bloodhound

A practical, ordered checklist for Windows local privilege escalation during labs, CTFs, and authorised internal testing.

Active Directory machine demonstrating SMB user enumeration, weak password reuse, writable logon script abuse, and GPO-based privilege escalation.

Active Directory machine demonstrating MSSQL abuse leading to credential leakage and AD CS certificate abuse for full domain compromise.

Active Directory machine demonstrating anonymous LDAP enumeration, AS-REP Roasting, nested group abuse, and DCSync-based domain compromise.

Active Directory machine demonstrating username generation, AS-REP Roasting, AutoLogon credential discovery, and DCSync-based domain compromise.