Most corporate environments use Microsoft Active Directory Services, which is basically a model for central authentication. Active Directory services use the concept of a domain to group users / machines together. The central authority for each domain is a server called a Domain Controller that carries out the authentication for all other domain-joined machines.
When conducting penetration tests, it is important to assess Active Directory misconfigurations, but in order to do so, some pre-requisite knowledge is needed regarding Windows Domains, how they are used, and how they are different from local accounts / non domain-joined machines.
What you will learn
After completing this scenario, you will learn the very basics of Windows Domains, users, and groups.
This scenario contains one virtual machine running a windows operating system, which you need to connect to / interact with.
https://en.wikipedia.org/wiki/Windows_domain https://www.blog.vikiwat.com/en/windows-active-directory-ad-what-is-it-and-what-can-it-do/ https://0xdarkvortex.dev/index.php/2019/01/01/active-directory-penetration-dojo-ad-environment-enumeration-1/
- TIME120 MINUTES
- COST10 CRYSTALS