Info
Most corporate environments use Microsoft Active Directory Services, which is basically a model for central authentication. Active Directory services use the concept of a domain to group users / machines together. The central authority for each domain is a server called a Domain Controller that carries out the authentication for all other domain-joined machines.
When conducting penetration tests, it is important to assess Active Directory misconfigurations, but in order to do so, some pre-requisite knowledge is needed regarding Windows Domains, how they are used, and how they are different from local accounts / non domain-joined machines.
What you will learn
After completing this scenario, you will learn how to enumerate nested domain group memberships. If you use BloodHound to complete the scenario (since this is the recommended method), you will also become more familiar with the tool and collecting data using it.
Technical Details
This scenario contains one virtual machine running a windows operating system, which you need to connect to / interact with.
Pre-requisites
It is highly adviseable to download and install BloodHound, even though this is not necessarily required, but will help you greatly
