Copy of Advanced Threat Emulation: Active Directory
Schedule
Thu, 10 Apr, 2025 at 10:00 am to Fri, 11 Apr, 2025 at 07:00 pm
UTC-05:00Location
911 Washington Ave #500 | St. Louis, MO
About this Event
Course Summary
Are you ready to become an expert at attacking Active Directory? This training course covers various aspects of Active Directory and how to attack it. Students will learn about network poisoning and authentication protocols in Windows networks, the different kinds of Windows credential types, and how to use them. Students will also learn common attacks on NTLM and Kerberos, such as NTLM relay attacks, delegation attacks, and creating forged tickets. Students will become familiar with identifying and exploiting common Active Directory misconfigurations with tools like Bloodhound, Rubeus, Impacket, and Mimikatz. Students will have the opportunity to conduct attacks from both Windows and Linux operating systems and learn the nuances between each platform for performing attacks. Students will learn where credentials are stored on a Windows systems and how to extract credentials from LSASS, DPAPI, SAM, LSA, and the Kerberos ticket cache. Students will learn about the different domain trusts and how to perform multi-domain compromises. Finally, students will put all their skills to the test in a course lab that contains multiple attackable domain-joined Windows systems.
Course Schedule
Day 1:
Introduction to Active Directory
- Users and Groups
- Understanding the Domain Controller
- Enumeration with ADExplorer
- Enumeration with ldapdomaindump
- Bloodhound
Name Resolution on Windows
- Default Name resolution search order
- Responsible Poisoning
- LLMNR/NetBIOS Poisoning
- DHCPv6 Poisoning
- ARP Spoofing
- ADIDNS Poisoning
Attacking the NTLM protocol
- Authenticating with NTLM
- Hash capture and password recovery
- Weaknesses in NTLMv1
- NTLM Relay
- Coerced Authentication
Credential Dumping
- SAM
- LSA
- LSASS
- DPAPI
- NTDS.dit (DCSync)
Day 2:
Attacks on Kerberos
- Authenticating with Kerberos
- Kerberoast
- Silver Tickets
- Golden Tickets
- SNAME Substitution
Delegation
- Unconstrained Delegation
- Constrained Delegation
- Resource-based Constrained Delegation
Domain Trusts
- Types of Trusts
- Trust Functionality
- Enumerating Trusts
- Attacking Intra-Forest Trusts
- Attacking Iter-Forest Trusts
Course Objectives
- Understand the use and employment of Active Directory
- Demonstrate Active Directory attacks and concepts
What Students Will Be Provided With
- 1-month lab access to our comprehensive course range through Immersive Labs
- All course material
- Course Swag & Coin
- Certificate of Completion
Student Requirements
- Intermediate knowledge of Offensive Security Tools
- Basic familiarity with Active Directory concepts
- Willingness to learn in a fast-paced environment
Hardware Requirements
- Laptop with 8GB of RAM
- Virtualization Software (VMware, VirtualBox, etc)
- Up-to-date Kali Linux Virtual Machine
- Modern Web Browser (Chrome, Firefox, etc)
- Microsoft Office (any version) or OpenOffice
Where is it happening?
911 Washington Ave #500, 911 Washington Avenue, St. Louis, United StatesEvent Location & Nearby Stays:
USD 3511.94