# 内网渗透相关 ## bmjoker(实战系列) [1.我所了解的内网渗透](https://www.cnblogs.com/bmjoker/p/10336247.html) [2.内网渗透之端口转发](https://www.cnblogs.com/bmjoker/p/10264148.html) [3.内网渗透之reGeorg+Proxifier](https://www.cnblogs.com/bmjoker/p/10205407.html) [4. 内网渗透之IPC$入侵](https://www.cnblogs.com/bmjoker/p/10355934.html) [5.内网渗透之PTH\&PTT\&PTK](https://www.cnblogs.com/bmjoker/p/10355979.html) [6.Dump域内用户Hash姿势集合](https://www.cnblogs.com/bmjoker/p/10529360.html) [7.内网渗透之windows认证机制](https://www.cnblogs.com/bmjoker/p/10723432.html) ## ARESX(实战+原理系列) [戏说地狱三头犬](https://ares-x.com/2020/03/12/%E6%88%8F%E8%AF%B4%E5%9C%B0%E7%8B%B1%E4%B8%89%E5%A4%B4%E7%8A%AC/) [关于IPC和PTH用户权限问题](https://ares-x.com/2020/03/10/%E5%85%B3%E4%BA%8EIPC%E5%92%8CPTH%E7%94%A8%E6%88%B7%E6%9D%83%E9%99%90%E9%97%AE%E9%A2%98/) [(一)Windows认证机制](https://ares-x.com/2020/03/16/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E4%B8%80%EF%BC%89Windows%E8%AE%A4%E8%AF%81%E6%9C%BA%E5%88%B6/) [(二)Kerberos协议](https://ares-x.com/2020/03/17/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E4%BA%8C%EF%BC%89Kerberos%E5%8D%8F%E8%AE%AE/) [(三)域内信息搜集](https://ares-x.com/2020/03/18/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E4%B8%89%EF%BC%89%E5%9F%9F%E5%86%85%E4%BF%A1%E6%81%AF%E6%90%9C%E9%9B%86/) [(四)Dump Password & Hash](https://ares-x.com/2020/03/21/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E5%9B%9B%EF%BC%89Dump-Password-Hash/) [(五)基于IPC的远程连接](https://ares-x.com/2020/03/21/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E4%BA%94%EF%BC%89%E5%9F%BA%E4%BA%8EIPC%E7%9A%84%E8%BF%9C%E7%A8%8B%E8%BF%9E%E6%8E%A5/) [(六)PTH 哈希传递攻击](https://ares-x.com/2020/03/21/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E5%85%AD%EF%BC%89PTH-%E5%93%88%E5%B8%8C%E4%BC%A0%E9%80%92%E6%94%BB%E5%87%BB/) [(七)PTT 票据传递攻击](https://ares-x.com/2020/03/21/%E5%9F%9F%E6%B8%97%E9%80%8F%E5%AD%A6%E4%B9%A0%EF%BC%88%E4%B8%83%EF%BC%89PTT-%E7%A5%A8%E6%8D%AE%E4%BC%A0%E9%80%92%E6%94%BB%E5%87%BB/) ## CoolCat(实战+原理分析系列) [2020-02-2 Windows本地hashdump备忘录](https://thekingofduck.github.io/post/Dumping-Windows-Local-Credentials-Tools/) [2020-02-28 ](https://thekingofduck.github.io/post/scan-ports-by-cscript/)[利用cscript进行内网端口扫描](https://thekingofduck.github.io/post/scan-ports-by-cscript/) [2020-03-02 域渗透学习笔记一:域环境的搭建](https://thekingofduck.github.io/post/ADStudy-Part-1-AD-Install/) [2020-03-02 域渗透学习笔记二:Windows认证机制Net-NTLM刨析](https://thekingofduck.github.io/post/ADStudy-Part-2-Net-NTLM-Study/) [2020-03-04 域渗透学习笔记三:攻击NTLM](https://thekingofduck.github.io/post/ADStudy-Part-3-Attack-NTLM/) [2020-03-04 域渗透学习笔记四:域认证机制Kerbroes刨析](https://thekingofduck.github.io/post/ADStudy-Part-4-Kerbroes-Study/) [2020-03-04 域渗透学习笔记五:攻击Kerbroes](https://thekingofduck.github.io/post/ADStudy-Part-5-Attack-Kerbroes/) ## 彻底理解Windows认证(原理分析系列) ## 这才叫专业(深入原理系列) [windows-protocol](https://daiker.gitbook.io/windows-protocol/) - daikerSec \[内网渗透的常见协议kerberos,ntlm,smb,ldap,netbios分析] [windows-access-control](https://rootclay.gitbook.io/windows-access-control/) - rootclay \[Windows访问控制] [NTLM & SSP](https://rootclay.gitbook.io/ntlm/) - rootclay \[NTLM中高级进阶] [hackndo blog](https://en.hackndo.com/archives/) - Pixis \[AD分析的很详细、很彻底] ## Pentesting\_Active\_directory(脑图) \[最新] \[翻译较旧] ## Active Directory 漏洞利用备忘单 {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} ## Game Of Active Directory v2
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gitbook.se7ensec.cn/nei-wang-shen-tou-xiang-guan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.