Abusing Active Directory [HITB+ CYBERWEEK 2021]



2 days

Delivery Method




Seats Available



2 days

Delivery Method




ATTEND IN-PERSON: Onsite in Abu Dhabi

ATTEND ONLINE: Virtual via Zoom and LMS

DATE: 22-23 November 2021

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
22 November Monday 09:00 to 17:00 GST/GMT+4 8 Hours
23 November Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours


Active Directory is at the heart of 95% of the Global Fortune 1000. Almost every enterprise in the world uses AD. However, common misconfigurations prevail, allowing for threat actors to take full control over entire infrastructures. Despite this, core security concepts related to AD go misunderstood and often ignored.

In this course we introduce common Active Directory misconfigurations, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies.

Watch this video to get a feel of Tarek’s online training where he explains AS-REP Roasting – a topic that is covered in more detail in the training.


  • Active Directory introduction

    - Components - Trees and forests - Enumeration

  • User Account deep dive

    - Security principles - Security contexts - SID/RIDs - UPN - User enumeration

  • Groups and OUs

    - Types and scope - Difference between groups and OUs - Attributes - Enumerating group and OUs

  • Computer Objects

    - Understanding and enumerating computer objects

  • Access Control

    - ACEs - ACLs - DACLs/SACLs - Understanding bad permissions - Enumerating permissions - Abusingpermissions

  • Password Attacks

    - Password profiling - Understanding password policies - Enumerating password policies - Password spraying

  • Lateral Movement

    - PSExec, WMI, PS

  • Hash and Authentication Protocols

    - Different types of hashes - MS-NLMP - Capture NTLMv2 hashes

  • Dumping Hashes

    - Understanding LSASS - Understanding Mimikatz modules and output - Pass the hash

  • Kerberos

    - Kerberos deep dive - AS-REP Roasting - Kerberoasting - Silver Ticket - Golden Ticket

Why You Should Take This Course


Who Should Attend

From our experience the audience that most benefited from the course are: ▪ Junior penetration testers ▪ SOC L1, L2 analysts ▪ System administrators

Key Learning Objectives

  • Prerequisite Knowledge

    Although this is beginner-friendly course, it does require some basic prerequisites. Attendees should be familiar with concepts such as: ▪ Hashing ▪ Encryption ▪ Password cracking ▪ Etc

    Hardware / Software Requirements


    Your Instructor

    No data was found