NA
*Expected Outcome:*
By the end of this training, participants will have mastered advanced penetration testing techniques for Active Directory environments, including identifying and exploiting common and advanced vulnerabilities, conducting comprehensive security assessments, and using the latest tools and methodologies for effective penetration testing.
*Day 1: Fundamentals of Active Directory Penetration Testing*
- *Introduction to Active Directory (AD)*
- Overview of AD structure, components, and protocols
- Common AD vulnerabilities and attack vectors
- *Setting Up a Lab Environment*
- Building a virtual lab for AD penetration testing
- Introduction to key tools: BloodHound, Mimikatz, PowerShell Empire, etc.
- *Reconnaissance Techniques in Active Directory*
- Information gathering: LDAP queries, DNS enumeration, network scanning
- Identifying domain controllers and critical AD components
- *Hands-On Lab Session*
- Simulating AD enumeration and basic reconnaissance
- *Review and Q&A*
*Day 2: Identifying and Exploiting Common Vulnerabilities*
- *Exploiting Misconfigurations and Weaknesses*
- Common misconfigurations: LLMNR, SMB signing, NTLM relay
- Exploiting default configurations and permissions
- *Credential Harvesting Techniques*
- Password spraying, pass-the-hash, and pass-the-ticket attacks
- Capturing credentials with responder and tools like Inveigh
- *Hands-On Lab Session*
- Simulating credential harvesting and exploiting misconfigurations
- *Review and Q&A*
*Day 3: Advanced Attack Techniques*
- *Understanding Advanced Attack Techniques*
- Kerberoasting: Identifying vulnerable Service Principal Names (SPNs)
- AS-REP Roasting: Attacking user accounts with no pre-authentication
- *DCShadow Attacks*
- Understanding DCShadow and Directory Replication Service (DRS)
- Conducting DCShadow attacks to create persistent backdoors
- *Hands-On Lab Session*
- Simulating Kerberoasting, AS-REP Roasting, and DCShadow attacks
- *Review and Q&A*
*Day 4: Post-Exploitation and Persistence Techniques*
- *Post-Exploitation Techniques*
- Lateral movement: DCSync, Silver Ticket, and Golden Ticket attacks
- Persistence techniques: Skeleton key, SID history injection
- *Maintaining Access and Data Exfiltration*
- Techniques for maintaining access: Scheduled tasks, startup scripts, WMI
- Data exfiltration methods: DNS tunneling, covert channels
- *Hands-On Lab Session*
- Simulating lateral movement and persistence techniques
- *Review and Q&A*
*Day 5: Comprehensive Security Assessments and Reporting*
- *Conducting Comprehensive AD Security Assessments*
- Methodologies for AD security audits and penetration testing
- Red team vs. blue team exercises: Collaborative defense strategies
- *Analyzing Results and Mitigation Strategies*
- Interpreting attack data and logs
- Developing mitigation strategies for identified vulnerabilities
- *Final Hands-On Lab Session*
- Conducting a full-scale simulated attack on an AD environment
- Preparing a comprehensive security assessment report
- *Review, Q&A, and Certification Assessment*
- Review key concepts, techniques, and tools
- Certification assessment for participants
- Wrap-up and feedback session