top of page

Active Directory Attacks for Red and Blue Teams - Advanced Edition

Date: April 13 & 14 2023
Virtual Training
2 Day
Registration

Training Abstract
 

Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack the ability to tackle the latest threats.

This training is aimed towards attacking modern AD Environment using built-in tools, trusted OS resources and abuse of features.

Outline

The training is based on real world penetration tests and Red Team engagements for highly secured environments. Some of the techniques (see the course content for details), used in the course:

  • Extensive AD Enumeration

  • Active Directory trust mapping and abuse

  • Privilege Escalation (User Hunting, Delegation issues, LAPS abuse, gMSA abuse, SPN Hijacking, Shadow Credentials and more)

  • Advanced Kerberos Attacks and Defense (Diamond, Golden, Silver ticket, Kerberoast and more)

  • Advanced cross forest trust abuse (Lateral movement across forest, PrivEsc and more)

  • Credentials Replay Attacks (Over-PTH, Token Replay, Certificate Replay etc.)

  • Attacking Azure AD integration (Hybrid Identity)

  • Abusing trusts for MS products (AD CS, SQL Server etc.)

  • Persistence (WMI, GPO, Domain and Host ACLs and more

  • Monitoring Active Directory

  • Defenses (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, Microsoft Defender for Identity etc.)

  • Bypassing defenses

The course is a mixture of fun, demos, exercises, hands-on and lecture. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools. Attendees will get free one month access to an Active Directory environment consisting of multiple domains and forests, during and after the training. This training aims to change how you test an Active Directory Environment.

Prerequisites

  • Basic understanding of how penetration tests are done.

  • Basic understanding of Active Directory.

  • An open mind.

What You Need

  • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.

Trainer Bios

chirag.jpeg

Chriag Savla

Senior Security Researcher, Altered Security

Speaker Bio:

Chirag is a Senior Security Researcher at Altered Security whose areas of interest include penetration testing, red teaming, azure, active directory security, and post-exploitation research.

He has 8+ years of experience in information security. Chirag likes to research new attack methodologies and create open-source tools that can be used during the red team assessments. He has worked extensively on Azure, Active Directory attacks, defense, and bypassing detection mechanisms.

He is the author of multiple Open Source tools such as Process Injection, Callidus, etc. He has spoken in multiple conferences and local meetups.

alteredsecurity.png
bottom of page