
Active Directory PowerView Medium
This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.
Created by
mrb3n
Co-Authors:
ippsec
Summary
This module introduces third-party, open-source tools such as PowerView and SharpView. We will learn how to gather and analyze data from these tools and how they can be used as input to other tools during later parts of an AD-focused penetration test. In this module, we will cover:
- PowerView/SharpView usage
- Enumerating key AD objects such as users, groups, computers, ACLs, and GPOs
- Enumerating AD trust relationships
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections, Windows machines in a lab environment as directed, or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Medium." It assumes a working knowledge of Active Directory, the Linux and Windows command line, PowerShell, an understanding of information security fundamentals, and a firm grasp of AD enumeration processes and techniques.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Introduction to Networking
- Linux Fundamentals
- Active Directory LDAP
- Windows Fundamentals
Sections
- AD Enumeration Toolkit
- PowerView/SharpView Overview & Usage
- Enumerating AD Users
- Enumerating AD Groups
- Enumerating AD Computers
- Enumerating Domain ACLs
- Enumerating Group Policy Objects (GPOs)
- Enumerating AD Trusts
- Active Directory PowerView - Skills Assessment
Relevant Paths
This module progresses you towards the following Paths

Hard 27 Sections
Cubes Required: 2500
Active Directory (AD) is widely used by companies across all verticals/sectors, non-profits, government agencies, and educational institutions of all sizes. By its nature, AD is easily misconfigured and has many inherent flaws and widely known vulnerabilities. Due to the sheer number of objects and in AD and complex intertwined relationships that form as an AD network grows, it becomes increasingly difficult to secure and presents a vast attack surface. AD environments can become quite large and often hold many obvious and more difficult to discover flaws. A deep understanding of AD enumeration techniques and tools is essential to becoming a well-rounded information security professional.