| Category | Tools / Commands | | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | | AD Check | `dsregcmd /status` | | [[AD Enumeration]] | fping, nmap, smbclient, ldapsearch,<br>rpcclient, enum4linux, [[Kerbrute]], <br>crackmapexec, [[BloodHound]], [[PowerView.ps1]] | | Harvesting & Brute-forcing Tickets | [[Rubeus]] | | [[AS-REP Roasting]] | [[Rubeus]], [[GetNPUsers.py]] | | [[Kerberoasting]] | [[Rubeus]], [[GetUserSPNS.py]], [[targetedKerberoast]] | | [[Pass the Ticket]] | [[Mimikatz]] | | [[Golden & Silver Ticket Attack]] | [[Mimikatz]] | | [[Kerberos Backdoor - Skeleton Key]] | [[Mimikatz]] | | Group Policy Object exploit | [[SharpGPOAbuse]] | | Active Directory Certificate Services exploit | [[Certipy]], [[Certify.exe]] | | | | | BloodHound | | | - GenericWrite | [[targetedKerberoast]] | | -- 비밀번호 변경 | [[rpcclient]] |