๐ฐ Module 5: Advanced Domain Takeover
Learn the most advanced techniques for complete domain compromise including DCSync, DCShadow, and ADCS attacks
๐งช Practice Advanced Techniques in GOAD
Use the GOAD lab to safely practice advanced domain takeover techniques.
๐ Learning Objectives
By the end of this module, you will be able to:
- Master DCSync attacks for credential extraction
- Execute DCShadow attacks for persistent domain manipulation
- Understand and exploit Active Directory Certificate Services
- Implement complete domain controller compromise
- Develop advanced persistence mechanisms
- Design comprehensive domain takeover strategies
๐ Module Prerequisites
Required Knowledge
- Complete understanding of Active Directory fundamentals (Modules 1-3)
- Mastery of Golden and Silver Ticket attacks (Module 4)
- Experience with Kerberos authentication and delegation
- Familiarity with ADCS (Active Directory Certificate Services)
- Understanding of domain replication and synchronization
๐ฏ Module Lessons
1
DCSync Attack
Master domain replication attacks for credential extraction
Key Topics:
- Directory Replication Service (DRS) Protocol
- DCSync Attack Methodology
- Credential Extraction Techniques
- NTDS.dit Database Manipulation
- Cross-Domain Replication Attacks
๐ Resources:
2
DCShadow Attack
Rogue domain controller attacks for persistent domain manipulation
Key Topics:
- DCShadow Attack Fundamentals
- Rogue Domain Controller Registration
- Domain Object Manipulation
- Persistent Backdoor Installation
- Advanced Persistence Techniques
๐ Resources:
3
ADCS Certificate Attacks
Advanced certificate-based attacks for domain compromise
Key Topics:
- Active Directory Certificate Services Overview
- ESC1-ESC8 Attack Techniques
- Certificate Template Exploitation
- NTLM Relay to ADCS
- Certificate-based Persistence
4
Domain Controller Compromise
Complete domain controller takeover and advanced persistence
Key Topics:
- Domain Controller Privilege Escalation
- NTDS.dit Extraction Techniques
- Domain Admin Group Manipulation
- Advanced Backdoor Installation
- Cross-Domain Trust Exploitation
๐งช Hands-On Labs
Lab 1: Complete Domain Takeover
Objective: Execute a full domain takeover using multiple attack vectors
Duration: 180 minutes
Expert
- Initial domain enumeration and privilege escalation
- DCSync attack for credential extraction
- Golden Ticket creation and injection
- DCShadow attack for persistent backdoors
- ADCS exploitation for certificate-based access
- Cross-domain trust exploitation
๐ External Resources:
Lab 2: Advanced Persistence Techniques
Objective: Implement multiple persistence mechanisms for long-term access
Duration: 120 minutes
Advanced
- DCShadow backdoor installation
- Certificate-based persistence
- Registry-based persistence mechanisms
- Service-based persistence
- Scheduled task persistence
- Cross-domain persistence techniques
๐ External Resources:
๐ Module Assessment
Final Module Assessment
Test your understanding of advanced domain takeover techniques with our comprehensive assessment.
35 Questions
90 minutes
85% to pass
Topics Covered:
- DCSync Attack Techniques
- DCShadow Attack Implementation
- ADCS Certificate Attacks
- Domain Controller Compromise