Active Directory Pentesting and Security
Active Directory Pentesting and Security is Foundation training to pentest and defends the on-prem active directory environments.
Today, most enterprise networks are managed using Windows Active Directory, and a security professional must understand the critical threats to the windows infrastructure.
Active Directory Pretesting and Security training is designed to provide security engineers to understand, analyze and practice threats and attacks in an Active Directory environment. The course is based on our extensive research in breaking the Windows and AD environments. The training is complete beginner-friendly and it comes with an instructor-led course.
There is a large gap of knowledge that security professionals and administrators often struggle to fill when it comes to AD security. We often found misconfigured environments because of skill-gap and understanding the seriousness of attacks. Over the years, we have delivered numerous real-world training’s on AD security to internal engineering teams.
The Active directory pentesting and security simulates real-world attack and defense scenarios, and we start with a non-admin user account in the domain and work our way up to enterprise admin. The focus is on exploiting various overlooked domain features and not just software vulnerabilities.
We cover topics like AD enumeration, tools to use, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket, silver ticket and more), ACL issues, SQL server trusts, and bypasses of defenses
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
- Active Directory Implementation Overview
- Kerberos and NTLM authentication procedure
- Domain ACL and Sensitive groups overview
- Understanding Domain Trusts and boundries
- Designing Active Directroy Pentesting Lab for Pentesting
- MITRE AT & CT Framework for Pentesters
- Understanding the C & C for active directory pentesting
- Comparison matrix of C2 servers
- Setting up Cobalt strike , Empire and Mythic-c2
- Designing C2 profiles for avoiding detections
- Enumerating the organization for initial access overview
- Common public-facing services insecurities
- OSINT Primer for AD pentesting
- Windows API Overview
- Understanding windows Architecture
- Process, threads, DLLs, Virtual memory
- Creating malicious process with windows API
- Common obfuscation to bypass AV
- Offensive VBA for pentesters
- Developing malicious Documents for initial access
- Stomping the malicious Documents
- Automated enumeration of vulnerabilities
- Windows privilege escalation attacks
- Services exploitation
- Credential theft
- Bypassing lsass protections
- UAC bypassing
- Token impersonation
- Understanding basics of PowerShell cmdlets
- File transfer with PowerShell
- understanding WMI and Powershell remoting
- PowerShell Reverse shell and payloads
- Payload execution on the fly, avoid writing into disk
- Fileless attacks process and lifecycle
- Reflective DLL loader with PowerShell
- Obfuscation with PowerShell
- Disabling defences and adding exclusions with PowerShell
- Enabling RDP and Disable Restricted Admin mode
- Understanding the AMSI service
- Bypassing AMSI protections
- Understating In-memory executions
- Executing executable assemblies in memory
- Password Spraying attacks
- Pass the hash attacks
- RDP access with Pass the hash
- Accessing LAPS
- Misconfigured Sysvol policies
- Brute forcing hashes
- Domain users enumeration
- Domain computer enumeration
- Domain groups enumerations
- GPO and OU enumerations
- Domain ACL enumerations
- Automating Domain enumeration with bloodhound
- Understanding the Application whitelisting
- Bypassing the Powershell execution restrictions
- Restricting executions with Applocker policies
- Default policies and Custom policies
- Bypassing the app locker policies with common whitelisted locations
- Bypassing CLM with the living off the lands techniques
- Understanding Delegations
- Attacking Unconstraint delegations
- Attacking Constraint delegations
- Attacking Service Principal Names
- Attacking service accounts
- Targeted Kerberosting attacks
- Kerberos double Hope Issues
- Distributed COM Model issues
- Pass the ticket and overpass the hash attacks
- Attacking via sensitive groups to become domain administrator
- Exploiting ACLs in AD
- Understanding domain persistence
- Dcsync attack
- DSRM and DCshadow attacks
- ADCS attacks
- Silver ticket attack
- Golden ticket attack
- Zerologon attack
- Defending primer for system administrator and security engineers
- The Principle of (Endpoint) Least Privilege implementation
- Just Enough Administration
- Principal of Documenting and monitoring the data .
who should attend this training?
This training is a core foundation training. Anyone who has basic Pentesting knowledge can join this training
why should i take this training?
Organizations want to protect their internal infrastructure from intruders but there is a massive skill gap in core on-prem environment deployment. To fill the skill gap we have designed this training for administrators and Pentesters. For Pentesters, it’s a golden opportunity to upgrade the existing knowledge. This course will prepare the overall mindset to think about how APT’s are targeting the organisations.
prerequisite of the training ?
The person should familiar with basic IT operations
what is the total duration of the training ?
Active directory pentesting and security is an Instructor-led online training.
The total duration of the training is 25 hours.
Active directory pentsting and
security inqurity form