This directory contains a comprehensive, production-ready guide for conducting Active Directory penetration tests using the ADBasher framework.
The guide is organized into the following files for better manageability:
Contains sections 1-4:
- Section 1: Introduction and Prerequisites
- Section 2: Reconnaissance and Information Gathering
- Section 3: Enumeration Techniques
- Section 4: Credential Access and Harvesting
Organized in separate files for easier navigation:
-
Section 5: Privilege Escalation Paths
- Exploiting misconfigurations
- ACL abuse techniques
- GPO manipulation
- Delegation attacks (unconstrained, constrained, RBCD)
-
- Pass-the-Hash and Pass-the-Ticket
- Remote code execution methods (WMIExec, PSExec, AtExec, SMBExec)
- Session hijacking
- Golden and Silver Ticket attacks
-
Section 7: Persistence Mechanisms
- Backdoor accounts
- Skeleton keys and directory replication
- AdminSDHolder abuse
- DCSync rights persistence
-
- Real-world penetration test scenario (external to Domain Admin)
- Lessons learned and common pitfalls
- Statistics from 50+ real engagements
-
- Key takeaways and essential principles
- ADBasher workflow summary
- Further resources (tools, training, communities)
-
- Pre-engagement checklist
- Post-engagement and cleanup checklist
- ADBasher command reference guide
-
Read the main guide first: Start with AD_PENETRATION_TESTING_GUIDE.md for foundational concepts and initial phases
-
Follow the attack lifecycle: Progress through sections sequentially as they match the typical penetration testing workflow
-
Reference appendices: Use Section 10 command reference during execution
-
Review case studies: See Section 8 for real-world application examples
This guide provides:
✅ Comprehensive Coverage - Complete AD attack lifecycle from reconnaissance to persistence
✅ Practical Examples - ADBasher commands with expected outputs and success criteria
✅ OPSEC Guidance - Detection likelihood ratings and evasion techniques
✅ Production-Ready - Immediately usable in authorized penetration tests
✅ Real-World Context - Case studies, statistics, and lessons learned
✅ Complete Checklists - Pre/post-engagement procedures for professional delivery
- Penetration Testers
- Red Team Operators
- Security Consultants
- Security Researchers
- Basic Active Directory knowledge
- Linux command line proficiency (Kali/Parrot)
- Understanding of network protocols (SMB, LDAP, Kerberos)
- Python 3.10+
- ADBasher framework installed
This guide is designed to be used:
-
During engagements: As a field reference for commands and techniques
-
For training: Teaching AD penetration testing methodology
-
For planning: Understanding attack paths and estimating effort
-
For reporting: Remediation guidance and detection recommendations
[!CAUTION] > AUTHORIZED USE ONLY: This guide is for legal, authorized security assessments only. Unauthorized access to computer systems is illegal. Always obtain written authorization before conducting any penetration testing activities.
docs/
├── AD_PENETRATION_TESTING_GUIDE.md ← Start here (Sections 1-4)
├── sections/
│ ├── 05_privilege_escalation.md
│ ├── 06_lateral_movement.md
│ ├── 07_persistence.md
│ ├── 08_case_studies.md
│ ├── 09_conclusion.md
│ └── 10_appendices.md
└── README.md ← This file
If you discover errors, have suggestions for improvements, or want to contribute additional case studies, please submit issues or pull requests to the main ADBasher repository.
Version: 1.0
Last Updated: December 12, 2025
Framework Version: ADBasher 1.0
Start Reading: AD Penetration Testing Guide - Main Document