📚
【MOC】活动目录

1. MOC

📂 未分类

📄 文件名15📅 创建时间🏷️ 标签
钻石票据&蓝宝石票据2025-03-14 21:19#AD域, #内网安全, #黄金票据, #白银票据, #钻石票据, #蓝宝石票据, #小迪安全学习笔记
AD CS2025-03-14 21:19#域渗透, #证书, #委派安全
CDN绕过技巧2025-03-14 21:19#CDN, #信息收集
CTF中各种花式绕过2025-03-14 21:19#ctf, #Bypass
HasSession2025-03-14 21:19#HasSession, #域渗透, #Bloodhound分析
SIDHistory2025-03-14 21:19#域渗透, #Bloodhound分析
Bypass rbash2025-03-14 21:19#rbash, #shell
Redis dll劫持2025-03-14 21:19#dll劫持
SeLoadDriverPrivilege2025-03-14 21:19#SeLoadDriverPrivilege, #windows提权
代理池搭建与爆破2025-03-14 21:19#隧道代理, #代理池, #爆破
默认受保护组2025-03-14 21:19#默认受保护组
水坑攻击2025-04-27 22:29#水坑攻击, #权限维持
SNMP利用2025-08-04 23:38#SNMP
【收集】2025-09-21 00:06#input
Active Directory Overview2026-03-06 23:27#AD

📁 6-补充

📄 文件名19📅 创建时间🏷️ 标签
1.LSA、SAM、NTDS区别2025-06-26 18:46#渗透姿势库
2.活动目录2025-06-28 13:03#AD域
kerberos web Authentication2025-10-01 19:59#kerberos, #web
firefox 配置 negotiate-auth2025-10-01 20:24#negotiate-auth, #kerberos, #firefox
SPN2025-10-12 20:58#SPN
evil-winrm2025-10-24 23:26#winRM
evil-winrm-py2025-10-24 23:51#evil-winrm
Windows Permission Inheritance2025-10-26 01:40#windows, #DACL, #inhertance
Volume Shadow Copies2025-10-28 00:29#SecretsDump, #VolumeShadowCopies
WSL2025-11-01 01:47#WSL
Erlang2025-11-02 22:31#erlang, #EPMD
NTFS隐写2025-11-19 23:24#MISC, #NTFS隐写
GPP Password2025-11-20 00:05#GPP_Password
Microsoft Access2025-11-22 00:08
Linux SSSD2026-01-04 23:43#LInux_SSSD, #krb5_keytab
pyc poisoning2026-01-13 14:13#PYC_Poisoning, #权限维持
Shell Arithmetic Command Injection2026-01-13 14:26#Command_Injection, #shell
Python exploit2026-01-14 22:49#python, #hijacking, #pyc, #PYC_Poisoning
如何把本地计算机加入域2026-01-16 20:35#AD域

📁 7-sudo提权

📄 文件名2📅 创建时间🏷️ 标签
1.Mosh2025-08-05 00:25#Mosh
2.npbackup-cli2025-08-20 00:12#npbackup-cli

📁 Evasion

📄 文件名1📅 创建时间🏷️ 标签
AppLocker2025-03-14 21:19#AppLocker, #应用程序控制策略

📁 Movement

📄 文件名2📅 创建时间🏷️ 标签
WSUS2026-01-04 01:41#LPE, #WSUS
AutoLogon2026-01-27 14:47#AutoLogon

📁 Movement/1-Credentials

📄 文件名3📅 创建时间🏷️ 标签
DCSync2025-03-14 21:19#域渗透, #DCSync
SAM & LSA secrets2025-03-14 21:19#域渗透
Secrets dump2025-03-15 16:31#域渗透

📁 Movement/1-Credentials/1-Dumping

📄 文件名1📅 创建时间🏷️ 标签
2.DPAPI secrets2025-05-21 22:10#域渗透, #内网凭证, #DPAPI

📁 Movement/2-MITM coerced-auths

📄 文件名8📅 创建时间🏷️ 标签
00-MITM coerced-auths(中间人攻击与强制认证)2025-05-25 23:25#域渗透, #MITM
1.arp欺骗2025-05-25 23:28
2.DNS欺骗2025-05-25 23:29
3.DHCPv6欺骗2025-05-25 23:29
4.WSUS 欺骗2025-05-25 23:29
LLMNR NBT-NS mDNS Response Spoofing2025-05-25 23:29#LLMNR/NBT-NS_Resonse_spoofing, #LLMNR
ADIDNS poisoning2025-05-25 23:30#ADIDNS_poisoning
7.WPAD欺骗2025-05-25 23:30

📁 Movement/3-NTLM

📄 文件名4📅 创建时间🏷️ 标签
NTLM Relay2025-03-14 21:19#NTLM_Relay
PTH2025-03-14 21:19#PTH
NTLM Capture2025-05-25 23:32#NTLM_Relay
NTLM Reflection2025-10-14 10:34#CVE-2025-33073, #NTLM_Reflection

📁 Movement/4-Kerberos

📄 文件名20📅 创建时间🏷️ 标签
11.Pass the Certificate2025-03-14 21:19#PTC
AS-REPRoasting2025-03-14 21:19#AS-REPRoasting, #域渗透, #Kerberoast, #Targeted_AS-REPRoasting
kerbeos Enumeration2025-03-14 21:19#域渗透, #横向移动, #kerbrute爆破, #Kerberos
Kerberoasting2025-03-14 21:19#域渗透, #SPN, #Kerberoast, #Kerberoast_without_pass
Kerberos原理2025-03-14 21:19#kerberos, #域渗透, #票据, #Kerberos
1.Pre-auth bruteforce2025-05-25 23:33
2.Pass the key2025-05-25 23:34
3.Overpass the hash2025-05-25 23:35
Pass-the-Ticket2025-05-25 23:35
5.Pass the cache2025-05-25 23:36
Kerberos Relay2025-05-25 23:36#Kerberos, #Kerberos_Relay
9.Shadow Credentials(影子凭据)2025-05-25 23:47
10.UnPAC the hash2025-05-25 23:48
12.sAMAccountName spoofing2025-05-25 23:50
13.SPN-jacking2025-05-25 23:51
Targeted Kerberoasting2025-05-25 23:55#Kerberos, #kerberoasting, #DACL_Abuse, #kerberos
Kerberos 'Double Hop'2026-03-04 21:46#Kerberos_Double_Hop, #PSCredential, #PSSession
Hardening Kerberos2026-03-06 16:48#Kerberos, #AS-REPRoasting, #kerberoasting, #Delegation, #GoldTicket, #SilverTicket, #pass-the-Ticket
Kerberos Detection2026-03-06 18:48#kerberos
【MOC】Kerberos2026-03-06 23:17#moc, #kerberos

📁 Movement/4-Kerberos/Delegations

📁 Movement/4-Kerberos/Forged tickets

📄 文件名6📅 创建时间🏷️ 标签
Golden Ticket2025-05-12 12:05#kerberos, #域渗透, #票据, #权限维持, #横向移动
silver ticket2025-05-12 12:16#横向移动, #权限维持, #域渗透, #票据
3.钻石票据2025-05-25 23:38
4.蓝宝石票据2025-05-25 23:39
5.RODC黄金票据2025-05-25 23:40
6.MS14-0682025-05-25 23:42#kerberos, #trcket

📁 Movement/5-DACL abuse

📄 文件名16📅 创建时间🏷️ 标签
AddMember2025-05-25 23:55#AD域
2.ForceChangePassword2025-05-25 23:55#AD域, #DACL_Abuse
4.ReadLAPSPassword2025-05-25 23:55#ReadLAPSPassword
5.ReadGMSAPassword2025-05-25 23:55#gMSA
6.WriteOwner2025-05-25 23:56#DACL_Abuse, #grant-ownership, #Ownership, #WriteOwner
7.Grant rights2025-05-25 23:56
8.Logon script2025-05-25 23:56
9.Rights on RODC object2025-05-25 23:56
10.GPOAbuse2025-07-07 11:43#GPOAbuse
11.All attributes2025-07-20 21:34#attributes, #DACL_Abuse, #手动枚举
GenericWrite2025-10-22 01:10#DACL_Abuse, #DACL, #GenericWrite
nTSecurityDescriptor2025-10-24 10:48#ACL, #windows
GenericAll2025-10-25 00:31#DACL
Write Dacl2025-10-25 01:28#DACL
UPN Spoofing2026-01-19 16:29#UPN_Spoofing, #LInux_SSSD, #kerberos, #GSSAPI, #SSPI, #DACL_Abuse
Write Property2026-03-05 21:10#input

📁 Movement/6-Netlogon

📄 文件名1📅 创建时间🏷️ 标签
Zerologon2025-05-11 22:06#zerologon, #横向移动, #域渗透, #netlogon

📁 Movement/7-Trusts

📄 文件名3📅 创建时间🏷️ 标签
信任关系2025-05-25 23:57
AD Trusts Expliot2025-10-08 21:39#AD域, #Trusts
Mssql_links Abuse in AD Trusts2025-10-08 21:59#MSSQL, #Trusts

📁 Movement/8-组策略

📄 文件名1📅 创建时间🏷️ 标签
组策略2025-05-25 23:57

📁 Movement/9-AD-CS

📄 文件名7📅 创建时间🏷️ 标签
ADCS Abuse2025-05-21 10:54
1.Certificate templates2025-05-25 23:58
2.Certificate authority(CA)2025-05-25 23:59
3.Access controls(访问控制)2025-05-25 23:59
4.Unsigned endpoints(未签名端点)2025-05-26 00:00
5.Certifried2025-05-26 00:01
【MOC】AD CS2025-10-13 16:54#moc, #ADCS

📁 Movement/9-AD-CS/ESC

📄 文件名14📅 创建时间🏷️ 标签
ESC162025-05-26 00:03#ADCS, #ESC16
ESC32025-06-25 15:31#ESC3, #ADCS
ESC152025-06-27 19:52#ADCS, #ESC15
ESC92025-07-07 23:04#ADCS, #ESC9
ESC142025-07-08 11:18#ADCS, #ESC14
ESC102025-07-21 17:12#ESC10, #ADCS
ESC12025-08-08 00:19#ESC1, #ADCS
ESC22025-10-13 16:55#ESC2, #ADCS
ESC42025-10-13 17:00#ESC4, #ADCS
ESC52025-10-13 17:00#ESC5, #ADCS
ESC62025-10-13 17:04#ESC6, #ADCS
ESC72025-10-13 17:04#ESC7, #ADCS
ESC82025-10-13 17:04#ADCS, #ESC8
ESC112025-10-13 17:06#ESC11, #ADCS

📁 Movement/LDAP

📄 文件名1📅 创建时间🏷️ 标签
LDAP Overview2026-03-06 23:24#LDAP

📁 Privilege Escalation/User Rights

📁 Reconnaissance

📄 文件名21📅 创建时间🏷️ 标签
Domain Recon2025-05-09 23:41#信息收集, #内网安全, #域渗透
DHCP2025-05-09 23:42#DHCP, #信息收集, #域渗透
DNS2025-05-09 23:43#信息收集, #域渗透, #DNS
NBT-NS2025-05-09 23:43#信息收集, #域渗透, #NBT-NS
Responder2025-05-09 23:43#域渗透, #Responder, #NTLM_Relay
LDAP Enum2025-05-09 23:43#LDAP, #信息收集, #域渗透
BloodHound2025-05-09 23:44#域渗透, #信息收集, #Bloodhound分析
MS-RPC2025-05-09 23:45#MS-RPC, #信息收集, #域渗透, #RID-Cycling, #IObjectExporter
Enum4linux2025-05-09 23:45#Enum4linux, #域渗透, #信息收集
Password policy2025-05-09 23:45#信息收集, #域渗透, #密码策略
Common AD Ports2025-05-09 23:51#端口扫描, #信息收集, #域渗透
NFS2025-07-20 22:55#NFS, #信息收集
SMB Null Session2025-08-07 22:13#SMB, #信息收集, #SMB空会话
ISAKMP udp(500)2025-09-21 11:35#ISAKMP, #IPSEC, #IKE
Pre-Windows 2000 computers2026-03-01 14:05#Pre-Windows2000, #pre2k
LDAP Anonymous Bind2026-03-03 00:14#LDAP_Anonymous_Bind
SMB Signing2026-03-03 21:06#SMB
LDAP Signing&Channel Binding2026-03-03 21:07#LDAP
MachineAccountQuota2026-03-03 21:09#MachineAccountQuota
Domain Controller Coercion2026-03-03 23:18#PrinterBug, #PetitPotam, #ShadowCoerce, #DFSCoerce
SMB Shares2026-03-03 23:28#SMB_Shares, #SMB