Active Directory Attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
Overall
score
18%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Active Directory Attacks
Purpose
Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege escalation, and domain dominance for red team operations and penetration testing.
Inputs/Prerequisites
- Kali Linux or Windows attack platform
- Domain user credentials (for most attacks)
- Network access to Domain Controller
- Tools: Impacket, Mimikatz, BloodHound, Rubeus, CrackMapExec
Outputs/Deliverables
- Domain enumeration data
- Extracted credentials and hashes
- Kerberos tickets for impersonation
- Domain Administrator access
- Persistent access mechanisms
Essential Tools
| Tool | Purpose |
|---|---|
| BloodHound | AD attack path visualization |
| Impacket | Python AD attack tools |
| Mimikatz | Credential extraction |
| Rubeus | Kerberos attacks |
| CrackMapExec | Network exploitation |
| PowerView | AD enumeration |
| Responder | LLMNR/NBT-NS poisoning |
Core Workflow
🧠 Knowledge Modules (Fractal Skills)
1. Step 1: Kerberos Clock Sync
2. Step 2: AD Reconnaissance with BloodHound
3. Step 3: PowerView Enumeration
4. Password Spraying
5. Kerberoasting
6. AS-REP Roasting
7. DCSync Attack
8. Pass-the-Ticket (Golden Ticket)
9. Silver Ticket
10. Pass-the-Hash
11. OverPass-the-Hash
12. Responder + ntlmrelayx
13. SMB Signing Check
14. ESC1 - Misconfigured Templates
15. ESC8 - Web Enrollment Relay
16. ZeroLogon (CVE-2020-1472)
17. PrintNightmare (CVE-2021-1675)
18. samAccountName Spoofing (CVE-2021-42278/42287)
19. Example 1: Domain Compromise via Kerberoasting
20. Example 2: NTLM Relay to LDAP
- Repository
- github.com/Dokhacgiakhoa/antigravity-ide
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.