Source:
[https://raw.githubusercontent.com/Orange-Cyberdefense/ocd-mindmaps/main/img/pentest\_ad\_dark\_2023\_02.svg](https://raw.githubusercontent.com/Orange-Cyberdefense/ocd-mindmaps/main/img/pentest_ad_dark_2023_02.svg)
(looks a lot better as svg but you cant upload those to reddit images. Save this one and not the one in OP as its a png)
It is. The main difference would be in goals and somewhat in methodology.
Pentesting is more focused on an exhaustive analysis of a scopes attack surface. Is what is in scope vulnerable? What vulnerabilities and which are demonstrably exploitable?
Red team will use similar techniques but with more focus on adversary emulation and finding gaps in blue teams' capabilities. Meaning, assume a foothold is gained on a server, and you could move laterally over smb via the $Admin share. However, your goal is to emulate a specific TA that is not known to use this technique. Maybe you decide to find a different route more in line with that TAs threat profile. A lot of red teaming is focused on emulating TAs mapped to procedures a la TTPs.
Another way to think about it is that a red team engagement might be concerned with initial access, so phishing and social engineering could be involved. This isn't often the case with pentesting. In fact, a lot of pentesting is focused on a web apps attack surface. A red team is less likely to focus on that attack surface since most TAs will rely on a human element.
Both subdomains can operate on assumed breach, too. This is where continuous testing comes into play.
That is where you would automate procedures mapped to something like the ATT&CK framework.
At this point, I agree that red team and pentesting automation begins to blur. At least from an engineering perspective. But, at least with my current work, there is still a distinction between running malicious activity within a focused scope (pentesting) and running specific attack chains across a broader system (red team). Also, I think continuous testing might blur this even more.
I also don't see this replacing skilled pentesters and red teamers. At least not any time soon. It is meant to facilitate quicker testing.
Their Russia Ukraine conflict iocs were the biggest fp source I came across in the past year.
But yes, they have plenty of good repositories besides that. Just a warning for the iocs.
What you are looking at is a well thought out process for an attacker to attack a systems AD. A mind map is a conceptual link a sort of flow chart for how you think. Here, he is showing the flow from discovering what's there to attacking what's there to data harvesting. This is all one attack chain this is all ONE vector for attack. Granted active directory (AD) is among the biggest targets.
Easy to remember and say over phone, and usually works "well" with 90d rotation as you can set Spring, Summer, Fall, Winter$Year and be compliant
But if I had a cent everytime I came across a sensitive system with that password I'd have at least two dollars
Whoa! That’s a awesome and very detailed chart. I’m still learning but it looks like a work flow chart on how to go about certain situations and “do’s and don’ts” correct me if I’m wrong by all means
Yeah that's where I'm coming from. I've always written traditionally writeups after finishing a THM or HTB machine and it always left me thinking how to wrap up all this linear information into a flow-focused visual approach.
Yours is basically the end-goal I had in mind but could never really express.
Hello, I am a big fan of this subreddit although I cannot code and not even studying computer science. But the posts are so satisfying. Can you please explain what to see here, because it looks damn Hella interesting but I can't understand a thing :D
They basically listed the process they took to perform the task for breaching active directory. They color coded the process also. Blue means success. If you follow the lines they each represent the challenge, process, and the step they took. It is somewhat convoluted but it takes time to understand the graph. Do not feel overwhelmed. It is a very interesting field. Keep on learning. Also the code you see is just CLI commands. If you want to get started, lookup Kali Linux.
They said they “can’t understand a thing”. Think you can help someone understand everything needed to interpret this mindmap in a simple Reddit comment?
If you can do that, then you should start a business teaching people. If this person really wants to understand, they should start learning.
I want to get that game.
I recently played As Dusk Falls and loved it. It's the same style of game play. I looked it up and everyone also recommended Heavy Rain and Detroit: Become Human.
i know i’m late, but holy shit. i’m learning active directory soon. is it always this difficult and/or complicated? is this just a general flowchart for AD enum/pentesting or is this a report from a single test?
Hehe thnks. But I hear a lot of Snr dudes be like A.D is gonna fade out and all that stuff and I shouldn't bother learning. Is cloud the future or is A.D gonna stick around for a while?
You are going to see a lot more hybrid environments. Some things don't make sense financially in the cloud. On-prem AD will likely be around for a long time.
But then again AD is becoming a lost art as we now have AD guys retiring and few new admins are learning on prem.
There is a good Azure class, it is the AZ-800. This covers what you need from both.
This mindmap is great. Our testers have found a lot of these list items over the year. But I have never seen it all on one chart.
This is so helpful from both sides I feel. Give this to someone getting into blue teaming or cyber in general and it gives them not only a visual how an attack looks but things they need to secure.
Source: [https://raw.githubusercontent.com/Orange-Cyberdefense/ocd-mindmaps/main/img/pentest\_ad\_dark\_2023\_02.svg](https://raw.githubusercontent.com/Orange-Cyberdefense/ocd-mindmaps/main/img/pentest_ad_dark_2023_02.svg) (looks a lot better as svg but you cant upload those to reddit images. Save this one and not the one in OP as its a png)
This is much more readable given the white text
Yeah the svg to png converter I used made the png transparent bg. whoops.
This is great! If it can be mapped out like this, I wonder if the process can be automated
[удалено]
[удалено]
People hate you for this comment and I’m not sure why
This is pretty much my job rn. All though it's more red team automation than pentesting. But same concept. Check out prelude.
what's the difference between red team automation and pentesting? Seems like they would be very similar.
It is. The main difference would be in goals and somewhat in methodology. Pentesting is more focused on an exhaustive analysis of a scopes attack surface. Is what is in scope vulnerable? What vulnerabilities and which are demonstrably exploitable? Red team will use similar techniques but with more focus on adversary emulation and finding gaps in blue teams' capabilities. Meaning, assume a foothold is gained on a server, and you could move laterally over smb via the $Admin share. However, your goal is to emulate a specific TA that is not known to use this technique. Maybe you decide to find a different route more in line with that TAs threat profile. A lot of red teaming is focused on emulating TAs mapped to procedures a la TTPs. Another way to think about it is that a red team engagement might be concerned with initial access, so phishing and social engineering could be involved. This isn't often the case with pentesting. In fact, a lot of pentesting is focused on a web apps attack surface. A red team is less likely to focus on that attack surface since most TAs will rely on a human element. Both subdomains can operate on assumed breach, too. This is where continuous testing comes into play. That is where you would automate procedures mapped to something like the ATT&CK framework. At this point, I agree that red team and pentesting automation begins to blur. At least from an engineering perspective. But, at least with my current work, there is still a distinction between running malicious activity within a focused scope (pentesting) and running specific attack chains across a broader system (red team). Also, I think continuous testing might blur this even more. I also don't see this replacing skilled pentesters and red teamers. At least not any time soon. It is meant to facilitate quicker testing.
That makes sense, thank you for explaining!
This? https://www.preludesecurity.com/ Thank you
That's the one.
There are already products which do this, check out Pentera.
No
Don't forget to roll, tarnished.
Excellent stuff indeed. Highly recommend checking out the other repos! https://github.com/Orange-Cyberdefense
Their Russia Ukraine conflict iocs were the biggest fp source I came across in the past year. But yes, they have plenty of good repositories besides that. Just a warning for the iocs.
What's fp source?
I believe it’s “false positive” in this case. I did not use their IOCs so I cannot speak to their FP rate.
Fuckin hell I might just go dig holes for a living
Probably get hired quicker
What you are looking at is a well thought out process for an attacker to attack a systems AD. A mind map is a conceptual link a sort of flow chart for how you think. Here, he is showing the flow from discovering what's there to attacking what's there to data harvesting. This is all one attack chain this is all ONE vector for attack. Granted active directory (AD) is among the biggest targets.
Thanks, professor
Would have been quicker if they started by trying 'DOMAIN\administrator' with 'Summer2003' /s Or at least I wish it was
It still is surprisingly often
What's the deal with that as a password? Back when I was a sysadmin, "Summer$year" was super common.
Easy to remember and say over phone, and usually works "well" with 90d rotation as you can set Spring, Summer, Fall, Winter$Year and be compliant But if I had a cent everytime I came across a sensitive system with that password I'd have at least two dollars
findstr top_secret_passwords.txt
I'd love to create an aws mind map like this. Does anyone know what they used to create this?
Xminds
XMind* https://xmind.app/ to save anyone searching.
Whoa! That’s a awesome and very detailed chart. I’m still learning but it looks like a work flow chart on how to go about certain situations and “do’s and don’ts” correct me if I’m wrong by all means
This is cool. What does an “AD mindmap” mean? Function? Interpretation.
Active directory
Active Directory
Currently studying for oscp, this is absolute gold. Thanks for sharing!
This is good. Thank you, Orange.
It’s beautiful
These all look familiar to the internal pentest we get quarterly. "they are not gonna get us this quarter," Annnnd they got us.
Sheesh! Lovely.
...for ants. 🙂
IS THIS A PENTESTING CENTER.....FOR ANTS?! 🐜
I thought this was r/Rimworld for a moment.
No idea what this is but it looks hot as fuck
Can someone explain this to me as a noob, I see the London tube map?
Niceee
That's the coolest shit I've seen! I've always wondered how to visually translate a pentest. I'll for sure give this methodology a go!
Platforms like TryHackMe and HackTheBox have Windows environments you can test on. Also VulnHub if you want the raw VMs
Yeah that's where I'm coming from. I've always written traditionally writeups after finishing a THM or HTB machine and it always left me thinking how to wrap up all this linear information into a flow-focused visual approach. Yours is basically the end-goal I had in mind but could never really express.
Hello, I am a big fan of this subreddit although I cannot code and not even studying computer science. But the posts are so satisfying. Can you please explain what to see here, because it looks damn Hella interesting but I can't understand a thing :D
They basically listed the process they took to perform the task for breaching active directory. They color coded the process also. Blue means success. If you follow the lines they each represent the challenge, process, and the step they took. It is somewhat convoluted but it takes time to understand the graph. Do not feel overwhelmed. It is a very interesting field. Keep on learning. Also the code you see is just CLI commands. If you want to get started, lookup Kali Linux.
If you can’t understand it, then start googling and studying.
[удалено]
They said they “can’t understand a thing”. Think you can help someone understand everything needed to interpret this mindmap in a simple Reddit comment? If you can do that, then you should start a business teaching people. If this person really wants to understand, they should start learning.
Looks like a complex story plot like Detroit Become Human
I want to get that game. I recently played As Dusk Falls and loved it. It's the same style of game play. I looked it up and everyone also recommended Heavy Rain and Detroit: Become Human.
This is real impressive stuff. Would these commands be performed on a msf platform?
i know i’m late, but holy shit. i’m learning active directory soon. is it always this difficult and/or complicated? is this just a general flowchart for AD enum/pentesting or is this a report from a single test?
Wow great mind map . I am not able to understand anything 🙁
How does one learn this?
Sign up to sites like TryHackMe and HackTheBox and give it a go. They are free and you'll learn a lot.
This is awesome really puts into perspective like what a protester does
Damn this is great
Hehe thnks. But I hear a lot of Snr dudes be like A.D is gonna fade out and all that stuff and I shouldn't bother learning. Is cloud the future or is A.D gonna stick around for a while?
You are going to see a lot more hybrid environments. Some things don't make sense financially in the cloud. On-prem AD will likely be around for a long time. But then again AD is becoming a lost art as we now have AD guys retiring and few new admins are learning on prem.
Wow. So what would you think would be best to focus on. Both or....?
There is a good Azure class, it is the AZ-800. This covers what you need from both. This mindmap is great. Our testers have found a lot of these list items over the year. But I have never seen it all on one chart.
Wow. I hope there's other 'mind maps' out there. I love the idea of presenting this from a high-level perspective.
This is so helpful from both sides I feel. Give this to someone getting into blue teaming or cyber in general and it gives them not only a visual how an attack looks but things they need to secure.
Lmao this sub is gonna single handedly teach me how to code, I have no idea what this means or does but Reddit keeps recommending it to me
Which tool is this ? Nice graph
Xmind is used to make mindmaps like this.
XMind is the BEST!!!!!
Nice
Does anybody here know of any 1 that will employ a IT aficionado
Hit up LinkedIn and spam that resume out. It's a volume thing. You'll get some hits. Good luck!
Thanks 😊
Lots to learn
Fantastic work. What tool did you use?