# Internal Pentest

- [Active Directory](/cheatsheet/internalpentest/active-directory.md)
- [Reconnaissance](/cheatsheet/internalpentest/active-directory/reconnaissance.md)
- [Find Domain Name](/cheatsheet/internalpentest/active-directory/reconnaissance/find-domain-name.md)
- [Find Domain Controllers](/cheatsheet/internalpentest/active-directory/reconnaissance/find-domain-controllers.md)
- [Enumerating Machines](/cheatsheet/internalpentest/active-directory/reconnaissance/enumerating-machines.md): It is important during an internal penetration test to enumerate alive machines in order to properly cartography the perimeter.
- [Enumerating Services](/cheatsheet/internalpentest/active-directory/reconnaissance/enumerating-services.md): We cannot enumerate every ports on every machines during an internal assessment (because of allotted time). We have to choose specific ports (smb, web ports, administrative ports, etc).
- [DNS Enumeration](/cheatsheet/internalpentest/active-directory/reconnaissance/dns-enumeration.md): DNS Enumeration is an important step to cartography the perimeter.
- [Exploitation](/cheatsheet/internalpentest/active-directory/exploitation.md)
- [Exploit Without Account](/cheatsheet/internalpentest/active-directory/exploitation/exploit-without-account.md)
- [SMB Relay](/cheatsheet/internalpentest/active-directory/exploitation/exploit-without-account/smb-relay.md): This page deals with gaining code execution relaying NTLMv1/2 hashes in a very effective manner.
- [Exploit With Account](/cheatsheet/internalpentest/active-directory/exploitation/exploit-with-account.md)
- [Kerberoast Attack](/cheatsheet/internalpentest/active-directory/exploitation/exploit-with-account/kerberoast-attack.md): This page deals with compromising Active Directory with Kerberoast attack.
- [Post-Exploitation](/cheatsheet/internalpentest/active-directory/post-exploitation.md)
- [Extracting Credentials](/cheatsheet/internalpentest/active-directory/post-exploitation/extracting-credentials.md)
- [Retrieve Windows passwords](/cheatsheet/internalpentest/active-directory/post-exploitation/extracting-credentials/windows-clear-text-credentials.md): This page deals with retrieving windows clear text credentials from memory and WDigest.
- [Retrieve Windows hashes](/cheatsheet/internalpentest/active-directory/post-exploitation/extracting-credentials/retrieve-windows-hashes.md): This page deals with retrieving windows hashes (NTLM, NTLMv1/v2, MSCASHv1/v2).
- [Maintening Access](/cheatsheet/internalpentest/active-directory/post-exploitation/maintening-access.md)
- [Adding Local Administrator](/cheatsheet/internalpentest/active-directory/post-exploitation/maintening-access/adding-local-administrator.md): Adding a local administrator on a machine is a very effective way to maintain access to a machine.
- [Lateral Movement](/cheatsheet/internalpentest/active-directory/post-exploitation/lateral-movement.md)
- [SMB protocol](/cheatsheet/internalpentest/active-directory/post-exploitation/lateral-movement/smb-protocol.md): This page deals with lateral movement using smb protocol.