Using Netexec LDAP Protocol

Overview and demonstration of how to use Netexec with the LDAP protocol against Active Directory hosts within a home lab environment. ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 00:00 Intro 00:47 Authentication - Overview 01:44 Generate Hosts File 03:00 LDAP Help Option & Overview 04:09 User Enumeration 05:02 User Enumeration Export 05:51 Active Users Enumeration 07:00 Asreproast 08:25 Kerberoasting 10:04 LDAP Queries 13:57 Find Delegation 15:00 Trusted For Delegation 15:32 Constrained Delegation Abuse Executed (SMB) 19:49 Admin Count Enumeration 20:04 Password Policy Enumeration 20:21 GMSA Enumeration 22:14 Group Enumeration 23:23 Computer Enumeration 24:15 Domain Controller List 24:42 Domain SID Enumeration 25:12 Bloodhound 27:10 LDAP Modules Overview 28:16 Machine Account Quota Module 29:02 Certipy Find Module 30:53 ESC8 Abuse 33:56 User Description Module 35:25 DACL Read Module 40:09 Conclusion Links from the Video Netexec Wiki: https://www.netexec.wiki/ LDAP Search Filter Syntax: https://learn.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax User Account Control Flags: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/useraccountcontrol-manipulate-account-properties Group Managed Service Accounts (gMSA) Overview: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/group-managed-service-accounts/group-managed-service-accounts/group-managed-service-accounts-overview