# Referências

Ataques para executar em ambientes AD

* LLMNR poisoning
* SMB Relay
* IPV6 mitm6

> **Active Directory Security** - Eventos que contaram com temas sobre Active Directory
>
> <https://adsecurity.org/?page_id=1352>

> **Red Teaming Active Directory** - Guia sobre Red Team em Active Directory
>
> [https://h4ms1k.github.io/Red\_Team\_Active\_Directory/](https://h4ms1k.github.io/Red_Team_Active_Directory/#)

> **Beyond the MCSE: Red Teaming Active Directory** - Um passo a passo sobre operação Red Team em um AD
>
> <https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf>

> **DNS Server Dynamic Update Record Injection** - Um guia sobre como explorar a vulnerabilidade de injeção de DNS
>
> <https://www.virtuesecurity.com/kb/dns-server-dynamic-update-record-injection/>

> **Integrated DNS** - Um passo a passo sobre a exploração no DNS
>
> <https://www.netspi.com/blog/technical-blog/network-pentesting/exploiting-adidns/>

> **AD-Pentest Methodology** - Um guia sobre vulnerabilidades presentes em um pentest de AD
>
> <https://www.vaadata.com/blog/active-directory-pentesting-objective-methodology-black-box-and-grey-box-tests/>

> **PlumHound** - Uma ferramenta para auxiliar na geração do relatório sobre o BloodHound
>
> <https://github.com/PlumHound/PlumHound>

> **AD-Attacks** - Um guia sobre pentest em AD
>
> <https://github.com/AD-Attacks/Active-Directory-Penetration-Testing>

> **BloodHound** - Ferramenta muito utilizada em pentest AD
>
> <https://github.com/BloodHoundAD/BloodHound>

> **PowerHuntShares** - Ferramenta utilizada para descobrir shares com misconfiguration em ambientes de rede interna
>
> <https://www.netspi.com/blog/technical-blog/network-pentesting/powerhuntshares-2-0-release/>

> **Pingcastle** - Ferramenta de auditoria de segurança em AD
>
> <https://github.com/netwrix/pingcastle>

> **AdMiner** - Ferramenta que realiza auditoria de segurança em AD\
> <https://github.com/AD-Security/AD_Miner>

> **PurpleKnight** - Ferramenta que realiza o processo de auditoria de segurança em AD\
> <https://www.semperis.com/purple-knight/>

> **Inveigh** - Ferramenta para realização de ataques man-in-the-middle
>
> <https://github.com/Kevin-Robertson/Inveigh>

> **WinPwn** - Ferramenta de automação de exploração em ambientes Windows
>
> <https://github.com/S3cur3Th1sSh1t/WinPwn>

> **ATEAM** - Ferramenta para enumeração de Azure
>
> <https://github.com/NetSPI/ATEAM>

> **Impacket** - Ferramenta muito utilizada que conta com vários scripts para realizar ataques em redes internas
>
> <https://github.com/fortra/impacket>

> **CredsMaster** - Ferramenta de password spray
>
> <https://github.com/knavesec/CredMaster>

> **Certify** - Ferramenta utilizada para explorar misconfigurations no AD CS
>
> <https://github.com/GhostPack/Certify>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://handbook.vantico.com.br/metodologias/rede-interna/referencias.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.