Active Directory Flashcards
What does NTDS.dit stand for?
New Technology Directory Services (NTDS) Directory Information Tree (dit)
What does NTLM stand for?
New Technology LAN Manager
Where is the NTDS.dit file located?
The NTDS file (NTDS.dit) is located in %SystemRoot%\NTDS\Ntds.dit of a Domain Controller
What does VSS stand for?
Volume Snapshot Service (also known as the Volume Shadow Copy Service)
What does DRSUAPI stand for?
Directory Replication Service User API
What is DRSUAPI used for?
DRSUAPI is used for directory-based name translation and for replication with Active Directory servers replication.
What does LDAP stand for?
Lightweight Directory Access Protocol
What does LDAP do?
LDAP provides communication between applications and directory services
What port does LDAP use?
LDAP is an application layer protocol that uses port 389 via TCP or user datagram protocol (UDP).
What is the difference between LDAP and LDAPS?
LDAPS allows for the encryption of LDAP data (which includes user credentials) in transit during any communication with the LDAP server (like a directory bind), thereby protecting against credential theft
What port does LDAPS use?
LDAP is an application layer protocol that uses port 636 via TCP or user datagram protocol (UDP).
What does DNS stand for?
Domain Name System (DNS)
What services help identify IP hostnames?
DNS, LLMNR, and NetBIOS are three name resolution services built in to Windows to help systems find address names from other devices on the network
What does LLMNR stand for?
Link Local Multicast Name Resolution (LLMNR)
What does NBT-NS stand for?
NetBIOS Name Service (NBT-NS)
What is Kerberos?
Kerberos is the default authentication service for Active Directory that uses ticket-granting tickets and service tickets to authenticate users and give users access to other resources across the domain
What port does Kerberos use?
Kerberos uses port 88
Is Kerberos UDP or TCP?
Kerberos is primarily a UDP protocol, although it falls back to TCP for large Kerberos tickets. This may require a special configuration on firewalls to allow the UDP response from the Kerberos server (KDC). Kerberos clients need to send UDP and TCP packets on port 88 and receive replies from the Kerberos servers.
What is NTLM?
NTLM is the default Windows authentication protocol that uses an encrypted challenge/response protocol
What is Kerberoasting?
Kerberoasting is a technique that relies on requesting service tickets for service account service principal names (SPNs). The tickets are encrypted with the password of the service account associated with the SPN, meaning that once you have extracted the service tickets using a tool like Mimikatz, you can crack the tickets to obtain the service account password using offline cracking tools.
