AD Basics

https://www.youtube.com/watch?v=Whh3kPS0FdA

Installing AD server

http://www.rebeladmin.com/2014/07/step-by-step-guide-to-setup-active-directory-on-windows-server-2012/https://scriptdotsh.com/index.php/2018/08/26/active-directory-penetration-dojo-setup-of-ad-penetration-lab-part-2/https://scriptdotsh.com/index.php/tag/active-directory/https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/

Setting up a automated lab https://github.com/AutomatedLab/AutomatedLab

Installing AD server https://sethsec.blogspot.com/2017/06/pentest-home-lab-0x2-building-your-ad.html

Enumeration:

All Active Directory attacks https://adsecurity.org/?page_id=4031

Active Directory Penetration Dojo – AD Environment Enumeration -1 https://scriptdotsh.com/index.php/2019/01/01/active-directory-penetration-dojo-ad-environment-enumeration-1/

Low Privilege Active Directory Enumeration from a non-Domain Joined Host

https://www.attackdebris.com/?p=470

Kerberos Domain Username Enumeration

https://www.attackdebris.com/?p=311

SPN SCanning
SPN Scanning – Service Discovery without Network Port Scanning https://adsecurity.org/?p=1508

Active Directory Pentest Recon Part 1: SPN Scanning aka Mining Kerberos Service Principal Names https://adsecurity.org/?p=230

Kerberoasting https://adsecurity.org/?p=2293 Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Explains kerberoasting and how the exploitation takes place.

https://github.com/nidem/kerberoast Steps for kerberoasting

https://blog.stealthbits.com/extracting-service-account-passwords-with-kerberoasting/ Another blog listing out the steps for kerberoasting. It also has a couple of other attacks

https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/ DISCOVERING SERVICE ACCOUNTS WITHOUT USING PRIVILEGES

Kerberoasting explained. Also has kerberoasting with rubeus https://posts.specterops.io/kerberoasting-revisited-d434351bd4d1