Courses
OffensiveIntermediate
Active Directory Enumeration
Enumerate Active Directory through LDAP, RPC, and native tools.
8 modules
18 lessons
10 practical tasks
About This Course
Explore and understand techniques for querying and enumerating Active Directory environments. From foundational LDAP queries through advanced matching rules, bitwise filters and operational attributes to comprehensive session discovery, trust mapping and infrastructure enumeration. Learn to extract actionable intelligence from AD using ldapsearch, PowerShell, net commands, RPC tools and specialized offensive frameworks.
What You'll Learn
- Construct basic and advanced LDAP queries using ldapsearch, PowerShell, and extensible match syntax
- Enumerate users, groups, computers, and OUs through LDAP, RPC, WMI, and native Windows tools
- Discover active sessions using qwinsta, NetSessionEnum, NetWkstaUserEnum, and remote registry
- Analyze ACLs and DACLs to identify privilege escalation paths including DCSync permissions
- Map domain trusts, Group Policy Objects, and delegation configurations across the forest
- Enumerate SPNs, DNS records, shares, certificate templates, and infrastructure resources
- Apply advanced matching rules for bitwise filters, recursive group resolution, and operational attributes
Prerequisites
- Windows and Active Directory fundamentals
- Basic PowerShell proficiency
- Command-line experience (Windows and Linux)
- Networking basics (TCP/IP, DNS, LDAP)