Attacking And Defending Active Directory: AD Pentesting

Description

Embark on a cybersecurity journey with our course, “Attacking and Defending Active Directory.” This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.

Group Cards

Telegram Group Join Now

Facebook Group Join Now

WhatsApp Group Join Now

The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.

Gain an in-depth understanding of Active Directory structure and components.
Explore the intricacies of domains, forests, trust relationships, and organizational units.
Learn to identify and assess vulnerabilities within Active Directory configurations.
Analyze Group Policy settings and other security parameters for weaknesses.
Explore common misconfigurations and security weaknesses in Active Directory.
Develop proficiency in exploiting vulnerabilities to gain unauthorized access.
Develop strategies for securing and hardening Active Directory environments.
Understand best practices for defending against common attack techniques.

In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.

As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.

Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!

Course Curriculum:

Introduction
1. Introduction
Active Directory Basics
1. Active Directory Basics
2. Task
3. Quiz
Active Directory Authentication
1. Active Directory Authentication Overview
2. Hashing algorithms in windows
3. Kerberos basics
4. Components of kerberos
5. kerberos explanation with diagram
6. kerberos explanation with diagram
7. Group policy in active directory
8. Task
9. Quiz
Active Directory Pentesting Lab setup
1. Overview of lab setup
2. Necessary files for lab setup
3. Domain controller installation and setup
4. Windows client installation
5. Domain Controller configuration
6. Joining computers with domain controller
7. Client machines configuration
8. Client machines configurations -2
Powershell Basics and file transfer basics
1. Powershell overview
2. Powerhsell commands practical
3. File transfer methods overview
4. File transfer practical
5. Quiz
Breaching In Active Directory Pentesting
1. Breaching overview
2. OSINT and phishing
3. Initial access using web attacks
4. LLMNR poisoning overview and mitigations
5. LLMNR poisoning practical attack using SMB
6. LLMNR poisoning practical attack using WPAD
7. SMB relay attack overview and mitigations
8. SMB relay attack practical
9. AS-REP Roasting overview
10. AS-REP Roasting practical attack
11. PasswordSpray attack overview
12. PasswordSpray attack practical
13. More methods of initial access on AD
14. Breaching mitigations
15. Quiz
Enumeration In Active Directory Pentesting
1. Enumeration in active directory overview
2. Enumeration using powershell native commands
3. PowerView overview
4. PowerView – 1
5. Lab Update
6. PowerView – 2
7. PowerView – 3
8. BloodHound overview
9. BloodHound Practical
10. AD lab troubleshooting
11. Task
12. Quiz
Lateral Movement in Active Directory Pentesting
1. Lateral movement overview
2. Pass-the-hash attack overview and mitigations
3. Pass-the-hash attack practical
4. Pass-the-ticket overview
5. Pass-the-ticket attack practical
6. Overpass-the-hash overview
7. Overpass-the-hash attack practical
8. RDP Hijacking overview
9. RDP Hijacking attack practical
10. Task
11. Quiz
Pivoting In Active Directory Pentesting
1. Pivoting intro
2. Lab setup overview
3. Chisel intro
4. Pivoting practical
5. Quiz
Exploitation In Active Directory Pentesting
1. Exploitation overview
2. Kerberosting overview
3. kerberosting Practical
4. Exploiting permission delegation overview #1
5. Exploiting permission delegation practical #1
6. Exploiting permission delegation overview #2
7. Exploiting permission delegation practical #2
8. Group memebership abuse overview #1
9. Group memebership abuse practical #1
10. Group memebership abuse overview #2
11. Group memebership abuse practical #2
12. More on group membership abuse
13. GPO abuse overview
14. GPO abuse practical
15. Extracting logged on admins hashes
16. Printnightmare attack overview
17. Printnightmare attack practical
18. Zerologgon attack overview
19. Zerologgon attack practical
20. Keberos delegation overview
21. Task
22. Quiz
Persistence In Active Directory Pentesting
1. Persistance overview
2. Golden and silver ticket attack overview and mitigations
3. Golden and silver ticket attack practical
4. Diamond ticket attack overview
5. Diamond ticket attack practical
6. DCSync overview
7. DCSync attack practical
8. DSRM abuse overview
9. DSRM Abuse practical
10. GPO for persistance
11. Task
12. Quiz
Bonus Lecture
1. Bonus lecture