Attacking And Defending Active Directory: AD Pentesting

admin

Description

Embark on a cybersecurity journey with our course, “Attacking and Defending Active Directory.” This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.

Group Cards
Telegram Group Join Now
WhatsApp Group Join Now

The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.

  • Gain an in-depth understanding of Active Directory structure and components.

  • Explore the intricacies of domains, forests, trust relationships, and organizational units.

  • Learn to identify and assess vulnerabilities within Active Directory configurations.

  • Analyze Group Policy settings and other security parameters for weaknesses.

  • Explore common misconfigurations and security weaknesses in Active Directory.

  • Develop proficiency in exploiting vulnerabilities to gain unauthorized access.

  • Develop strategies for securing and hardening Active Directory environments.

  • Understand best practices for defending against common attack techniques.

In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.

As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.

Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!

Course Curriculum:

  1. Introduction

    1. Introduction

  2. Active Directory Basics

    1. Active Directory Basics

    2. Task

    3. Quiz

  3. Active Directory Authentication

    1. Active Directory Authentication Overview

    2. Hashing algorithms in windows

    3. Kerberos basics

    4. Components of kerberos

    5. kerberos explanation with diagram

    6. kerberos explanation with diagram

    7. Group policy in active directory

    8. Task

    9. Quiz

  4. Active Directory Pentesting Lab setup

    1. Overview of lab setup

    2. Necessary files for lab setup

    3. Domain controller installation and setup

    4. Windows client installation

    5. Domain Controller configuration

    6. Joining computers with domain controller

    7. Client machines configuration

    8. Client machines configurations -2

  5. Powershell Basics and file transfer basics

    1. Powershell overview

    2. Powerhsell commands practical

    3. File transfer methods overview

    4. File transfer practical

    5. Quiz

  6. Breaching In Active Directory Pentesting

    1. Breaching overview

    2. OSINT and phishing

    3. Initial access using web attacks

    4. LLMNR poisoning overview and mitigations

    5. LLMNR poisoning practical attack using SMB

    6. LLMNR poisoning practical attack using WPAD

    7. SMB relay attack overview and mitigations

    8. SMB relay attack practical

    9. AS-REP Roasting overview

    10. AS-REP Roasting practical attack

    11. PasswordSpray attack overview

    12. PasswordSpray attack practical

    13. More methods of initial access on AD

    14. Breaching mitigations

    15. Quiz

  7. Enumeration In Active Directory Pentesting

    1. Enumeration in active directory overview

    2. Enumeration using powershell native commands

    3. PowerView overview

    4. PowerView – 1

    5. Lab Update

    6. PowerView – 2

    7. PowerView – 3

    8. BloodHound overview

    9. BloodHound Practical

    10. AD lab troubleshooting

    11. Task

    12. Quiz

  8. Lateral Movement in Active Directory Pentesting

    1. Lateral movement overview

    2. Pass-the-hash attack overview and mitigations

    3. Pass-the-hash attack practical

    4. Pass-the-ticket overview

    5. Pass-the-ticket attack practical

    6. Overpass-the-hash overview

    7. Overpass-the-hash attack practical

    8. RDP Hijacking overview

    9. RDP Hijacking attack practical

    10. Task

    11. Quiz

  9. Pivoting In Active Directory Pentesting

    1. Pivoting intro

    2. Lab setup overview

    3. Chisel intro

    4. Pivoting practical

    5. Quiz

  10. Exploitation In Active Directory Pentesting

    1. Exploitation overview

    2. Kerberosting overview

    3. kerberosting Practical

    4. Exploiting permission delegation overview #1

    5. Exploiting permission delegation practical #1

    6. Exploiting permission delegation overview #2

    7. Exploiting permission delegation practical #2

    8. Group memebership abuse overview #1

    9. Group memebership abuse practical #1

    10. Group memebership abuse overview #2

    11. Group memebership abuse practical #2

    12. More on group membership abuse

    13. GPO abuse overview

    14. GPO abuse practical

    15. Extracting logged on admins hashes

    16. Printnightmare attack overview

    17. Printnightmare attack practical

    18. Zerologgon attack overview

    19. Zerologgon attack practical

    20. Keberos delegation overview

    21. Task

    22. Quiz

  11. Persistence In Active Directory Pentesting

    1. Persistance overview

    2. Golden and silver ticket attack overview and mitigations

    3. Golden and silver ticket attack practical

    4. Diamond ticket attack overview

    5. Diamond ticket attack practical

    6. DCSync overview

    7. DCSync attack practical

    8. DSRM abuse overview

    9. DSRM Abuse practical

    10. GPO for persistance

    11. Task

    12. Quiz

  12. Bonus Lecture

    1. Bonus lecture

Thank You,

Vivek Pandit

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *