�ЈD�W(w��ng)

>

��Ϣ��ȫ

AD�򹥷��(qu��n)��ָ��

��

��] AD�򹥷��(qu��n)��ָ��

��ߣ��h��x �Z�� μњg ��

��磺�Cе��I(y��)��r�g��2025-02-01

�_�� 16�_ 퓔�(sh��)�� 498

���Σ�Ӌ��C/�W(w��ng)�j(lu��)�N��

�� D �r:¥89.0(6.9��) ��r ~~¥129.0~~ ��䛺�ɿ��T�r

��ُ��܇ �ղ�

�_��٣� ȫ��]

?�½��س��

��Ǖ��>

>
ȫ��Ӌ��C�ȼ��ԇ��濼�}��ģ�M��Ԕ�⡤��MSOffice�߼��

ȫ��Ӌ��C�ȼ��ԇ��濼�}��ģ�M��Ԕ�⡤��MSOffice�߼��

¥14.4¥45
>
�Q��(zh��n)�Мy5000�}(��Z��c��_)

�Q��(zh��n)�Мy5000�}(��Z��c��_)

¥44.1¥88
>
ܛ��ܜyԇ.��c�{(di��o)��(y��u)��`֮·

ܛ��ܜyԇ.��c�{(di��o)��(y��u)��`֮·

¥56.2¥69
>
��һ�д��aAndroid

��һ�д��aAndroid

¥55.4¥99
>
JAVA��m(x��)��

JAVA��m(x��)��

¥58.1¥119
>
EXCEL��̿ƕ�(��ȫ��)(ȫ��ӡˢ)

EXCEL��̿ƕ�(��ȫ��)(ȫ��ӡˢ)

¥31.1¥69.9
>
��ȌW��

��ȌW��

¥92.4¥168

��ƷԔ��
��Ʒ�uՓ(0�l)

�ЈD�r:¥89.0 ��ُ��܇

��(qu��n)��Ϣ
��ɫ
��(n��i)�ݺ��
Ŀ�
��P(gu��n)�Y��
��ߺ��

AD�򹥷��(qu��n)��ָ�� (qu��n)��Ϣ

ISBN��9787111768623
�l�δa��9787111768623 ; 978-7-111-76862-3
�b��ƽ�b-�zӆ
�Ԕ�(sh��)��o
��o
��ٷ��
Ӌ��C/�W(w��ng)�j(lu��)
>
��Ϣ��ȫ

AD�򹥷��(qu��n)��ָ�� ɫ

��1��ȫ��ָ��֪��Ʒ��ȫ�� ƻ��򹥷��Փ��(zh��n)��ĘI(y��)��ȫ��չ��P(gu��n)�I��g(sh��)��
��2��Ɍ��(zh��n)�(q��)�ӣ�10��Ͻ�(j��ng)��΢ܛMVP��360��ȫ��҃A��죬��ATT&CK��ṩ�S��Č��(zh��n)��x��֪��֪�ˡ�
��3��m�ø��ӴεľW(w��ng)��ĘI(y��)�ߣ��oՓ�Ǽ��g(sh��)��W��߀�ǰ�ȫ�F꠹��܏��Ы@��̆��l(f��)�c��`ָ��Ч��(g��u)��Ԍ��ķ��wϵ��

AD�򹥷��(qu��n)��ָ�� (n��i)�ݺ��

�@��һ��ȫ�渲�w��+�ơ��h(hu��n)��Č��(zh��n)ָ��ȫ�ĘI(y��)�ߺ��I(y��)��(g��u)��Ƶķ��ʹ��ݵؑ��s��׃�İ�ȫ��c��(zh��n)�� ΢ܛȫ��*�Ѓrֵ��c360��ȫ��҃A��죬�Y(ji��)�ϴ��AD��Microsoft Entra ID��ԭAzure AD��Ĺ��ɶ�ҕ��O(sh��)Ӌ��һ��򹥷��(zh��n)朗l��Ի��򹥷��(zh��n)��ATT&CK��ģ��ϵ�y(t��ng)��AD��Microsoft Entra ID�ڹ��A��漰�ļ��g(sh��)ԭ��ֶ��©��Լ��ԡ� ȫ��(n��i)��S��茍��v��͸��w��Ϣ�ռ��AD��(qu��n)�ޫ@ȡ��Kerberos��ί��ACL��T��ADCS��Microsoft Entra ID��Ⱥ��ļ��g(sh��)��ϴ��܎��ĘI(y��)��򹥷��|(zh��)��Ռ��H��ֶ��֪��֪��I(y��)�Թ��ٷ��(g��u)��Ԍ��İ�ȫ�� m�ϸ��ӴεľW(w��ng)�j(lu��)��ȫ�ĘI(y��)��x��oՓ�Ǽ��g(sh��)��W��߀�ǰ�ȫ�F꠹��ߣ��܏��Ы@��̆��l(f��)�c��`ָ��

AD�򹥷��(qu��n)��ָ�� Ŀ�

Ŀ��䛡�Contents��
��һ
��
ٝ�u
ǰ��
��1�¡�AD��Microsoft Entra ID1
1.1��AD��A(ch��)1
1.1.1��ĸ��1
1.1.2��M��4
1.1.3��LDAP11
1.1.4��SPN15
1.1.5��Kerberos 22
1.2��Microsoft Entra ID��A(ch��)25
1.2.1��ĸ��25
1.2.2��Microsoft Entra��(n��i)�ý�ɫ28
��2�¡�AD��Microsoft Entra ID��29
2.1��AD��ù��SCCMԔ��29
2.1.1��SCCM��B29
2.1.2��SCCM�M��Ϣö�e32
2.1.3��SCCM�M�ЙM��Ƅ�39
2.1.4��SCCM�M�Б{��(j��)�`ȡ47
2.1.5��SCCMHunter�M��SCCM��61
2.1.6��MalSCCM�M��SCCM��65
2.1.7��SharpSCCM�M��SCCM��75
2.2��AD��91
2.2.1��BloodHound�M��AD��91
2.2.2��AdFind�M��AD��113
2.2.3��AD Explorer�M��AD��125
2.2.4��SharpADWS�M��AD��131
2.2.5��SOAPHound�M��AD��140
2.3��Microsoft Entra ID��146
2.3.1��Microsoft Entra ID��AzureHoundԔ��146
2.3.2��ʹ��Azure AD PowerShell�M��Ϣö�e167
2.3.3��ʹ��Azure PowerShell�M��Ϣö�e186
2.3.4��ʹ��Azure CLI�M��Ϣö�e195
��3�¡��@ȡAD��(qu��n)��202
3.1��Ñ��ܴa��202
3.1.1��Ҋ�ܴa��202
3.1.2��@ȡ�ܴa��Ե��ֶ�202
3.1.3��Ñ��ܴa��Խ��204
3.1.4��ұ��Ñ�204
3.2��Kerberos�f(xi��)�h�M��ܴa��205
3.2.1��ʹ��ADPwdSpray.py�M��ܴa��205
3.2.2��dsacls�M��ܴa��206
3.2.3��z�y��Kerberos�f(xi��)�h��ʩ��ܴa��206
3.3��Microsoft Entra ID�ܴa��207
3.3.1��Microsoft Entra ID�ܴa��207
3.3.2��ͨ�^MSOnline PowerShell�@ȡ�ܴa��207
3.3.3��ʹ��MSOLSpray��Azure AD��M��ܴa��209
3.3.4��ʹ��Go365��Microsoft 365�Ñ��M��ܴa��210
3.3.5��Microsoft Entra ID�ܴa��212
3.4��LDAP�ƽ��~��ܴa215
3.4.1��ʹ��DomainPasswordSprayͨ�^LDAP�M��ܴa��215
3.4.2��Linux�h(hu��n)��ͨ�^LDAP��Ñ��ܴa216
3.4.3��z�y��LDAP��ʩ��ܴa��217
3.5��AS-REP Roasting�x��ܴa�ƽ�218
3.5.1��e�`��Ì��AS-REP Roasting��218
3.5.2��z�yAS-REP Roasting��221
3.5.3��AS-REP Roasting��221
3.6��Kerberoasting�x��ܴa�ƽ�221
3.6.1��Kerberoasting��ԭ��221
3.6.2��Kerberoasting��222
3.6.3��h(hu��n)��222
3.6.4��@ȡ�L��ָ��յ�Ʊ��(j��)223
3.6.5��D(zhu��n)�Q��ͬ��ʽ��Ʊ��(j��)224
3.6.6��x��ƽⱾ��Ʊ��(j��)225
3.6.7��Kerberoasting��T226
3.6.8��Kerberoasting��ęz�y��227
3.7��FAST227
3.7.1��FAST��227
3.7.2��@�^FAST��o230
3.7.3��δ��(j��ng)�A��C��Kerberoasting232
3.8��h(hu��n)��п��ָ��Ñ�236
3.9��C��~��Windows 2000֮ǰ��Ӌ��C240
3.10��CVE-2020-1472��ZeroLogon��©��243
3.10.1��z�yĿ��ZeroLogon©��244
3.10.2��(n��i)Windows�h(hu��n)��ʹ��Mimikatz��(zh��)��ZeroLogon��244
3.10.3��(zh��)��ZeroLogon��245
3.10.4��֏��ؙC��~��ܴa247
3.10.5��z�yZeroLogon��248
3.10.6��ZeroLogon��250
��4�¡�� 251
4.1��λ��A(ch��)251
4.1.1��ԭ��251
4.1.2��TDO252
4.1.3��GC252
4.2��c��Kerberos�J�C�ą^(q��)�e253
4.3��փ�(n��i)��е�Kerberosͨ��253
4.4��g��е�Kerberosͨ��253
4.5��μ��g(sh��)255
4.5.1��256
4.5.2��·��261
4.5.3��փ�(n��i)��ι��263
4.5.4��g��ι��269
��5�¡�Kerberos��ί��280
5.1��o�s��ί��281
5.1.1��o�s��ί��ԭ��282
5.1.2��ԃ�o�s��ί��283
5.1.3��ßo�s��ί��~��285
5.1.4��ßo�s��ί�ɺ�Spooler��ӡ�C��ի@ȡ��ؙ�(qu��n)��287
5.1.5��o�s��ί�ɹ��291
5.2��s��ί��291
5.3��YԴ�ļs��ί��302
5.4��@�^ί��325
5.4.1��ք��SPN�@�^ί��325
5.4.2��CVE-2020-17049��Kerberos Bronze Bit��©��328
��6�¡�ACL��T332
6.1��AD�ОE��ACL/ACE332
6.2��GenericAll��(qu��n)��Ӻ��T335
6.3��WriteProperty��(qu��n)��Ӻ��T337
6.4��WriteDacl��(qu��n)��Ӻ��T339
6.5��WriteOwner��(qu��n)��Ӻ��T340
6.6��GenericWrite��(qu��n)��Ӻ��T341
6.7��ͨ�^��Ƹ��ܴa�O(sh��)�ú��T343
6.8��ͨ�^GPO�e��O(sh��)�ú��T344
6.9��SPN��T346
6.10��Exchange��ACL�O(sh��)�ú��T348
6.11��Shadow Admin�~��O(sh��)�ú��T349
��7�¡�AD CS��351
7.1��AD CS��A(ch��)351
7.1.1��C��յđ��È��ͷ��352
7.1.2��C��ģ��ע��352
7.1.3��@ȡCA��Ϣ357
7.2��AD CS�ĳ��ù��c��ַ�358
7.2.1��ESC1��e�`��C��ģ��358
7.2.2��ESC2��e�`��C��ģ��362
7.2.3��ESC3��e��C��Ո��ģ��363
7.2.4��ESC4��C��ģ��L��e��365
7.2.5��ESC6��EDITF_ATTRIB-UTESUBJECTALTNAME2�@ȡ��(qu��n)��371
7.2.6��ESC7��CA�L��e��374
7.2.7��ESC8��PetitPotam�|�l(f��)NTLM Relay380
7.2.8��AD��(qu��n)��387
7.2.9��CA�C��C��Ո��C��390
7.2.10��Ӱ�ӑ{��(j��)��395
7.2.11��ESC9��o��ȫ�Uչ406
7.2.12��ESC10��C��ӳ��410
7.2.13��ESC11��RPC��^��AD CS416
��8�¡�Microsoft Entra ID��420
8.1��AD�Ñ�ͬ��Microsoft Entra ID420
8.1.1��(chu��ng)��Windows Server Active Directory�h(hu��n)��420
8.1.2��Microsoft Entra�� (chu��ng)��Ϙ��R��T�~��427
8.1.3��b��Microsoft Entra Connect430
8.2��Microsoft Entra�o�p��һ��䛹��ܵĞE��436
8.2.1��E��Microsoft Entra�o�p��һ��䛌�ʩ��ܴa��436
8.2.2��E��AZUREADSSOACC$�~��ʩ�ęM��Ƅ�442
8.3��E��AD DS�B��~��ʩ��DCSync��454
8.4��E��Microsoft Entra�B��~��ܴa466
8.5��E��Microsoft Intune��Č�ʩ�ęM��Ƅ�473
8.6��E��Azure��(n��i)��Contributor��ɫ��ʩ�ęM��Ƅ�486

չ�_ȫ��

AD�򹥷��(qu��n)��ָ�� P(gu��n)�Y��

AD��ڞ��I(y��)��Ϣ��펧��T��ͬ�r��Ҳ��䔵(sh��)��(j��)�͙�(qu��n)�޵ĸ߶ȼ��ɞ�ڿ͹��cĿ��һ��ע�ڻ��AD�h(hu��n)��AD��Microsoft Entra ID��Č��I(y��)�ԈD��ǳ��m�υ��c�t�{��ݾ��İ�ȫ��I(y��)��ʿ��x��ͨ�^��x��x��ճ��İ�ȫ��ի@�O��Ď��͆��l(f��)�� “AI ��ȫ��”��ߣ�Λρ��F�W(w��ng)�j(lu��)��ȫ��(j��ng)��Y�ȫ��Ѧ�� ΢��ھ��(chu��ng)ʼ�˼� CEO��鹥��ˆT��P(gu��n)��ȫ�ĘI(y��)��ṩ��һ��ϵ�y(t��ng)��Ľ̳̣��\��ķ�ʽ��B��AD��Microsoft Entra ID�ĽY(ji��)��(g��u)��ԭ��Ҋ��ȫ©��Լ��ͨ�^Ԕ�M��ͬ��͵Ĺ��ַ��͵��Ͱ��x��ȫ��⹥��߿��õ�©��ͼ��g(sh��)��M��(g��u)��Ч�ķ��ԡ��H�ṩ�˴��õķ��ͼ��߀�؄e��{(di��o)�˹��Č��(zh��n)��ÿһ�¶��S��Č��H��͑��ԣ��x��܉�ͨ�^�W��@Щ��չ��ߵ�˼�S��ʽ��О�ģʽ��Ķ��İ�ȫ��R�͑��ּ�ڞ鰲ȫ�u��©��ھ��yԇ��ȫ�\�I�ȶ��I(l��ng)�򎧁��µ�˼·�̈́�(chu��ng)��ҕ��ƄӰ�ȫ�ĘI(y��)��ڌ��`�в��M��ͳ��L��

AD�򹥷��(qu��n)��ָ�� ߺ��

�h��x
��н�10��Ӌ�㼰�W(w��ng)�j(lu��)��ȫ��(j��ng)��c�ƶ��ಿ�V��ҕ�ИI(y��)��ȫ�˜��΢ܛ��ȫ��MVP��Ѓrֵ��ң��ư�ȫ(li��n)�ˣ�CSA��A�^(q��)��Ї�Ӌ��C�W��CCF��I(y��)��T��
Ŀǰ��ע��΄��V��ҕ�;W(w��ng)�j(lu��)ҕ �I(y��)�յİ�ȫ�\��о��t�{��ȹ��νM��ИI(y��)��ݾ��߿�ָ�]��Θs�@�Ї��Ӱ�ҕ��g(sh��)�W��ƌW��g(sh��)��ں��ڿ��ϰl(f��)��ƪՓ�ģ�ͬ�r��ж��ԭ��(chu��ng)�l(f��)��
ͬ�r�ǰ��MVP��A��HCDE��ŷ�MVP��CSDN��͌��vӍ�Ƽܘ�(g��u)��g(sh��)ͬ�˳ɆT��W(w��ng)�j(lu��)��ȫ��I(y��)��ATT CKҕ��µļt�{��(zh��n)ָ�ϡ��
360��ȫ��ң��A�ϰ��I(y��)��ǰ��(j��ng)��DeadEye��ȫ�Fꠄ�(chu��ng)ʼ��10��ϾW(w��ng)�j(lu��)��ȫ��(j��ng)��
��L�Ĺ��ҕ��M�а�ȫ�wϵ��O(sh��)��Ǉ��(n��i)��(n��i)�W(w��ng)�B͸�wϵ��Ӗ��O(sh��)Ӌ�ߺ��v�ˡ��΅��c��Ҽ��ݾ��ڲ�ί�Լ��ڡ�ͨ�ŵȶ��ИI(y��)��֪��I(y��)�Г��{꠿�ָ�]��Е��N��(n��i)�W(w��ng)��ȫ��B͸�yԇ��(zh��n)ָ�ϡ��ATT CKҕ��µļt�{��(zh��n)ָ�ϡ��

�h��x
��н�10��Ӌ�㼰�W(w��ng)�j(lu��)��ȫ��(j��ng)��c�ƶ��ಿ�V��ҕ�ИI(y��)��ȫ�˜��΢ܛ��ȫ��MVP��Ѓrֵ��ң��ư�ȫ(li��n)�ˣ�CSA��A�^(q��)��ң��Ї�Ӌ��C�W��CCF��I(y��)��T��
Ŀǰ��ע��΄��V��ҕ�;W(w��ng)�j(lu��)ҕ �I(y��)�յİ�ȫ�\��о��t�{��ȹ��νM��ИI(y��)��ݾ��ӣ��߿�ָ�]��Θs�@�Ї��Ӱ�ҕ��g(sh��)�W��ƌW��g(sh��)��ں��ڿ��ϰl(f��)��ƪՓ��ͬ�r��ж��ԭ��(chu��ng)�l(f��)��
ͬ�r�ǰ��MVP��A��HCDE��ŷ�MVP��CSDN��͌��ҡ��vӍ�Ƽܘ�(g��u)��g(sh��)ͬ�˳ɆT��W(w��ng)�j(lu��)��ȫ��I(y��)��ATT&CKҕ��µļt�{��(zh��n)ָ�ϡ��ߡ�

�Z��
360��ȫ��ң��A�ϰ��I(y��)��ǰ��(j��ng)��DeadEye��ȫ�Fꠄ�(chu��ng)ʼ�ˡ��10��ϾW(w��ng)�j(lu��)��ȫ��(j��ng)��
��L�Ĺ��ҕ��M�а�ȫ�wϵ��O(sh��)��Ǉ��(n��i)��(n��i)�W(w��ng)�B͸�wϵ��Ӗ��O(sh��)Ӌ�ߺ��v��΅��c��Ҽ��ݾ��ڲ�ί�Լ��ڡ�ͨ�ŵȶ��ИI(y��)��֪��I(y��)�Г��{꠿�ָ�]��Е��N��(n��i)�W(w��ng)��ȫ��B͸�yԇ��(zh��n)ָ�ϡ��ATT&CKҕ��µļt�{��(zh��n)ָ�ϡ��

�μњg
360��ȫ��Ҫ�о��ȫ��t�{��ȷ��΅��c��Ҽ��ʡ�м��ИI(y��)��Ĺ��ݾ��Լ��ISC�ȷ��ķ��e��

��Ʒ�uՓ(0�l)

��u ٍ��

��o�uՓ��

��]

>
��wǧ��
��wǧ��
��ί��
¥14.0~~¥40.0~~
>
�ϵ�֮��:��˵��挍�ó�
�ϵ�֮��:��˵��挍�ó�
[��] �_��ء��R ��/�R�ĸ� �g
¥20.2~~¥35.0~~
>
�S�@ʳ��
�S�@ʳ��
Ԭö
¥18.2~~¥48.0~~
>
�_��_�m�x��S�P-��b
�_��_�m�x��S�P-��b
[��]�_��_�m ��,�� g
¥32.9~~¥58.0~~
>
��S��-��Ծ��
��S��-��Ծ��
�� ֹ�� Уӆ
¥6.1~~¥16.0~~
>
��~��Փ/��С��
��~��Փ/��С��
��
¥8.7~~¥24.0~~
>
��
��
��w��
¥12.2~~¥32.0~~
>
ɽ��(j��ng)
ɽ��(j��ng)
�ַ�
¥18.7~~¥68.0~~

����N

��w��̎��--�ª��

�ЈD�W(w��ng)

¥12.9~~¥30~~
��w��̎��--��(n��i)��

�ЈD�W(w��ng)

¥12.9~~¥30~~
��ͥ��ⲿ��

�Ƽ{�¡��

¥17.8~~¥56~~
��κ��ʷ(��)

��

¥26.2~~¥70~~
��κ��ʷ(��)

��

¥24.4~~¥65~~
��κ��ʷ(��)

��

¥20.8~~¥55~~

中图网(原中国图书网)：网上书店，尾货特色书店，30万种特价书低至2折！

��] AD�򹥷��(qu��n)��ָ��

AD�򹥷��(qu��n)��ָ�� (qu��n)��Ϣ

AD�򹥷��(qu��n)��ָ�� ɫ

AD�򹥷��(qu��n)��ָ�� (n��i)�ݺ��

AD�򹥷��(qu��n)��ָ�� Ŀ�

AD�򹥷��(qu��n)��ָ�� P(gu��n)�Y��

AD�򹥷��(qu��n)��ָ�� ߺ��

��wǧ��

�ϵ�֮��:��˵��挍�ó�

�S�@ʳ��

�_��_�m�x��S�P-��b

��S��-��Ծ��

��~��Փ/��С��

��

ɽ��(j��ng)

��w��̎��--�ª��

��w��̎��--��(n��i)��

��ͥ��ⲿ��

��κ��ʷ(��)

��κ��ʷ(��)

��κ��ʷ(��)

�Ϻ��Z˹͡��Ȳ�

�B��ƪ-��ƪ��(j��ng)��Ď�

�wԪ��Ԃ�

��ǧ��xӛ

��:��

�՝��͙��

���] AD�򹥷���(qu��n)��ָ��

AD�򹥷���(qu��n)��ָ�� ���(qu��n)��Ϣ

AD�򹥷���(qu��n)��ָ�� ������ɫ

AD�򹥷���(qu��n)��ָ�� ��(n��i)�ݺ���

AD�򹥷���(qu��n)��ָ�� Ŀ�

AD�򹥷���(qu��n)��ָ�� ���P(gu��n)�Y��

AD�򹥷���(qu��n)��ָ�� ���ߺ���

��] AD�򹥷��(qu��n)��ָ��

AD�򹥷��(qu��n)��ָ�� (qu��n)��Ϣ

AD�򹥷��(qu��n)��ָ�� ɫ

AD�򹥷��(qu��n)��ָ�� (n��i)�ݺ��

AD�򹥷��(qu��n)��ָ�� Ŀ�

AD�򹥷��(qu��n)��ָ�� P(gu��n)�Y��

AD�򹥷��(qu��n)��ָ�� ߺ��