5. Active Directory Authentication
NTLM Authentication
Active Directory (AD) supports multiple authentication protocols and techniques to verify the identity of Windows systems and users. Over time, some of these mechanisms have been deprecated or replaced. For example, older protocols like WDigest were commonly used in legacy versions of Windows but are no longer enabled by default …
Kerberos Authentication
Kerberos Authentication: How Windows Really Trusts You Kerberos is the primary authentication protocol used in modern Windows environments. Originally designed by MIT, Kerberos version 5 has been the default authentication mechanism in Windows domains since Windows 2000 and remains fundamental to Active Directory today.From a red team perspective, understanding Kerberos …
Cached AD Credentials
When attacking a Windows domain, one of the most valuable targets is cached authentication material. Modern Windows systems are designed for usability and performance, and features like Single Sign-On (SSO) rely heavily on credentials being stored in memory. From a red team perspective, this design choice creates a powerful opportunity. …
Password Attacks
In earlier modules, we explored password attacks against network services and hashed credentials. Now, we move into a far more common and realistic enterprise target: Active Directory (AD). From a red team perspective, AD password attacks are not about speed or brute force. They are about patience, stealth, and understanding …
AS-REP Roasting
Understanding Kerberos Pre-Authentication In an Active Directory environment, Kerberos is the primary authentication protocol.The authentication process begins when a client sends an AS-REQ (Authentication Service Request) to the Domain Controller (DC). If everything is correct, the DC responds with an AS-REP (Authentication Service Reply) containing two critical items:A session keyA …
Kerberoasting
4
Silver Tickets
5
Domain Controller Synchronization
6