Description
Embark on a cybersecurity journey with our course, “Attacking and Defending Active Directory.” This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.
The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.
-
Gain an in-depth understanding of Active Directory structure and components.
-
Explore the intricacies of domains, forests, trust relationships, and organizational units.
-
Learn to identify and assess vulnerabilities within Active Directory configurations.
-
Analyze Group Policy settings and other security parameters for weaknesses.
-
Explore common misconfigurations and security weaknesses in Active Directory.
-
Develop proficiency in exploiting vulnerabilities to gain unauthorized access.
-
Develop strategies for securing and hardening Active Directory environments.
-
Understand best practices for defending against common attack techniques.
In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.
As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.
Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!
Course Curriculum:
-
Introduction
-
Introduction
-
-
Active Directory Basics
-
Active Directory Basics
-
Task
-
Quiz
-
-
Active Directory Authentication
-
Active Directory Authentication Overview
-
Hashing algorithms in windows
-
Kerberos basics
-
Components of kerberos
-
kerberos explanation with diagram
-
kerberos explanation with diagram
-
Group policy in active directory
-
Task
-
Quiz
-
-
Active Directory Pentesting Lab setup
-
Overview of lab setup
-
Necessary files for lab setup
-
Domain controller installation and setup
-
Windows client installation
-
Domain Controller configuration
-
Joining computers with domain controller
-
Client machines configuration
-
Client machines configurations -2
-
-
Powershell Basics and file transfer basics
-
Powershell overview
-
Powerhsell commands practical
-
File transfer methods overview
-
File transfer practical
-
Quiz
-
-
Breaching In Active Directory Pentesting
-
Breaching overview
-
OSINT and phishing
-
Initial access using web attacks
-
LLMNR poisoning overview and mitigations
-
LLMNR poisoning practical attack using SMB
-
LLMNR poisoning practical attack using WPAD
-
SMB relay attack overview and mitigations
-
SMB relay attack practical
-
AS-REP Roasting overview
-
AS-REP Roasting practical attack
-
PasswordSpray attack overview
-
PasswordSpray attack practical
-
More methods of initial access on AD
-
Breaching mitigations
-
Quiz
-
-
Enumeration In Active Directory Pentesting
-
Enumeration in active directory overview
-
Enumeration using powershell native commands
-
PowerView overview
-
PowerView – 1
-
Lab Update
-
PowerView – 2
-
PowerView – 3
-
BloodHound overview
-
BloodHound Practical
-
AD lab troubleshooting
-
Task
-
Quiz
-
-
Lateral Movement in Active Directory Pentesting
-
Lateral movement overview
-
Pass-the-hash attack overview and mitigations
-
Pass-the-hash attack practical
-
Pass-the-ticket overview
-
Pass-the-ticket attack practical
-
Overpass-the-hash overview
-
Overpass-the-hash attack practical
-
RDP Hijacking overview
-
RDP Hijacking attack practical
-
Task
-
Quiz
-
-
Pivoting In Active Directory Pentesting
-
Pivoting intro
-
Lab setup overview
-
Chisel intro
-
Pivoting practical
-
Quiz
-
-
Exploitation In Active Directory Pentesting
-
Exploitation overview
-
Kerberosting overview
-
kerberosting Practical
-
Exploiting permission delegation overview #1
-
Exploiting permission delegation practical #1
-
Exploiting permission delegation overview #2
-
Exploiting permission delegation practical #2
-
Group memebership abuse overview #1
-
Group memebership abuse practical #1
-
Group memebership abuse overview #2
-
Group memebership abuse practical #2
-
More on group membership abuse
-
GPO abuse overview
-
GPO abuse practical
-
Extracting logged on admins hashes
-
Printnightmare attack overview
-
Printnightmare attack practical
-
Zerologgon attack overview
-
Zerologgon attack practical
-
Keberos delegation overview
-
Task
-
Quiz
-
-
Persistence In Active Directory Pentesting
-
Persistance overview
-
Golden and silver ticket attack overview and mitigations
-
Golden and silver ticket attack practical
-
Diamond ticket attack overview
-
Diamond ticket attack practical
-
DCSync overview
-
DCSync attack practical
-
DSRM abuse overview
-
DSRM Abuse practical
-
GPO for persistance
-
Task
-
Quiz
-
-
Bonus Lecture
-
Bonus lecture
-
Thank You,
Vivek Pandit