This is a 200-level presentation that describes gathering information from Active Directory to assist a penetration tester in target selection, locating and leveraging common configuration mistakes to attack domain member computers and users, and post-exploitation activities. An emphasis is placed on using information that can be freely gathered by unprivileged users from Active Directory. This presentation assumes familiarity with the Windows security architecture and Active Directory.
Evan Anderson has worked in IT as a contract engineer since 1998. Presently he is a partner in Wellbury Information Services LLC of Dayton, OH, and provides network design, implementation, and system administration services to a variety of clients ranging from small business to Fortune 1000. He has performed reviews of network security architectures, application and network penetration testing, and delivered infosec-related training for clients in financial, medical, and public policy sectors.