With Active Directory Defensive Operations training, the candidate will learn how to use specific PowerShell guidelines for Active directory security and hardening PowerShell itself. There is no prior PowerShell scripting experience is required to take the course because you will learn PowerShell along with the training itself. We will prepare PowerShell ransomware scripts in the lab to implement better ransomware defenses.
In Active Directory Defensive Operations training, we will use multiple use cases to defend Windows against multiple attacks described in the MITRE ATT&CK matrix, mostly stolen administrative credentials, ransomware, and hacker lateral movement LAN, and insecure Windows protocols, like RDP and SMB.
The learning objective is focused on following key concepts :-
- Hardening PowerShell itself against abuse, and enable transcription logging for your SIEM.
- Learn how to access the WMI service for remote command execution, searching event logs, reconnaissance, and lateral movements.
- Group Policy insecure configurations use cases and mitigations
- Prevent the server from the lateral movement of hackers and ransomware using Windows Firewall, IPsec, DNS sinkholes, admin credential protections, and more.
- Prevent exploitation using AppLocker and other Windows OS hardening techniques in a scalable way with PowerShell.
- Configure PowerShell remoting to use Just Enough Admin policies.
- Configure secure defenses against pass-the-hash attacks, Kerberos Golden Tickets, Remote Desktop Protocol (RDP) man-in-the-middle attacks, Security Access Token abuse, and other multiple attacks
- Implement and manage a full Windows Public Key Infrastructure, including smart cards, certificate auto-enrollment, Online Certificate Status Protocol web responders, and detection of spoofed root Certificate Authentications.
- Harden essential protocols against exploitation, such as SSL, RDP, DNS, PowerShell Remoting, ACL/ACE, and other methods.
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
- PowerShell basic structure
- Piping .NET and COM objects
- The backbone of Windows and Azure automation
- Graphical admin tools wrapped around PowerShell
- Built-in remote script execution
- assigning arguments into powershell scripts
- build Cmdlets, functions, and aliases
- Flow control: if-then, do-while, foreach, switch loops
- The .NET class library: the shade of windows
- Piping data in/out of scripts
- Create your own module script
- Capturing the output of powershell commands
- Parsing text files and logs with regex methods
- Mounting the registry as a drive
- Importing third-party modules and functions
- Powershell Classes, objects, properties, and methods
- An array of objects like table of SQL records
- Extracting just the properties you want
- Exporting objects to CSV, HTML, XML, and JSON files
- Filtering, sorting, and grouping objects
- Remote reverse shells with PowerShell
- Basics of Smart card and YubiKey auth
- Traffic encryption with SSL/TLS, SSH, or IPsec
- RCE in scheduled tasks
- File upload and download using the PowerShell Remoting protocol
- Graphical apps can use PowerShell remoting too
- PowerShell Core integration with SSH
- Hardening SSH for Internet use
- Key-based SSH authentication and password managers
- Just Enough Administration
- Restricting PowerShell commands and arguments
- Verbose transcription logging of commands
- How to set up and configure JEA
- JEA for Privileged Access Workstations
- Enumerating various enterprise TCP and UDP services
- Network packet sniffing & customization with Scapy
- Advance NMAP
- Port Scanning Countermeasures
- Hands-on lab – Enumeration and Scanning of multiple services
- Querying and managing Active Directory with PowerShell
- Enforcing desired Domain Admins group membership
- Disabling abandoned user accounts and resetting passwords
- Detecting password brute-force attacks
- Searching organizational units using filter criteria
- ADSI Edit and other helper tools for PowerShell
- Active Directory Administrative Center
- Active Directory objects permissions
- Active Directory objects auditing
- Limiting what PowerShell scripts can do in AD
- Log what PowerShell is doing in AD
- Delegate authority at the OU level instead
- Designing Active Directory for the inevitable breach
- Running PowerShell automatically after service failure
- Service account identities, passwords, and risks
- Tools to reset service account passwords securely
- managing Windows Firewall rules with powershell
- Blocking malicious outbound connections
- Role-based access control for listening ports
- Deep IPsec integration for user authentication
- Firewall logging to the event logs
- PowerShell transcription logging
- WMI namespace auditing
- Windows Event Log audit policies
- Querying Windows Event Logs with PowerShell
- Smart card authentication of PowerShell remoting Ceritifcates
- TLS encryption of PowerShell remoting Certificates
- PowerShell scripts for AppLocker Certificates Signing
- TLS encryption of WMI queries with PowerShell Certificates
- Encrypt admin passwords (instead of LAPS) Certificates
- Web servers, domain controllers, and other Certificates
- PowerShell installation script for PKI
- Managing digital certificates with PowerShell
- Custom certificate templates in Active Directory
- Controlling certificate auto-enrollment
- Setting up an Online Certificate Status Protocol responder web farm
- Configuring Certificate Revocation List publication
- YubiKey smart tokens for logon, PowerShell remoting and others
- Trusted Platform, Module TPM virtual smart cards
- Safely enroll tokens and cards on the behalf of other users
- How to revoke Hacked certificates
- PowerShell script to audit trusted root CAs
- PowerShell script to delete attacker installed certificates
- How to use PKI smart cards and smart tokens
- How to encrypt private keys on the hard drive
- Hardware Security Module for CAs
- How to digitally sign PowerShell scripts
- AppLocker integration for PowerShell
- PowerShell execution policy methods
- PowerShell specific constrained language mode
- Anti-Malware Scan Interface (AMSI) basics
- Restricting network access to block pivoting attacks
- Hashing scripts for change detection and prevantation
- The Principle of (Endpoint) Least Privilege implementation
- Prevent Domain Admin credential theft with maximum security
- Windows 10 Credential Guard and implementations
- User Account Control (UAC) instead of RUNAS.EXE
- How to write an all-in-one build script with OS hardening
- PowerShell for roles, features, networking, policies, etc.
- Automation is the future !!
who should attend this training?
- Network Associates
- System Administrators
- Network Administrators
- System Architects
- Data Center Admins
- System Auditors
what is duration of this training
The duration of windows security and administration is 50 hours.
How many days classes with be organized in a week ?
The instructor-led sessions are based on 3 days a week with 2 hours of duration.
Weekend Sessions are also available for working professionals.
Can i take a demo before the training ??
yes, you can take a free demo and complimentary assistance for your career with our specialist trainers.
Any prerequisite for Windows security and active automation training ?
The person should familiar with basic windows administration and implmenetation
How to register for this training ?
Please drop your inquiry at [email protected] or call +919999508202 for more assistance .
Can i take training in fast-track mode ?
Yes, we have 7 days of sessions for fast track mode learners.
active Directory defensive
Whats Next ?
IF you want to upgrade your skills after certified ethical hacker then please Checkout the advanced training modules .
together Let’s Create the future
Top 10 certified ethical hacker training institute in Delhi for online & Classroom training .