Get the app

Log in
BHIS Webcasts

·E2

Active Directory Attack Path in Action

January 19
1h 9m

Episode Description

Are small Active Directory misconfigurations putting you at risk?

đź”— Register for FREE Infosec Webcasts, Anti-casts & Summits – 

https://poweredbybhis.com


🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/01/SLIDES_Active-Directory-Attack-Path-in-Action.pdf

Antisyphon Training events featuring Alyssa & Kaitlyn
https://www.antisyphontraining.com/search/Alyssa%20Kaitlyn

Chapters

  • (00:00) - Intro - Active Directory Attack Path in Action
  • (02:06) - Alyssa and Kaitlyn Fun Facts
  • (02:43) - Webcast Overview
  • (03:34) - Web Services
  • (06:20) - Jenkins Env Hunter - Tool by Kent Ickler!
  • (07:53) - Test Credentials
  • (08:57) - Username Enumeration
  • (12:12) - Domain Enumeration
  • (14:11) - NetExec
  • (15:12) - BloodHound.py
  • (16:29) - SharpHound
  • (17:28) - ADExplorer
  • (19:30) - Convert Snapshot
  • (20:07) - BOFHound
  • (22:46) - Identify Attack Path
  • (23:55) - Abusing RBCD for Local Priviledge Escalation
  • (26:43) - Machine Account Quota
  • (27:40) - Resource-Based Constrained Delegation Expolitation Flow
  • (30:36) - Create Computer Object
  • (31:58) - Set Delegation
  • (33:22) - Delegation Attribute
  • (33:53) - Select a Target Account
  • (34:34) - Avoid Protected Users
  • (35:24) - Get Privileged TGS
  • (37:07) - Delegation Failure Example
  • (37:39) - Escalation Success
  • (39:18) - Dump local Secrets
  • (40:53) - Domain Admin Compromised
  • (41:39) - Attack Path Summary
  • (44:24) - Defensive Considerations
  • (45:42) - Related Antisyphon Courses
  • (46:08) - More Resources
  • (47:27) - Q&A Start
  • (50:03) - Alternative Path for Attackers
  • (51:30) - Whats the Assumed Compromize Course like?
  • (56:27) - Are Extended Test Timelines an advantage?
  • (57:51) - BHIS "Side Quest" capabilities
  • (58:55) - BHIS CPT On-Boarding Process
  • (01:02:29) - Getting the Ball Rolling on Test Assessments
  • (01:04:22) - The Price of Continous Pen Testing
  • (01:05:30) - Favorite Things About Customer CPTs

Join Kaitlyn Wimberley and Alyssa Snow (Black Hills Infosec – Continuous Penetration Testers) for a free one-hour webcast where they’ll walk through an example Active Directory attack path, from un-credentialed network access to Domain Administrator.

You’ll learn how attackers can escalate from un-credentialed access to Domain Admin, identify common misconfigurations, and understand how small weaknesses can combine to compromise your network.

Chat with your fellow attendees in the Black Hills Infosec Discord server:
https://discord.gg/BHIS
in the #đź”´live-chat channel.


Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

See all episodes

Never lose your place, on any device

Create a free account to sync, back up, and get personal recommendations.

Create account