About Active Directory

Active Directory Structure

Components

  • Schema - Defines objects and their attributes

  • Query and index Mechanism - Provides searching and publication of objects

  • Global Catalog - Contains information about every object in directory

  • Replication Services - Distributes information across domain Controllers

Forest, Domains and Organizational Units OUs

A forest which is a security boundary - may contain multiple domian and each domain contain multiple OUs

Powershell

Based on .NET framework and is tightly integrated in with windows

Its not the Blue color command line we find that is powershell.exe. Powershell is System.Management.Automation.dll

Loading Powershell

To load a module using dot sourcing:

. .\PowerView.ps1

A module (or a script) can be imported by using:

Import-Module PowerView.ps1

To get output of all the commands in list:

Get-Command -Module <modulename>

Using Powershell And AD

  • [ADSI]

  • .NET Classes -> System.DirectoryServices.ActiveDirectory

  • Native Executables

  • WMI using Powershell

  • Active Directory Module

IMPORT: Powershell Detections in Windows

  • System-Wide transcription

  • Script Block Logging

  • AntiMalware Scan Interface

  • Constrained Language Mode (CLM) - Integrated with Applocker and WDAC (Device gaurd)

PreviousAV BypassNextNTLM Authentication

Last updated