Offensive LDAP
March 13, 2024 | drdrey
The main use for this cheat sheet is for when you are having trouble proxying/running tools during an engagement and need quick and easy ways to enumerate the domain. This cheatsheet will not dive into the methods to run the filters (some popular ones being `ldapsearch`, `dsquery`, and `ADSISearcher`) as there will be another post focusing on using PowerShell's ADSI for enumeration. The queries that will be shown below may reveal to you how most Active Directory tooling (i.e. PowerView, Rubeus, Certipy, etc.) works "under-the-hood" allowing you to make necessary adjustments or even develop your own tooling.
category: cheatsheets
Read More