Active Directory

Question 1

What does NTDS.dit stand for?

Answer 1

New Technology Directory Services (NTDS) Directory Information Tree (dit)

Question 2

What does NTLM stand for?

Answer 2

New Technology LAN Manager

Question 3

Where is the NTDS.dit file located?

Answer 3

The NTDS file (NTDS.dit) is located in %SystemRoot%\NTDS\Ntds.dit of a Domain Controller

Question 4

What does VSS stand for?

Answer 4

Volume Snapshot Service (also known as the Volume Shadow Copy Service)

Question 5

What does DRSUAPI stand for?

Answer 5

Directory Replication Service User API

Question 6

What is DRSUAPI used for?

Answer 6

DRSUAPI is used for directory-based name translation and for replication with Active Directory servers replication.

Question 7

What does LDAP stand for?

Answer 7

Lightweight Directory Access Protocol

Question 8

What does LDAP do?

Answer 8

LDAP provides communication between applications and directory services

Question 9

What port does LDAP use?

Answer 9

LDAP is an application layer protocol that uses port 389 via TCP or user datagram protocol (UDP).

Question 10

What is the difference between LDAP and LDAPS?

Answer 10

LDAPS allows for the encryption of LDAP data (which includes user credentials) in transit during any communication with the LDAP server (like a directory bind), thereby protecting against credential theft

Question 11

What port does LDAPS use?

Answer 11

LDAP is an application layer protocol that uses port 636 via TCP or user datagram protocol (UDP).

Question 12

What does DNS stand for?

Answer 12

Domain Name System (DNS)

Question 13

What services help identify IP hostnames?

Answer 13

DNS, LLMNR, and NetBIOS are three name resolution services built in to Windows to help systems find address names from other devices on the network

Question 14

What does LLMNR stand for?

Answer 14

Link Local Multicast Name Resolution (LLMNR)

Question 15

What does NBT-NS stand for?

Answer 15

NetBIOS Name Service (NBT-NS)

Question 16

What is Kerberos?

Answer 16

Kerberos is the default authentication service for Active Directory that uses ticket-granting tickets and service tickets to authenticate users and give users access to other resources across the domain

Question 17

What port does Kerberos use?

Answer 17

Kerberos uses port 88

Question 18

Is Kerberos UDP or TCP?

Answer 18

Kerberos is primarily a UDP protocol, although it falls back to TCP for large Kerberos tickets. This may require a special configuration on firewalls to allow the UDP response from the Kerberos server (KDC). Kerberos clients need to send UDP and TCP packets on port 88 and receive replies from the Kerberos servers.

Question 19

What is NTLM?

Answer 19

NTLM is the default Windows authentication protocol that uses an encrypted challenge/response protocol

Question 20

What is Kerberoasting?

Answer 20

Kerberoasting is a technique that relies on requesting service tickets for service account service principal names (SPNs). The tickets are encrypted with the password of the service account associated with the SPN, meaning that once you have extracted the service tickets using a tool like Mimikatz, you can crack the tickets to obtain the service account password using offline cracking tools.