In this tutorial, I explained how to do privilege escalation to gain domain controller privilege on the active directory using mimikatz and Powershell. This attack relies on gathering the NTLM hash and generating a Kerberos TGT for the administrator account of the domain controller. The success of this attack relies on the fact that the admin of the domain controller had logged in to the Windows workstation we compromised in the past and their credentials are saved in-memory cache.

Skills Learned

  • Mimikatz
  • Powershell
  • Kerberos

OSCP Certificate Notes

Windows Active Directory Penetration Testing Study Notes

Video Walk-through

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles