Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Active Directory is the primary target in corporate Windows environments. This section covers the full AD attack chain — enumeration, credential attacks, lateral movement, persistence, certificate abuse, and cross-domain trust exploitation. Quick reference for engagements and CTFs focused on Windows domain environments.What’s Inside
Enumeration
AD enumeration with PowerView, ldapsearch, rpcclient, enum4linux, windapsearch, and adidnsdump.
Attacks
Kerberoasting, AS-REP Roast, Pass-the-Hash, Pass-the-Ticket, Golden/Silver Ticket, DCSync, NTLM relay, Responder, delegation abuse, Zerologon, PetitPotam, PrintNightmare, password spraying, and GPP passwords.
Lateral Movement
PsExec, WMIExec, SMBExec, Evil-WinRM, DCOM, and RDP session hijacking.
Persistence
ACL abuse, AdminSDHolder, DSRM backdoor, Skeleton Key, and SID History injection.
ADCS
Certificate Services exploitation — ESC1 through ESC8 with Certify and Certipy.
Trust Attacks
Parent-child escalation, cross-forest attacks, SID filtering bypass, and trust key abuse.
BloodHound
Installation, collectors, Cypher queries, attack paths, edges, OPSEC, and custom queries.
Techniques documented for use in authorized environments only. Labs, CTF platforms, and systems with explicit permission to test.