Attacking Active Directory

Current Tradecraft


  • Mind-blown thesis-like post on Kerberos Delegation attack primitives, one of those you need to make it your “research” goal of the month to actually understand what it’s saying. It touches so many Kerberos concepts that a lot of parallel reading is required:



Create New Machine Account

PowerMad is a powershell script that leverages .NET calls to create new machine accounts.

Repo: Blog Post:

Tools and Scripts


Weaponized Docos

  • Evading EDR and decoupling Macro execution:

Reverse Shells

  • Reverse Shell Generator Online –>

Mail & SMTP

  • Test smtp relay:


There are bazillion ways of bruteforcing stuff on the web, let’s capture some here.

THC Hydra

Hydra is a parallelized password cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add:

Autobrute: make it easier to launch THC Hydra against Forms

Autobrute is a script that automates the time consuming process of forming a http-post-form

Process Injection


AMSI Bypass

  • Check to obfuscate powershell code


  • For Active Directory –>


Malware Tricks

ColdFire: Developing malware with Golang

A library that makes it easier than ever. It provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems


Kali Linux

Current Tradecraft

Youtube Videos

  • Kali on WSL: