2-DAY TRAINING 5 – Abusing Active Directory

ATTEND ONLINE: REGISTRATION CLOSED

DATE: 24-25 August 2021

TIME: 09:00-17:00 SGT/GMT +8

Date Day Time Duration
24 August Tuesday 09:00-17:00 SGT/GMT +8 8 Hours
25 August Wednesday 09:00-17:00 SGT/GMT +8 8 Hours

 

Overview

Active Directory is at the heart of 95% of the Global Fortune 1000. Almost every enterprise in the world uses AD. However, common misconfigurations prevail, allowing for threat actors to take full control over entire infrastructures. Despite this, core security concepts related to AD go misunderstood and often ignored.

In this course we introduce common Active Directory misconfigurations, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies.

Who Should Attend

From our experience the audience that most benefited from the course are:

  • Junior penetration testers
  • SOC L1, L2 analysts
  • System administrators

What Students Say About This Training

  • “Thank you, Tarek was very informative course and one of my dreams come true is to understand Kerberos”
  • “I really recommend this course when its published. Its beginner friendly and will give you a lot of information about Active Directory and how the compromise usually happening. Again, Thank you Tarek for your efforts!” โ€“ Farhan Alkhubize, 1st Cyber Security Officer
  • “It was really a great class. You explained it really well unlike other courses in which the instructors just put so many things at the same time. + it was really fun in your class.ย  Awesome work.”
  • “As usual, Tarek is the man. This course is very well thought out and he explains every topic thoroughly. Very well put together, great pace, highly interesting โ€“ plus you get labs to see exploits done in real time. Highly recommended!”
  • “You explains the things really well and in simple english. I know what DACL ,SACL were. But I know how frustrating they where when I learned about them last year. You explained it really well that a beginner can understand.”

Prerequisite Knowledge

Although this is beginner-friendly course, it does require some basic prerequisites. Attendees should be familiar with concepts such as:

  • Hashing
  • Encryption
  • Password cracking
  • Etc

Agenda

Active Directory introduction

โ€“ Components
โ€“ Trees and forests
โ€“ Enumeration

User Account deep dive

โ€“ Security principles
โ€“ Security contexts
โ€“ SID/RIDs
โ€“ UPN
โ€“ User enumeration

Groups and OUs

โ€“ Types and scope
โ€“ Difference between groups and OUs
โ€“ Attributes
โ€“ Enumerating group and OUs

Computer Objects

โ€“ Understanding and enumerating computer objects

Access Control

โ€“ ACEs
โ€“ ACLs
โ€“ DACLs/SACLs
โ€“ Understanding bad permissions
โ€“ Enumerating permissions
โ€“ Abusingpermissions

Password Attacks

โ€“ Password profiling
โ€“ Understanding password policies
โ€“ Enumerating password policies
โ€“ Password spraying

Lateral Movement

โ€“ PSExec, WMI, PS

Hash and Authentication Protocols

โ€“ Different types of hashes
โ€“ MS-NLMP
โ€“ Capture NTLMv2 hashes

Dumping Hashes

โ€“ Understanding LSASS
โ€“ Understanding Mimikatz modules and output
โ€“ Pass the hash

Kerberos

โ€“ Kerberos deep dive
โ€“ AS-REP Roasting
โ€“ Kerberoasting
โ€“ Silver Ticket
โ€“ Golden Ticket

TRAININGS
Location: TRAININGS Date: August 24, 2021 Time: 9:00 am - 5:00 pm Khalifa AlShamsi Tarek Naja