【MOC】活动目录

created: "2025-03-16 11:55"
tags:
  - 渗透姿势库
  - moc
Type:
  - Note
title: 【MOC】活动目录
aliases:
  - 【MOC】ActiveDirectory
updated: "2025-10-07 20:25"
comment: 
cssclasses:
  - moc-kanban
icon: 📚

1. MOC

📂 未分类

📄 文件名15	📅 创建时间	🏷️ 标签
内网AD域&Kerberos点&黄金票据&白银票据&钻石票据&蓝宝石票据	2025-03-14 21:19	#AD域, #内网安全, #黄金票据, #白银票据, #钻石票据, #蓝宝石票据
AD CS	2025-03-14 21:19	#域渗透, #证书, #委派安全
CDN绕过技巧	2025-03-14 21:19	#CDN, #信息收集
CTF中各种花式绕过	2025-03-14 21:19	#ctf, #bypass
HasSession	2025-03-14 21:19	#HasSession, #域渗透, #Bloodhound分析
SIDHistory	2025-03-14 21:19	#域渗透, #Bloodhound分析
Bypass rbash	2025-03-14 21:19	#rbash, #shell
Redis dll劫持	2025-03-14 21:19	#dll劫持
SeLoadDriverPrivilege	2025-03-14 21:19	#SeLoadDriverPrivilege, #windows提权
代理池搭建与爆破	2025-03-14 21:19	#隧道代理, #代理池, #爆破
绕过 AppLocker	2025-03-14 21:19	#AppLocker, #应用程序控制策略
默认受保护组	2025-03-14 21:19	#默认受保护组
水坑攻击	2025-04-27 22:29	#水坑攻击, #权限维持
SNMP利用	2025-08-04 23:38	#SNMP
【收集】	2025-09-21 00:06	#input

📁 0-About

📄 文件名1	📅 创建时间	🏷️ 标签
About this Menu	2025-05-09 23:37	#渗透姿势库

📁 6-补充

📄 文件名19	📅 创建时间	🏷️ 标签
1.LSA、SAM、NTDS区别	2025-06-26 18:46	#渗透姿势库
2.活动目录	2025-06-28 13:03	#AD域
kerberos web Authentication	2025-10-01 19:59	#kerberos, #web
firefox 配置 negotiate-auth	2025-10-01 20:24	#negotiate-auth, #kerberos, #firefox
SPN	2025-10-12 20:58	#SPN
evil-winrm	2025-10-24 23:26	#winRM
evil-winrm-py	2025-10-24 23:51	#evil-winrm
Windows Permission Inheritance	2025-10-26 01:40	#windows, #DACL, #inhertance
Volume Shadow Copies	2025-10-28 00:29	#SecretsDump, #VolumeShadowCopies
WSL	2025-11-01 01:47	#WSL
Erlang	2025-11-02 22:31	#erlang
NTFS隐写	2025-11-19 23:24	#MISC, #NTFS隐写
GPP Password	2025-11-20 00:05	#GPP_Password
Microsoft Access	2025-11-22 00:08
Linux Active Directory	2026-01-04 23:43	#LinuxAD, #krb5_keytab
pyc poisoning	2026-01-13 14:13	#PYC_Poisoning, #权限维持
Shell Arithmetic Command Injection	2026-01-13 14:26	#Command_Injection, #shell
Python exploit	2026-01-14 22:49	#python, #hijacking
如何把本地计算机加入域	2026-01-16 20:35	#AD域

📁 7-sudo提权

📄 文件名2	📅 创建时间	🏷️ 标签
1.Mosh	2025-08-05 00:25	#Mosh
2.npbackup-cli	2025-08-20 00:12	#npbackup-cli

📁 Movement

📄 文件名1	📅 创建时间	🏷️ 标签
WSUS	2026-01-04 01:41	#LPE, #WSUS

📁 Movement/1-Credentials

📄 文件名3	📅 创建时间	🏷️ 标签
DCSync	2025-03-14 21:19	#域渗透, #DCSync
SAM & LSA secrets	2025-03-14 21:19	#域渗透
Secrets dump	2025-03-15 16:31	#域渗透

📁 Movement/1-Credentials/1-Dumping

📄 文件名1	📅 创建时间	🏷️ 标签
2.DPAPI secrets	2025-05-21 22:10	#域渗透, #内网凭证, #DPAPI

📁 Movement/2-MITM coerced-auths

📄 文件名8	📅 创建时间	🏷️ 标签
00-MITM coerced-auths(中间人攻击与强制认证）	2025-05-25 23:25	#域渗透, #MITM
1.arp欺骗	2025-05-25 23:28
2.DNS欺骗	2025-05-25 23:29
3.DHCPv6欺骗	2025-05-25 23:29
4.WSUS 欺骗	2025-05-25 23:29
5.LLMNR, NBT-NS, mDNS 欺骗	2025-05-25 23:29
6.ADIDNS欺骗	2025-05-25 23:30
7.WPAD欺骗	2025-05-25 23:30

📁 Movement/3-NTLM

📄 文件名4	📅 创建时间	🏷️ 标签
NTLM relay	2025-03-14 21:19	#NTLM
PTH	2025-03-14 21:19	#PTH, #NTLM
NTLM Capture	2025-05-25 23:32	#NTLM
NTLM reflection	2025-10-14 10:34	#NTLM, #reflection, #CVE-2025-33073

📁 Movement/4-Kerberos

📄 文件名16	📅 创建时间	🏷️ 标签
11.Pass the Certificate	2025-03-14 21:19	#PTC
AS-REP-Roasting	2025-03-14 21:19	#AS-REPRoasting, #域渗透, #Kerberoast
kerbeos暴力破解	2025-03-14 21:19	#域渗透, #横向移动, #kerbrute爆破, #kerberos安全
Kerberoasting	2025-03-14 21:19	#域渗透, #SPN, #Kerberoast
Kerberos原理	2025-03-14 21:19	#kerberos, #域渗透, #票据, #kerberos安全
1.Pre-auth bruteforce	2025-05-25 23:33
2.Pass the key	2025-05-25 23:34
3.Overpass the hash	2025-05-25 23:35
4.Pass the ticket	2025-05-25 23:35
5.Pass the cache	2025-05-25 23:36
6.Kerberos Relay	2025-05-25 23:36	#kerberos
9.Shadow Credentials(影子凭据)	2025-05-25 23:47
10.UnPAC the hash	2025-05-25 23:48
12.sAMAccountName spoofing	2025-05-25 23:50
13.SPN-jacking	2025-05-25 23:51
Targeted Kerberoasting	2025-05-25 23:55	#kerberos安全, #kerberoasting, #DACL_abuse, #kerberos

📁 Movement/4-Kerberos/Delegations

📄 文件名6	📅 创建时间	🏷️ 标签
Delegations	2025-03-25 23:08	#约束性委派, #非约束性委派, #基于资源的约束委派, #RBCD
Unconstrained delegation	2025-05-25 23:44	#AD域, #Trusts, #UnconstrainedDelegation
Constrained Delegation	2025-05-25 23:45	#KCD, #ConstrainedDelegation, #Delegation
RBCD	2025-05-25 23:46	#RBCD, #Delegation
4.S4U2self abuse	2025-05-25 23:46
5.Bronze Bit	2025-05-25 23:47

📁 Movement/4-Kerberos/Forged tickets

📄 文件名7	📅 创建时间	🏷️ 标签
黄金白银票据	2025-03-14 21:19	#票据, #权限维持, #kerberos安全
2.Golden Ticket	2025-05-12 12:05	#kerberos, #域渗透, #票据, #权限维持, #横向移动
1.silver ticket	2025-05-12 12:16	#横向移动, #权限维持, #域渗透, #票据
3.钻石票据	2025-05-25 23:38
4.蓝宝石票据	2025-05-25 23:39
5.RODC黄金票据	2025-05-25 23:40
6.MS14-068	2025-05-25 23:42	#kerberos, #trcket

📁 Movement/5-DACL abuse

📄 文件名13	📅 创建时间	🏷️ 标签
AddMember	2025-05-25 23:55	#AD域
2.ForceChangePassword	2025-05-25 23:55	#AD域, #DACL_abuse
4.ReadLAPSPassword	2025-05-25 23:55	#ReadLAPSPassword
5.ReadGMSAPassword	2025-05-25 23:55	#gMSA
6.WriteOwner	2025-05-25 23:56	#DACL_abuse, #grant-ownership, #Ownership, #WriteOwner
7.Grant rights	2025-05-25 23:56
8.Logon script	2025-05-25 23:56
9.Rights on RODC object	2025-05-25 23:56
10.GPOAbuse	2025-07-07 11:43	#GPOAbuse
11.All attributes	2025-07-20 21:34	#attributes, #DACL_abuse, #手动枚举
nTSecurityDescriptor	2025-10-24 10:48	#ACL, #windows
GenericAll	2025-10-25 00:31	#DACL
Write Dacl	2025-10-25 01:28	#DACL

📁 Movement/6-Netlogon

📄 文件名1	📅 创建时间	🏷️ 标签
Zerologon	2025-05-11 22:06	#zerologon, #横向移动, #域渗透, #netlogon

📁 Movement/7-Trusts

📄 文件名3	📅 创建时间	🏷️ 标签
信任关系	2025-05-25 23:57
AD Trusts Expliot	2025-10-08 21:39	#AD域, #Trusts
Mssql_links Abuse in AD Trusts	2025-10-08 21:59	#MSSQL, #Trusts

📁 Movement/8-组策略

📄 文件名1	📅 创建时间	🏷️ 标签
组策略	2025-05-25 23:57

📁 Movement/9-AD-CS

📄 文件名7	📅 创建时间	🏷️ 标签
ADCS Abuse	2025-05-21 10:54
1.Certificate templates	2025-05-25 23:58
2.Certificate authority（CA）	2025-05-25 23:59
3.Access controls(访问控制）	2025-05-25 23:59
4.Unsigned endpoints(未签名端点)	2025-05-26 00:00
5.Certifried	2025-05-26 00:01
【MOC】AD CS	2025-10-13 16:54	#moc, #ADCS

📁 Movement/9-AD-CS/ESC

📄 文件名14	📅 创建时间	🏷️ 标签
ESC16	2025-05-26 00:03	#ADCS, #ESC16
ESC3	2025-06-25 15:31	#ESC3, #ADCS
ESC15	2025-06-27 19:52	#ADCS, #ESC15
ESC9	2025-07-07 23:04	#ADCS, #ESC9
ESC14	2025-07-08 11:18	#ADCS, #ESC14
ESC10	2025-07-21 17:12	#ESC10, #ADCS
ESC1	2025-08-08 00:19	#ESC1, #ADCS
ESC2	2025-10-13 16:55	#ESC2, #ADCS
ESC4	2025-10-13 17:00	#ESC4, #ADCS
ESC5	2025-10-13 17:00	#ESC5, #ADCS
ESC6	2025-10-13 17:04	#ESC6, #ADCS
ESC7	2025-10-13 17:04	#ESC7, #ADCS
ESC8	2025-10-13 17:04	#ADCS, #ESC8
ESC11	2025-10-13 17:06	#ESC11, #ADCS

📁 Privilege Escalation/User Rights

📄 文件名4	📅 创建时间	🏷️ 标签
SeManageVolumePrivilege	2025-06-25 09:48	#SeManageVolumePrivilege
SeImpersonatePrivilege	2025-10-13 19:16	#SeImpersonatePrivilege, #PrivilegeEscalation, #土豆提权
SeBackupPrivilege	2025-10-13 19:19	#SeBackupPrivilege, #PrivilegeEscalation
SeEnableDelegationPrivilege	2025-10-13 23:40	#SeEnableDelegationPrivilege, #PrivilegeEscalation, #Delegation

📁 Reconnaissance

📄 文件名14	📅 创建时间	🏷️ 标签
Domain Recon	2025-05-09 23:41	#信息收集, #内网安全, #域渗透
DHCP	2025-05-09 23:42	#DHCP, #信息收集, #域渗透
DNS	2025-05-09 23:43	#信息收集, #域渗透, #DNS
NBT-NS	2025-05-09 23:43	#信息收集, #域渗透, #NBT-NS
Responder	2025-05-09 23:43	#域渗透, #Responder, #NTLM-relay
LDAP	2025-05-09 23:43	#LDAP, #信息收集, #域渗透
BloodHound	2025-05-09 23:44	#域渗透, #信息收集, #Bloodhound分析
MS-RPC	2025-05-09 23:45	#MS-RPC, #信息收集, #域渗透, #RID-Cycling, #IObjectExporter
Enum4linux	2025-05-09 23:45	#Enum4linux, #域渗透, #信息收集
密码策略	2025-05-09 23:45	#信息收集, #域渗透, #密码策略
Common AD Ports	2025-05-09 23:51	#端口扫描, #信息收集, #域渗透
NFS	2025-07-20 22:55	#NFS, #信息收集
SMB Null Session	2025-08-07 22:13	#SMB, #信息收集, #SMB空会话
ISAKMP udp(500)	2025-09-21 11:35	#ISAKMP, #IPSEC, #IKE

📚【MOC】活动目录

1. MOC

📂 未分类

📁 0-About

📁 6-补充

📁 7-sudo提权

📁 Movement

📁 Movement/1-Credentials

📁 Movement/1-Credentials/1-Dumping

📁 Movement/2-MITM coerced-auths

📁 Movement/3-NTLM

📁 Movement/4-Kerberos

📁 Movement/4-Kerberos/Delegations

📁 Movement/4-Kerberos/Forged tickets

📁 Movement/5-DACL abuse

📁 Movement/6-Netlogon

📁 Movement/7-Trusts

📁 Movement/8-组策略

📁 Movement/9-AD-CS

📁 Movement/9-AD-CS/ESC

📁 Privilege Escalation/User Rights

📁 Reconnaissance

📚
【MOC】活动目录