Login
Download
Skill UI
Browse and discover
11127+
curated skills
All
Development
Artificial Intelligence
Design & Creative
Product & Business
Data Science
Marketing
Soft Skills
Productivity
Engineering
Languages
Search
Domain Controller
, found
7
results
Default
Newest
Most Downloaded
Detect AD ACL Abuse and Misconfigurations
analyzing-active-directory-acl-abuse
mukul975/Anthropic-Cybersecurity-Skills
68
This skill analyzes Active Directory (AD) Access Control Lists (ACLs) to detect dangerous misconfigurations. It uses the ldap3 Python library to query domain controllers, parse security descriptors (SDDL), and identify instances where non-privileged users or groups are granted dangerous permissions like GenericAll, WriteDACL, or WriteOwner on sensitive objects. Essential for security incident response and privilege escalation path discovery.
View Details
DCSync for Domain Persistence and Credential Dumping
conducting-domain-persistence-with-dcsync
mukul975/Anthropic-Cybersecurity-Skills
454
This skill details the advanced technique of DCSync, which exploits the Microsoft Directory Replication Service Remote Protocol (MS-DRSR) to impersonate a Domain Controller. It is primarily used in authorized red-teaming and penetration testing to dump sensitive credentials, extract the KRBTGT hash, and ultimately forge Golden Tickets, establishing deep domain persistence. Ideal for security auditors and offensive security professionals.
View Details
Detecting DCSync Attacks in Active Directory
detecting-dcsync-attack-in-active-directory
mukul975/Anthropic-Cybersecurity-Skills
259
This guide is crucial for threat hunters investigating Active Directory compromises. It details how to monitor Windows Security Event ID 4662 to detect unauthorized attempts by non-domain-controller accounts to access critical directory replication GUIDs. These anomalies are strong indicators of DCSync attacks, which are used by attackers (e.g., using Mimikatz) to dump hashes, perform lateral movement, and execute credential theft.
View Details
Exploiting Zerologon Vulnerability in Domain Controllers
exploiting-zerologon-vulnerability-cve-2020-1472
mukul975/Anthropic-Cybersecurity-Skills
451
This skill details the exploitation of the critical Zerologon vulnerability (CVE-2020-1472) found in the Microsoft Netlogon Remote Protocol. It allows an unauthenticated attacker to compromise a domain controller by resetting its machine account password. The guide covers the complete attack chain, including initial exploitation, credential dumping via DCSync, and subsequent privilege escalation in Active Directory environments. Used exclusively for authorized red teaming and security testing.
View Details
Detecting DCSync Attacks Via Event Logs
hunting-for-dcsync-attacks
mukul975/Anthropic-Cybersecurity-Skills
338
This guide details how to hunt for DCSync attacks, a technique used to steal password hashes from Active Directory. It involves analyzing Windows Event ID 4662 to identify unauthorized DS-Replication-Get-Changes requests originating from non-domain-controller accounts. Essential for incident response and threat detection.
View Details
Coercing Authentication with Coercer and PetitPotam
coercing-authentication-with-coercer-petitpotam
mukul975/Anthropic-Cybersecurity-Skills
175
This skill details how to forcefully coerce a target machine account (e.g., a Domain Controller) to authenticate to an attacker-controlled relay. It combines tools like Coercer and PetitPotam, leveraging various RPC protocols (MS-EFSR, MS-RPRN) to achieve NTLM relay. This technique ultimately enables domain compromise by forcing authentication into services like AD CS Web Enrollment (ESC8).
View Details
Relaying NTLM for ADCS ESC8 Attacks
relaying-ntlm-for-adcs-esc8
mukul975/Anthropic-Cybersecurity-Skills
136
This skill details the advanced red-teaming technique of exploiting Active Directory Certificate Services (AD CS) via the ESC8 path. By abusing the HTTP web-enrollment endpoint and relaying coerced NTLM credentials, an attacker can compel a domain controller to request a machine certificate. This certificate is then used to compromise the domain via PKINIT and DCSync.
View Details
1
Language
简体中文
English