https://blog.akmee.xyz/tags/active-directory/Recent content in Active-Directory on tomato's blogHugoen-usMon, 20 Apr 2026 14:48:49 -0300https://blog.akmee.xyz/writeups/active/pirate/Thu, 19 Mar 2026 12:35:58 -0300https://blog.akmee.xyz/writeups/active/pirate/Pirate is a hard Windows Active Directory machine that covers a wide range of modern offensive techniques across two network segments. The attack path demands solid enumeration skills and a good understanding of how Kerberos, NTLM, and AD delegation mechanisms behave under the hood. Expect to work through legacy misconfigurations, credential abuse, network pivoting, and a creative privilege escalation chain before landing on the Domain Controller.https://blog.akmee.xyz/writeups/retired/scepter/Mon, 12 May 2025 00:00:00 +0000https://blog.akmee.xyz/writeups/retired/scepter/Scepter is a hard Windows Active Directory machine where initial access comes from cracking encrypted .pfx files found on an exposed NFS share. From there, the path to root chains two ADCS vulnerabilities — ESC9 and ESC14 — abusing certificate template misconfigurations and UPN/email attribute manipulation to impersonate privileged users and ultimately DCSync the domain.