> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> Enumeration and attack techniques against Active Directory environments.

## Overview

Active Directory is the primary target in corporate Windows environments. This section covers the full AD attack chain — enumeration, credential attacks, lateral movement, persistence, certificate abuse, and cross-domain trust exploitation.

Quick reference for engagements and CTFs focused on Windows domain environments.

***

## What's Inside

<CardGroup cols={2}>
  <Card title="Enumeration" icon="magnifying-glass" href="/active-directory/enumeration/enum-ad">
    AD enumeration with PowerView, ldapsearch, rpcclient, enum4linux, windapsearch, and adidnsdump.
  </Card>

  <Card title="Attacks" icon="bomb" href="/active-directory/attacks/kerberoasting">
    Kerberoasting, AS-REP Roast, Pass-the-Hash, Pass-the-Ticket, Golden/Silver Ticket, DCSync, NTLM relay, Responder, delegation abuse, Zerologon, PetitPotam, PrintNightmare, password spraying, and GPP passwords.
  </Card>

  <Card title="Lateral Movement" icon="arrows-left-right" href="/active-directory/lateral/psexec">
    PsExec, WMIExec, SMBExec, Evil-WinRM, DCOM, and RDP session hijacking.
  </Card>

  <Card title="Persistence" icon="anchor" href="/active-directory/persistence/acl-abuse">
    ACL abuse, AdminSDHolder, DSRM backdoor, Skeleton Key, and SID History injection.
  </Card>

  <Card title="ADCS" icon="certificate" href="/active-directory/adcs/adcs-overview">
    Certificate Services exploitation — ESC1 through ESC8 with Certify and Certipy.
  </Card>

  <Card title="Trust Attacks" icon="link" href="/active-directory/trusts/domain-trusts">
    Parent-child escalation, cross-forest attacks, SID filtering bypass, and trust key abuse.
  </Card>

  <Card title="BloodHound" icon="diagram-project" href="/active-directory/bloodhound/installation">
    Installation, collectors, Cypher queries, attack paths, edges, OPSEC, and custom queries.
  </Card>
</CardGroup>

***

<Note>
  Techniques documented for use in authorized environments only. Labs, CTF platforms, and systems with explicit permission to test.
</Note>
