Active Directory Enumeration

They say knowledge is power-but in Active Directory, knowledge is recon.

Welcome to Active Directory Enumeration: Tools and Techniques for Recon and Mapping, the second book in my Active Directory Exploited: The Complete Ethical Hacker's Collection-a full-spectrum journey through the art (and mischief) of ethical hacking inside enterprise identity systems.

What You'll Learn

In Active Directory Enumeration: Tools and Techniques for Recon and Mapping, you'll move from recon novice to directory detective. Each chapter is packed with practical examples, hands-on techniques, and real-world lessons learned from years of ethical hacking engagements.

Here's a sneak peek at what's inside:

• Chapter 1: Enumeration Fundamentals & Recon Methodology - Learn how to think like a recon pro, craft a checklist, and survive your first engagement without breaking anything important.
• Chapter 2: Environment Discovery - Scan networks, identify hosts, and spot domain controllers like a pro.
• Chapter 3: LDAP & AD Querying - Speak fluent LDAP, master filters, and uncover hidden objects.
• Chapter 4: Windows Tools - Rediscover built-in gems like net, nltest, and PowerShell's Get-AD* cmdlets.
• Chapter 5: PowerSploit & PowerView - Use PowerShell's dark arts for safe, automated enumeration.
• Chapter 6: BloodHound - Visualize relationships, attack paths, and privilege chains that connect the AD kingdom.
• Chapter 7: DNS Discovery - Decode AD's gossip network: SRV records, zones, and misconfigurations galore.
• Chapter 8: SPNs & Kerberos - Find service accounts, spot Kerberoastable targets, and understand authentication at its finest.
• Chapter 9: ACLs & Permissions - Read AD's fine print: permissions, delegations, and abusable ACEs explained with a sense of humor.
• Chapter 10: Group Policy Enumeration - Crawl through GPOs, discover risky settings, and appreciate the chaos of inheritance.
• Chapter 11: Hybrid Enumeration - Connect the dots between on-prem and Azure AD for hybrid identity recon.
• Chapter 12: Automation & Reporting - Turn messy recon data into clean, actionable intelligence that clients and defenders actually love.
• Appendix: Practical Labs & Cheat Sheets - Build your own AD lab, practice ethically, and master your tools in a safe environment.

• Active Directory Hacking: Initial Access Techniques for Ethical Hackers
• Privilege Escalation in Active Directory
• Lateral Movement in Active Directory
• Persistence in Active Directory
• Hacking Hybrid Environments
• Active Directory Defense
• Red Team Operations in Active Directory
• Active Directory Hacking Lab Manua