Projects

Step-by-step build of a local AD lab: one DC and two Windows 10 workstations, static IP/DNS, domain promotion, user creation, domain join, and snapshots. Notes on NAT vs host-only isolation.

A battle-tested AD attack workflow built around an assumed breach on MS01, pivoting with ligolo-ng, targeted internal enumeration, credential harvesting, lateral movement to MS02, and DCSync on DC01. The post includes a copy-paste checklist and diagram links.