Overview and demonstration of how to use Netexec with the LDAP protocol against Active Directory hosts within a home lab environment. ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 00:00 Intro 00:47 Authentication - Overview 01:44 Generate Hosts File 03:00 LDAP Help Option & Overview 04:09 User Enumeration 05:02 User Enumeration Export 05:51 Active Users Enumeration 07:00 Asreproast 08:25 Kerberoasting 10:04 LDAP Queries 13:57 Find Delegation 15:00 Trusted For Delegation 15:32 Constrained Delegation Abuse Executed (SMB) 19:49 Admin Count Enumeration 20:04 Password Policy Enumeration 20:21 GMSA Enumeration 22:14 Group Enumeration 23:23 Computer Enumeration 24:15 Domain Controller List 24:42 Domain SID Enumeration 25:12 Bloodhound 27:10 LDAP Modules Overview 28:16 Machine Account Quota Module 29:02 Certipy Find Module 30:53 ESC8 Abuse 33:56 User Description Module 35:25 DACL Read Module 40:09 Conclusion Links from the Video Netexec Wiki: LDAP Search Filter Syntax: User Account Control Flags: Group Managed Service Accounts (gMSA) Overview: