An easy-rated Active Directory box involving web enumeration and AS-REP roasting for initial access, AutoLogon credentials for lateral movement, and abusing rights to achieve DCSync - leading to full domain compromise.

An easy-rated Active Directory box involving AS-REP roasting for initial access, and abusing transitive group memberships with WriteDacl to achieve DCSync and full domain compromise.

An easy-rated Active Directory box involving SMB enumeration and GPP passwords for initial access, and kerberoasting to obtain administrator access.