Embark on a cybersecurity journey with our course, "Attacking and Defending Active Directory." This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.
The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.
Gain an in-depth understanding of Active Directory structure and components.
Explore the intricacies of domains, forests, trust relationships, and organizational units.
Learn to identify and assess vulnerabilities within Active Directory configurations.
Analyze Group Policy settings and other security parameters for weaknesses.
Explore common misconfigurations and security weaknesses in Active Directory.
Develop proficiency in exploiting vulnerabilities to gain unauthorized access.
Develop strategies for securing and hardening Active Directory environments.
Understand best practices for defending against common attack techniques.
In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.
As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.
Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!
Course Curriculum:
Introduction
Introduction
Active Directory Basics
Active Directory Basics
Task
Quiz
Active Directory Authentication
Active Directory Authentication Overview
Hashing algorithms in windows
Kerberos basics
Components of kerberos
kerberos explanation with diagram
kerberos explanation with diagram
Group policy in active directory
Task
Quiz
Active Directory Pentesting Lab setup
Overview of lab setup
Necessary files for lab setup
Domain controller installation and setup
Windows client installation
Domain Controller configuration
Joining computers with domain controller
Client machines configuration
Client machines configurations -2
Powershell Basics and file transfer basics
Powershell overview
Powerhsell commands practical
File transfer methods overview
File transfer practical
Quiz
Breaching In Active Directory Pentesting
Breaching overview
OSINT and phishing
Initial access using web attacks
LLMNR poisoning overview and mitigations
LLMNR poisoning practical attack using SMB
LLMNR poisoning practical attack using WPAD
SMB relay attack overview and mitigations
SMB relay attack practical
AS-REP Roasting overview
AS-REP Roasting practical attack
PasswordSpray attack overview
PasswordSpray attack practical
More methods of initial access on AD
Breaching mitigations
Quiz
Enumeration In Active Directory Pentesting
Enumeration in active directory overview
Enumeration using powershell native commands
PowerView overview
PowerView - 1
Lab Update
PowerView - 2
PowerView - 3
BloodHound overview
BloodHound Practical
AD lab troubleshooting
Task
Quiz
Lateral Movement in Active Directory Pentesting
Lateral movement overview
Pass-the-hash attack overview and mitigations
Pass-the-hash attack practical
Pass-the-ticket overview
Pass-the-ticket attack practical
Overpass-the-hash overview
Overpass-the-hash attack practical
RDP Hijacking overview
RDP Hijacking attack practical
Task
Quiz
Pivoting In Active Directory Pentesting
Pivoting intro
Lab setup overview
Chisel intro
Pivoting practical
Quiz
Exploitation In Active Directory Pentesting
Exploitation overview
Kerberosting overview
kerberosting Practical
Exploiting permission delegation overview #1
Exploiting permission delegation practical #1
Exploiting permission delegation overview #2
Exploiting permission delegation practical #2
Group memebership abuse overview #1
Group memebership abuse practical #1
Group memebership abuse overview #2
Group memebership abuse practical #2
More on group membership abuse
GPO abuse overview
GPO abuse practical
Extracting logged on admins hashes
Printnightmare attack overview
Printnightmare attack practical
Zerologgon attack overview
Zerologgon attack practical
Keberos delegation overview
Task
Quiz
Persistence In Active Directory Pentesting
Persistance overview
Golden and silver ticket attack overview and mitigations
Golden and silver ticket attack practical
Diamond ticket attack overview
Diamond ticket attack practical
DCSync overview
DCSync attack practical
DSRM abuse overview
DSRM Abuse practical
GPO for persistance
Task
Quiz
Bonus Lecture
Bonus lecture
Thank You,
Vivek Pandit