Active Directory Penetration Testing Playbook

This 2-day workshop is designed to provide students a solid foundation on how to execute security testing activities against Microsoft Active Directory (AD) environments. Students are equipped with the essential theory and practice to start challenging the security of enterprise networks and identify weaknesses that could mine the security of an entire organization.

$1,399.00

Duration

2 days

Delivery Method

in-person

Level

beginner

Seats Available

20

Duration

2 days

Delivery Method

in-person

Level

beginner

ATTEND IN-PERSON: Onsite in Bangkok, Thailand

DATE: 27-28 August 2024

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
27 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
28 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

According to Frost & Sullivan, Microsoft Active Directory is adopted by approximately 90% of Fortune 1000 companies as a primary method to provide seamless authentication and authorization. Such pervasive technology is nowadays a primary target for threat adversaries willing to compromise the core of an enterprise network and access to its most business-critical data.

Given the crucial role of Active Directory, understanding its architecture, protocols, attack surface, and common weaknesses are key for structuring effective and repeatable penetration testing initiatives.

This workshop presents a beginner-friendly methodology to assess Microsoft AD environment. Starting from the introduction of effective domain enumeration techniques, students are presented with the most common misconfigurations affecting AD environments, and how to detect and exploit such issues to demonstrate the related impact.

As part of the workshop, multiple real-world case studies will be offered to attendants including examples of techniques adopted by modern Advanced Persistent Threats (APTs) to attack the most secure Active Directory environments on the planet.

 

 

What will the students get
  • Practical methods to identify and exploit the most common Active Directory weaknesses.
  • A mini-arsenal with pre-configured tools for testing Active Directory environments.

 

Agenda/ Topics Covered

Overview on Active Directory Penetration Testing

  • What is Microsoft Active Directory (AD) and its role in modern enterprise network.
  • What is Active Directory Domain Services (AD DS).
  • What is Penetration Testing?
  • Penetration Testing vs. Red Teaming Active Directory.

 

Extensive Active Directory Domain Enumeration

  • Understanding the structure of the target environment by enumerating Forests, Domains, Organizational Unit (OUs), Users, Groups, and Computers.
  • Mapping privileges and trust relationships in the domain by enumerating Group Policy Objects (GPOs), Access Control Lists (ACLs), and Domain Trusts.
  • Introduction to Bloodhound for extensive domain enumeration.

 

Abusing Active Directory for Local Privileges Escalation

  • Abusing GPO for local privileges escalation.
  • Abuse local administrative password in Group Policy Preference files.
  • Abuse Local Administrator Password Solution (LAPS).

 

Domain Persistence Techniques

  • Overview on Domain Persistence Techniques
  • Case study: Golden & Silver Ticket Attacks

 

Domain Privileges Escalation

  • Domain escalation: Domain Admin is just the beginning.
  • Escalate privileges via Kerberoasting and AS-REP Roasting attacks.
  • Password Spraying Attacks.
  • How to select high-value users to be attacked.
  • How to build a password dictionary to increase the guessing success rate.
  • Overview on Kerberos Delegation issues.
  • Identify Interesting ACL and abuse for Domain Escalation.

 

Lateral Movement

  • Lateral Movement via network protocols
    • PowerShell Remoting
    • RDP
    • SMB/RPC
    • WinRM
  • Abusing ACL for Lateral Movement
    • Manipulating passwords and group members
  • Pass-the-Hash (PtH)
  • Over-Pass-the-Hash (Over-PtH)
  • Pass-the-Ticket (PtT)

 

Overview on Cloud-based & Hybrid Active Directory Security

  • Terminology first: AD, ADDS, AAD, AADDS, Microsoft 365, Office 365, etc.
  • AzureAD Reconnaissance
    • Users, Groups, Roles, Applications, etc.
    • Introduction to AzureHound for domain enumeration.
  • Lateral Movement Techniques
    • Moving laterally by abusing SharePoint Online / OneDrive.
    • Effective internal phishing attacks leveraging Microsoft Teams.
  • Example of Privilege Escalation technique: the Golden SAML attack.
  • Example of Persistence technique: abusing application ownership.

 

 

Why You Should Take This Course

This 2-day workshop is designed to provide students a solid foundation on how to execute security testing activities against Microsoft Active Directory (AD) environments. Students are equipped with the essential theory and practice to start challenging the security of enterprise networks and identify weaknesses that could mine the security of an entire organization.

Who Should Attend

This workshop is designed for anyone interested in learning the foundation for executing penetration testing activities against Active Directory environments, including:
  • Security professional new to Active Directory security.
  • Web application security experts willing to extend their knowledge to Active Directory security.
  • Aspiring Red Teamers willing to learn a practical methodology to attack corporate environments based on Active Directory.
  • Students willing to start maturing competences required to fulfill the role of Active Directory penetration tester.

Key Learning Objectives

  • Understand the architecture and key components of a modern Microsoft Active Directory environment.

  • Learn how to extensively enumerate a domain to understand the target organization’s structure, users & groups privileges, and trust relationships.

  • Learn how to detect and validate the most common misconfigurations affecting Active Directory deployments.

  • Familiarize yourself with the most common tools adopted by security professionals to test the security of Active Directory.
  • Prerequisite Knowledge

    • Show proficiency with Microsoft Windows platforms, covering fundamental components, system setup, configuration, management, and usage.
    • Exhibit a foundational understanding of PowerShell.
    • Display basic proficiency in Microsoft Active Directory.

    Hardware / Software Requirements

    • Laptop running a Microsoft Windows 10+ or Apple macOS platform
    • CPU: 64-bit Intel i5/i7 with 4th generation + (2.0 GHz)
    • 8 GB of RAM or higher
    • 100 GB free space
    • Wi-Fi 802.11 capability (no wired connection available in the classroom)
    • Installed VMware Workstation / Player for Windows or VMWare Fusion for macOS
    • Local administrative access to the host OS is required

    Your Instructor

    Alessandro Salzano is a senior Red Teamer with over a decade of experience in delivering a wide range of cybersecurity services, including end-to-end red teaming operations, enterprise perimeter intrusion, and Internet of Things (IoT) vulnerability research, for clients operating in the banking, energy, insurance, and public sectors.

    Alessandro holds multiple cybersecurity certifications including OSCP, CRTP, eCPTX, and Certified Red Team Analyst from CyberWarFare Labs.

    Having a background as a system administrator and data integrity consultant, he holds an in-depth knowledge of the technological landscape of enterprise infrastructure, including security processes & procedures, threats, and risks affecting modern organization.

    Alessandro is specialized in modern Microsoft Active Directory infrastructure intrusion and on R&D of advanced post-exploitation Tactics, Techniques, and Procedures (TTPs) for Window platforms.

    Adverse Theory is a disruptive startup focused on delivering “unconventional” cybersecurity advisory services to support organizations in establishing security teams, managing large-scare security programs, and developing innovative security technologies.