OSCP Practice Lab: Active Directory Attack Path π₯οΈ
Explore a practical Active Directory attack path for OSCP prep in a home lab setting. Useful for learners seeking hands-on experience.

Derron C
112.8K views β’ Oct 20, 2023

About this video
Putting this out there as I searched around and didn't find a lot of content on practicing Active Directory attacks in a home lab. This walks through one of the paths to complete domain compromise I practiced for passing the OSCP.
The link to setting up this lab environment is here: https://youtu.be/ael3g9RIX-U
If there's enough interest I may generate some videos of my other AD attacks also.
0:00 Intro
1:30 OpenVPN
3:21 Start the Attack!
5:20 MS01 Enumeration
21:55 MS01 Application Exploit
28:16 MS01 Initial Foothold
33:35 MS01 Priv Esc Hunting
38:25 MS01 Priv Esc
47:50 Notes
50:33 Active Directory Enumeration
55:45 Pivoting with Ligolo-NG
1:05:04 Domain Controller Enumeration
1:14:10 Kerberoasting and AS-REP Roasting
1:19:27 Password Cracking with Hashcat
1:25:50 Credential Spraying with CrackMapExec
1:29:37 Crack Encrypted Zip File with JohnTheRipper
1:36:08 Credential Spraying with CrackMapExec
1:37:28 MS02 Initial Foothold with PSExec
1:45:05 MS02 Enumeration
1:46:40 MS02 Credential Dump with secretsdump
1:49:35 Domain Pwnage with evil-winrm
1:54:54 Recap
The link to setting up this lab environment is here: https://youtu.be/ael3g9RIX-U
If there's enough interest I may generate some videos of my other AD attacks also.
0:00 Intro
1:30 OpenVPN
3:21 Start the Attack!
5:20 MS01 Enumeration
21:55 MS01 Application Exploit
28:16 MS01 Initial Foothold
33:35 MS01 Priv Esc Hunting
38:25 MS01 Priv Esc
47:50 Notes
50:33 Active Directory Enumeration
55:45 Pivoting with Ligolo-NG
1:05:04 Domain Controller Enumeration
1:14:10 Kerberoasting and AS-REP Roasting
1:19:27 Password Cracking with Hashcat
1:25:50 Credential Spraying with CrackMapExec
1:29:37 Crack Encrypted Zip File with JohnTheRipper
1:36:08 Credential Spraying with CrackMapExec
1:37:28 MS02 Initial Foothold with PSExec
1:45:05 MS02 Enumeration
1:46:40 MS02 Credential Dump with secretsdump
1:49:35 Domain Pwnage with evil-winrm
1:54:54 Recap
Video Information
Views
112.8K
Likes
3.5K
Duration
01:57:02
Published
Oct 20, 2023
User Reviews
4.7
(22) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
No specific trending topics match this video yet.
Explore All Trends