AD MOC

Full attack chain for Active Directory. Local Windows privesc is in Windows MOC .

Recon #

• Enumeration
• BloodHound

Credential access #

• Kerberoasting
• AS-REP Roasting
• Password Spraying
• LLMNR & NTLM Relay

ACL and object abuse #

• ACL Abuse
• Delegation
• ADCS ESC1-16

Movement and dumping #

• Lateral Movement
• Credential Dumping
• DCSync

Trust and persistence #

• Trust Attacks
• Persistence

Support #

• LDAP
• Password Cracking
• Pivoting