Attacking and Defending Active Directory: Advanced Edition [July 2024]
A deep dive into Red Teaming – Practice attacks with focus on OpSec, Living Off the Land and bypassing security controls like MDI, WDAC and more in a secure multi-forest active directory lab environment. Earn the CRTE certification
Starts: 6th July 2024 Duration: 4 weeks
Recordings of live sessions included!
What You Will Learn
This advanced bootcamp is designed to help security professionals understand, analyze and practice threats and attacks in a modern, multi-forest Active Directory environment with fully patched Server 2019 machines.
In addition to learning the popular tactics, techniques and procedures (TTPs), you will also see how they change for attacks across forest trusts. You will also learn how to abuse or bypass modern Windows defenses like Advanced Threat Analytics, Local Administrator Password Solution (LAPS), Just Enough Administration (JEA), Resource-Based Constrained Delegation (RBCD), Windows Defender Application Control (WDAC), Application Whitelisting (AWL), Constrained Language Mode (CLM), virtualization and more.
4 Live Sessions
3.5 Hrs Per Session
4 Weeks Access
60 Flags To Be Collected
29 Lab Exercises
1 CRTE Attempt
Recordings Of Live Sessions
Build Your Cybersecurity Credentials
Become a Certified Red Team Expert (CRTE)
A certificate holder has demonstrated the capability of enumerating and understanding an unknown Windows network and can identify misconfigurations, functionality abuse and trusts abuse. She can use, write and modify open source tools and can abuse other built-in tools to perform enumeration, local privileges escalation, impersonation, pivoting, whitelisting bypasses, and antivirus evasion as well as identify sensitive data with minimal chances of detection.
Bootcamp Completion Certificate
Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.
Live Session Schedule
Weekly 3.5 hr sessions start at 10:00am ET and end at 01:30pm ET.
DATE
LIVE SESSIONS
6 July 2024
Introduction to Active Directory, Enumeration and Local Privilege Escalation
13 Jul 2024
Lateral Movement, Domain Privilege Escalation
20 Jul 2024
Dominance and Escalation to Enterprise Admins, Domain Persistence
27 Jul 2024
Defenses, Monitoring and Bypassing Defenses
Prerequisites
1. A good understanding of Active Directory security.
2. The ability to use command line tools.
Bootcamp Syllabus
The course is split in four modules across four weeks:
Module I:
Introduction to Active Directory, attack methodology and tradecraft
Domain Enumeration (Attacks and Defense)
Enumerating information that would be useful in attacks with leaving minimal footprint on the endpoints
Understand and practice what properties and information to look for when preparing attack paths to avoid detection
Enumerate trust relationships within and across forests to map cross trust attack paths
Learn and practice escalating to local administrator privileges in the domain by abusing OU Delegation, Restricted Groups, LAPS, Nested group membership and hunting for privileges using remote access protocols
Credential Replay Attacks
Module II:
Abusing on-prem MS Exchange for privilege escalation and extracting emails and sensitive information from mailboxes
Evading application whitelisting (WDAC)
Domain Privilege Escalation by abusing Unconstrained Delegation: understand how unconstrained delegation is useful in compromising multiple high privilege servers and users in AD
Abusing Constrained Delegation for Domain Privilege Escalation by impersonating high privilege accounts
Using ACL permissions to abuse Resource-based Constrained Delegation
Domain Persistence Techniques
Module III:
Advanced Cross Domain attacks. Learn and practice attacks that allow escalation from Domain Admins to Enterprise Admins by abusing MS Products and delegation issues
Lateral movement from on-prem to Azure AD by attacking Hybrid Identity infrastructure
Advanced Cross Forest attacks. Execute attacks like abuse of Kerberoast, SID Filtering misconfigurations etc. across forest trusts forests and understand the nuances of such attacks
Module IV:
Abusing SQL Server for cross forest attacks
More on advanced Cross Forest attacks like abuse of Foreign Security Principals, ACLs etc.
Abusing PAM trust and shadow security principals to execute attacks against a managed forests
Detections and Defenses (Red Forest, JEA, PAW, LAPS, Selective Auth, Deception, App Whitelisting, ATA, Tiered Administration)
Bypassing defenses like Advanced Threat Analytics, Protected Users Group, WDAC etc.
Purchase Options
Bootcamp
30 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT
$399
Extension
30 DAYS
LAB EXTENSION
+
ONE COMPLEMENTARY EXAM ATTEMPT
$249
Bootcamp
60 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT
$599
Reattempt
EXAM
REATTEMPT
$99
Bootcamp
90 DAYS LAB ACCESS
+
BOOTCAMP
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT
$799
Exam Reattempt is only for existing or past students of this course who have already purchased this course in the past.
Munaf Shariff
MEET THE INSTRUCTOR
Munaf is an information security professional whose areas of interest include penetration testing, red teaming, malware development, defense evasion and Active Directory security. Munaf likes to research on EDR evasion and C2 frameworks. He has worked extensively on various Red Team and Active Directory security topics.
He has spoken/trained at conferences like DEF CON and BlackHat. He works as a Security Researcher at Altered Security.
COMPANY
RED TEAM LABS
Attacking and Defending Active Directory Lab
Windows Red Team Lab
Attacking and Defending Azure Cloud
Attacking and Defending Azure - Advanced
Global Central Bank
AD CS Attacks for Red and Blue Teams
Azure Application Security
Attacking Active Directory with Linux
CONTACT US
Want to get in touch? We'd love to hear from you.
Here's how you can reach us...
OUR EMAIL
Terms of Service © 2024 by AlteredSecurity. All Rights Reserved Privacy Policy