Active Directory Attacks

This document is a high-risk offensive playbook providing actionable instructions and commands to perform Active Directory attacks, credential theft, ticket forging, and enterprise deployment of malware via GPO/SCCM/WSUS/ADCS/ADFS. It contains explicit examples that create backdoor accounts and deploy payloads, as well as instructions to harvest and misuse highly sensitive secrets. Treat as malicious/hostile content: inclusion in a package or repository poses a severe security risk and should be removed or restricted to authorized red-team usage only.

This file is an explicit, actionable AD attack playbook intended for red-team or penetration testing. It does not contain hidden obfuscated malware or third-party exfiltration sinks, but it provides precise, high-impact instructions (DCSync, Mimikatz, Golden Ticket, NTLM relay, CVE exploits) that enable full domain compromise if executed by an operator with network access and/or credentials. Treat this as dual-use, high-risk content: allow only in authorized testing contexts, with approval, oversight, and proper containment. If found in a codebase or package, restrict distribution, notify stakeholders, and require explicit documentation of authorization for any use.