Active Directory Attack Lab: Recon-to-Root

This step-by-step lab walks you through real-world AD attack techniques—starting with port scans and ending in full domain compromise using tools like nmap, kerbrute, evil-winrm, and BloodHound. Perfe

Active Directory Lab Overview

Key Activities

  • Service Enumeration

  • Exploit misconfigurations and weak credentials

  • Abusing Active Directory features for full control

Tools We'll Use

  • Reconnaissance: Nmap

  • Enumeration: smbclient, ldapsearch, kerbrute

  • Exploitation: netxexc, evil-winrm

  • Privilege Escalation: ldapdomaindump, BloodHound, winPEAS

  • Post-Exploitation: Windows CLI, RPC Commands

Note: All required files and tools for this lab are preloaded and can be found on the kali Desktop

Attacker IP: 10.0.15.99                                                                                         
Target IP: 192.168.10.4
PreviousEnd-to-End Alert Automation: Wazuh → Shuffle → TheHiveNextReconnaissance Phase

Last updated