RatSec Blog

Active Directory Attacks

- Posted in Uncategorized by

enter image description here

Active Directory attacks:

  1. Pass-the-Hash (PtH) Attack: Involves stealing hashed credentials from one system and using them to authenticate to another system.

  2. Pass-the-Ticket (PtT) Attack: Similar to PtH, but instead of hashes, it involves stealing Kerberos tickets.

  3. Golden Ticket Attack: Creation of a Kerberos ticket-granting ticket (TGT) with virtually unlimited access.

  4. Silver Ticket Attack: Creation of a Kerberos ticket for a specific service without having to know the account's password.

  5. Brute Force Attack: Attempting to gain access by systematically trying all possible combinations of passwords.

  6. Password Spraying: Trying a small number of commonly used passwords against many accounts.

  7. Credential Stuffing: Using previously leaked credentials to gain unauthorized access to accounts.

  8. Kerberoasting: Exploiting weak service account passwords to extract Kerberos Ticket Granting Service (TGS) tickets.

  9. DNS Poisoning: Manipulating DNS records to redirect traffic to malicious servers.

  10. Domain Controller Compromise: Gaining unauthorized access to the domain controller, which is the central authority for Active Directory.

  11. Domain Admin Privilege Escalation: Exploiting vulnerabilities or misconfigurations to elevate privileges to the domain administrator level, granting extensive control over the entire Active Directory domain.

  12. Pass-the-Cache (PtC) Attack: Exploiting cached credentials on a compromised system to authenticate to other systems within the network.

  13. Token Impersonation: Manipulating access tokens to impersonate another user or gain unauthorized access to resources.

  14. Overpass the Hash (OtH) Attack: Similar to Pass-the-Hash, but involves extracting password hashes from memory or registry instead of from LSASS process.

  15. Distributed Denial of Service (DDoS) Attack: Flooding Active Directory services with a high volume of requests to disrupt normal operations, causing service outages.

  16. Group Policy Object (GPO) Manipulation: Unauthorized modification of GPOs to deploy malicious configurations or settings across the network.

  17. Trust Relationship Exploitation: Exploiting trust relationships between domains or forests to gain unauthorized access or perform lateral movement.

  18. DNS Tunneling: Using DNS requests and responses to establish covert communication channels or exfiltrate data from the network.

  19. SMB Relay Attack: Exploiting insecure SMB connections to relay authentication attempts and gain unauthorized access to systems.

  20. Pass-the-Certificate (PtC) Attack: Exploiting digital certificates to gain unauthorized access or privileges within the Active Directory environment.

hackXpert Labs