Red Team Dairy

Summary What’s up folks! In this post, we’re going to set up a simple, small AD homelab for CRTP prep and polishing our Red Team skills. There are already a number of practical AD homelab guides and YouTube videos out there, but for some reason, I found most of them difficult to follow. That’s why I decided to create my own and document the process here (so I don’t forget it myself!) Setting up an AD homelab is crucial if you are serious about Red Teaming. Homelabbing helps you understand both sides of the coin; you’ll understand why an attack works because you were the one who set up that misconfiguration in the first place. This changed my perspective on how I approach AD environments and truly helped me in my CRTP journey. I’m not a big fan of theory, so let’s get our hands dirty!" ...

Introduction Active Directory environments are designed with multiple safety mechanisms to prevent accidental or malicious privilege escalation—even by administrators. One such mechanism is AdminSDHolder, which quietly enforces strict permissions on high-privilege objects. At first glance, this protection may seem like an obstacle. But when understood correctly, it can become a powerful persistence mechanism. What are we looking at ? Let’s say we already have Domain Admin privileges in a domain. At that point, there’s almost nothing we can’t do. Full control, full access. ...