Ever since the advent of tools like PowerSploit, Empire, Bloodhound and CrackMapExec pentesting Active Directory has become a pretty straight forward and repetitive process for 95% of all the environments that I get dropped into. This begs the question: can the process of going from an unprivileged domain user to Domain Admin be automated? Well obviously, since this talk is a thing, the answer is yes!
Introducing the DeathStar: a Python script that leverages Empire 2.0's RESTful API to automate the entire AD pentesting process from elevating domain rights, spreading laterally and hunting down those pesky Domain Admins!
This talk will mainly focus on how DeathStar works under the hood, how to properly defend against it and the most common AD misconfigurations/vulnerabilities that I see in almost every environment which allow for this script to be so effective. It will then conclude with live demos of the tool in action (which hopefully will not fail miserably) and some final considerations from yours truly.