain Trust Relationships and abuse it for Privilege Escalation
- [Kerberoasting](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberoasting.md): Credential Access
- [Kerberos: Golden Tickets](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberos-golden-tickets.md): Persistence and Privilege Escalation with Golden Kerberots tickets
- [Kerberos: Silver Tickets](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberos-silver-tickets.md): Credential Access
- [AS-REP Roasting](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/as-rep-roasting.md)
- [Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberoasting-requesting-rc4-encrypted-tgs-when-aes-is-enabled.md): It is possible to kerberoast a user account with SPN even if the account supports Kerberos AES encryption by requesting an RC4 ecnrypted (instead of AES) TGS which easier to crack.
- [Kerberos Unconstrained Delegation](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberos-unconstrained-delegation.md): This lab explores a security impact of unrestricted kerberos delegation enabled on a domain computer.
- [Kerberos Constrained Delegation](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberos-constrained-delegation.md): This lab explores a security impact of unrestricted kerberos delegation enabled on a domain computer.
- [Kerberos Resource-based Constrained Delegation: Computer Object Takeover](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/kerberos-resource-based-constrained-delegation-computer-object-takeover.md): It's possible to gain code execution with elevated privileges on a remote computer if you have WRITE privilege on that computer's AD object.
- [Domain Compromise via DC Print Server and Kerberos Delegation](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/domain-compromise-via-dc-print-server-and-kerberos-delegation.md)
- [DCShadow - Becoming a Rogue Domain Controller](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/dcshadow-becoming-a-rogue-domain-controller.md)
- [DCSync: Dump Password Hashes from Domain Controller](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/dcsync-dump-password-hashes-from-domain-controller.md)
- [PowerView: Active Directory Enumeration](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/powerview-active-directory-enumeration.md)
- [Abusing Active Directory ACLs/ACEs](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/abusing-active-directory-acls-aces.md)
- [Privileged Accounts and Token Privileges](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/privileged-accounts-and-token-privileges.md)
- [From DnsAdmins to SYSTEM to Domain Compromise](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/from-dnsadmins-to-system-to-domain-compromise.md)
- [Pass the Hash with Machine$ Accounts](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/pass-the-hash-with-machineusd-accounts.md)
- [BloodHound with Kali Linux: 101](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/bloodhound-with-kali-linux-101.md)
- [Backdooring AdminSDHolder for Persistence](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/backdooring-adminsdholder-for-persistence.md)
- [Active Directory Enumeration with AD Module without RSAT or Admin Privileges](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/active-directory-enumeration-with-ad-module-without-rsat-or-admin-privileges.md)
- [Enumerating AD Object Permissions with dsacls](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/enumerating-ad-object-permissions-with-dsacls.md): Enumeration, living off the land
- [Active Directory Password Spraying](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/active-directory-password-spraying.md)
- [Active Directory Lab with Hyper-V and PowerShell](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/active-directory-lab-with-hyper-v-and-powershell.md)
- [ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/adcs-+-petitpotam-ntlm-relay-obtaining-krbtgt-hash-with-domain-controller-machine-certificate.md)
- [From Misconfigured Certificate Template to Domain Admin](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/from-misconfigured-certificate-template-to-domain-admin.md)
- [Shadow Credentials](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/shadow-credentials.md)
- [Abusing Trust Account$: Accessing Resources on a Trusted Domain from a Trusting Domain](/hackersnotes/active-directory/active-directory-and-kerberos-abuse/abusing-trust-accountusd-accessing-resources-on-a-trusted-domain-from-a-trusting-domain.md)