​

Embark on a cybersecurity journey with our course, "Attacking and Defending Active Directory." This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.

The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.

- Analyze Group Policy settings and other security parameters for weaknesses.
- Develop proficiency in exploiting vulnerabilities to gain unauthorized access.
- Develop strategies for securing and hardening Active Directory environments.
- Explore common misconfigurations and security weaknesses in Active Directory.
- Explore the intricacies of domains, forests, trust relationships, and organizational units.
- Gain an in-depth understanding of Active Directory structure and components.
- Learn to identify and assess vulnerabilities within Active Directory configurations.
- Understand best practices for defending against common attack techniques.

In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.

As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.

Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!

Спойлер: Course Curriculum:

01 Introduction
01.01 Introduction

02 Active Directory Basics
02.01 Active Directory Basics
02.02 Task
02.03 Quiz

03 Active Directory Authentication
03.01 Active Directory Authentication Overview
03.02 Hashing algorithms in windows
03.03 Kerberos basics
03.04 Components of kerberos
03.05 kerberos explanation with diagram
03.06 kerberos explanation with diagram
03.07 Group policy in active directory
03.08 Task
03.09 Quiz

04 Active Directory Pentesting Lab setup
04.01 Overview of lab setup
04.02 Necessary files for lab setup
04.03 Domain controller installation and setup
04.04 Windows client installation
04.05 Domain Controller configuration
04.06 Joining computers with domain controller
04.07 Client machines configuration
04.08 Client machines configurations -2

05 Powershell Basics and file transfer basics
05.01 Powershell overview
05.02 Powerhsell commands practical
05.03 File transfer methods overview
05.04 File transfer practical
05.05 Quiz

06 Breaching In Active Directory Pentesting
06.01 Breaching overview
06.02 OSINT and phishing
06.03 Initial access using web attacks
06.04 LLMNR poisoning overview and mitigations
06.05 LLMNR poisoning practical attack using SMB
06.06 LLMNR poisoning practical attack using WPAD
06.07 SMB relay attack overview and mitigations
06.08 SMB relay attack practical
06.09 AS-REP Roasting overview
06.10 AS-REP Roasting practical attack
06.11 PasswordSpray attack overview
06.12 PasswordSpray attack practical
06.13 More methods of initial access on AD
06.14 Breaching mitigations
06.15 Quiz

07 Enumeration In Active Directory Pentesting
07.01 Enumeration in active directory overview
07.02 Enumeration using powershell native commands
07.03 PowerView overview
07.04 PowerView - 1
07.05 Lab Update
07.06 PowerView - 2
07.07 PowerView - 3
07.08 BloodHound overview
07.09 BloodHound Practical
07.10 AD lab troubleshooting
07.11 Task
07.12 Quiz

08 Lateral Movement in Active Directory Pentesting
08.01 Lateral movement overview
08.02 Pass-the-hash attack overview and mitigations
08.03 Pass-the-hash attack practical
08.04 Pass-the-ticket overview
08.05 Pass-the-ticket attack practical
08.06 Overpass-the-hash overview
08.07 Overpass-the-hash attack practical
08.08 RDP Hijacking overview
08.09 RDP Hijacking attack practical
08.10 Task
08.11 Quiz

09 Pivoting In Active Directory Pentesting
09.01 Pivoting intro
09.02 Lab setup overview
09.03 Chisel intro
09.04 Pivoting practical
09.05 Quiz

10 Exploitation In Active Directory Pentesting
10.01 Exploitation overview
10.02 Kerberosting overview
10.03 kerberosting Practical
10.04 Exploiting permission delegation overview #1
10.05 Exploiting permission delegation practical #1
10.06 Exploiting permission delegation overview #2
10.07 Exploiting permission delegation practical #2
10.08 Group memebership abuse overview #1
10.09 Group memebership abuse practical #1
10.10 Group memebership abuse overview #2
10.11 Group memebership abuse practical #2
10.12 More on group membership abuse
10.13 GPO abuse overview
10.14 GPO abuse practical
10.15 Extracting logged on admins hashes
10.16 Printnightmare attack overview
10.17 Printnightmare attack practical
10.18 Zerologgon attack overview
10.19 Zerologgon attack practical
10.20 Keberos delegation overview
10.21 Task
10.22 Quiz

11 Persistence In Active Directory Pentesting
11.01 Persistance overview
11.02 Golden and silver ticket attack overview and mitigations
11.03 Golden and silver ticket attack practical
11.04 Diamond ticket attack overview
11.05 Diamond ticket attack practical
11.06 DCSync overview
11.07 DCSync attack practical
11.08 DSRM abuse overview
11.09 DSRM Abuse practical
11.10 GPO for persistance
11.11 Task
11.12 Quiz

12 Bonus Lecture
12.01 Bonus lecture

Чему вы научитесь
- Concepts Of Active Directory Pentesting
- Powershell Basics
- File Transfer Basics
- Post-Exploitation Activities
- Mitigation and Defense
- Hands-On Labs
- Breaching In Active Directory
- Enumeration In Active Directory
- Lateral Movement In Active Directory
- Pivoting
- Exploitation In Active Directory
- Persistance In Active Directory

Требования:
- You will learn everything about Active Directory Pentesting no previous knowlege is required.
- A Computer or a laptop is required

Для кого этот курс:
- Ethical hackers
- Red Teamers
- Penetration Testers

Авторы: Vivek Pandit
Последнее обновление: 12.2023
Язык: Английский