The Cyber Threat Perspective Episode 175: NetTools - The Free Active Directory Swiss Army Knife for IT Admins & Pen Testers
In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that’s become a go-to for their internal penetration testing engagements.
They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries with a hex editor. NetTools eliminates that friction entirely — no installation, no dependencies, no signatures to fight.
Topics covered include:
- Why NetTools replaced AD Explorer and how EDR pressure forced the shift
- Group Policy enumeration, including how to spot dangerous GPO permissions like authenticated users with write access to server OUs
- LDAP Search & Browser for querying AD, identifying risky data (like passwords in descriptions), and exploring object relationships
- Assigned Trustees & Permissions Reporter for fast, visual identification of misconfigurations
- How to run NetTools from non-domain-joined machines using saved credential profiles
- Password checker functionality for targeted validation without spraying the environment
For pentesters, it’s a faster way to get visibility into AD risk. For IT admins, it’s a practical way to audit and harden your environment.
NetTools combines the functionality of multiple tools into one portable utility. Learn more at nettools.net. Credit to creator Gary Reynolds.
NetTools | The Swiss army knife of AD troubleshooting
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.