Series: The Community's Red Team Post: 17 of 17 Tags: bloodhound, active directory, SharpHound, attack paths, AD, tools Read time: ~13 min Prerequisites: Post 01 — Methodology Overview, Post 14 — Impacket Active Directory is a maze. Thousands of users, hundreds of groups, dozens of computers, nested group memberships, ACL permissions, delegation rights, session data — the relationships between AD objects are too complex to map manually and too important to leave unmapped. A user who seems...

Series: The Community's Red Team Post: 16 of 17 Tags: ligolo-ng, pivoting, tunneling, network interface, proxychains, tools Read time: ~10 min Prerequisites: Post 15 — Chisel Post 15 covered Chisel — excellent for simple tunneling when you need a SOCKS proxy. Ligolo-ng solves the same problem differently, and the difference matters: instead of routing your traffic through proxychains, Ligolo-ng creates an actual virtual network interface on your attack machine. The result is that internal...

Series: The Community's Red Team Post: 15 of 17 Tags: chisel, pivoting, tunneling, SOCKS, proxychains, port forwarding, tools Read time: ~10 min Prerequisites: Post 01 — Methodology Overview You compromised a machine. That machine sits in a DMZ — it can reach the internal network, but your attack box cannot. The firewall allows outbound HTTP from the DMZ but blocks everything else. You need to get your tools into that internal network. Chisel builds an encrypted tunnel over HTTP. From the...