Active Directory Attacks for Red and Blue Teams - Advanced Edition
This training is also available as Attacking and Defending Active Directory - Advanced Edition as a bootcamp and on-demand class
Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.
This training is aimed towards attacking modern AD Environment using built-in tools like PowerShell and other trusted OS resources.
The training is based on real world penetration tests and Red Team engagements for highly secured environments.
Some of the techniques (see the course content for details), used in the course:-
- Extensive AD Enumeration
- Active Directory trust mapping and abuse.
- Privilege Escalation (User Hunting, Delegation issues and more)
- Kerberos Attacks and Defense (Golden, Silver ticket, Kerberoast and more)
- Cross forest trust abuse (Lateral movement across forest, PrivEsc and more)
- Credentials Replay Attacks (Over-PTH, Token Replay etc.)
- Abusing trusts for MS products (Exchange, SQL Server etc.)
- Persistence (DCShadow, WMI, GPO, Domain and Host ACLs and more)
- Monitoring Active Directory
- Defenses (Red Forest, JEA, PAW, LAPS, Selective Auth, Deception, App Whitelisting, ATA, Tiered Administration etc.)
- Bypassing defenses
The course is a mixture of fun, demos, exercises, hands-on and lecture. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools.
Attendees will get free one month access to an Active Directory environment comprising of multiple domains and forests, during and after the training. This training aims to change how you test an Active Directory Environment.
Course Content
- Introduction to Active Directory and Kerberos
- Introduction to PowerShell
- Domain Enumeration (Attacks and Defense)
- Trust and Privileges Mapping
- Local Privilege Escalation
- Credential Replay Attacks (Over-PTH, Token Replay etc.)
- Domain Privilege Escalation (Attacks and Defense)
- Dumping System and Domain Secrets
- Kerberos Attacks and Defense (Golden, Silver tickets and more)
- Advanced Cross Forest Trust abuse (Attacks and Defense)
- Delegation Issues
- Abusing trusts for MS products (Exchange, SQL Server etc.)
- Attacking Azure integration and components
- Persistence Techniques
- Monitoring AD
- Defenses (Red Forest, JEA, PAW, LAPS, Selective Auth, Deception, App Whitelisting, ATA, Tiered Administration etc.)
- Bypassing Defenses
What would the attendees gain?
1. One month access to the online Lab, solutions to exercises and Lab manual.
2. The attendees would learn powerful attack techniques which could be applied from day one after the training.
3. The attendees would understand that it is not always required to use third party executables, non-native code or memory corruption exploits on the targets in AD.
Prerequisites
1. Basic understanding of how penetration tests are done.
2. Basic understanding of Active Directory.
3. An open mind.
System Requirements
1. System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.