Attacking And Defending Active Directory: AD Pentesting

Explore Active Directory Pentesting: Attack, Defend, and Secure. Master Active Directory Pentesting


Embark on a cybersecurity journey with our course, “Attacking and Defending Active Directory.” This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.

The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.

  • Gain an in-depth understanding of Active Directory structure and components.
  • Explore the intricacies of domains, forests, trust relationships, and organizational units.
  • Learn to identify and assess vulnerabilities within Active Directory configurations.
  • Analyze Group Policy settings and other security parameters for weaknesses.
  • Explore common misconfigurations and security weaknesses in Active Directory.
  • Develop proficiency in exploiting vulnerabilities to gain unauthorized access.
  • Develop strategies for securing and hardening Active Directory environments.
  • Understand best practices for defending against common attack techniques.

In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.

As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.

Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!

Course Curriculum:

  1. Introduction
    1. Introduction
  2. Active Directory Basics
    1. Active Directory Basics
    2. Task
    3. Quiz
  3. Active Directory Authentication
    1. Active Directory Authentication Overview
    2. Hashing algorithms in windows
    3. Kerberos basics
    4. Components of kerberos
    5. kerberos explanation with diagram
    6. kerberos explanation with diagram
    7. Group policy in active directory
    8. Task
    9. Quiz
  4. Active Directory Pentesting Lab setup
    1. Overview of lab setup
    2. Necessary files for lab setup
    3. Domain controller installation and setup
    4. Windows client installation
    5. Domain Controller configuration
    6. Joining computers with domain controller
    7. Client machines configuration
    8. Client machines configurations -2
  5. Powershell Basics and file transfer basics
    1. Powershell overview
    2. Powerhsell commands practical
    3. File transfer methods overview
    4. File transfer practical
    5. Quiz
  6. Breaching In Active Directory Pentesting
    1. Breaching overview
    2. OSINT and phishing
    3. Initial access using web attacks
    4. LLMNR poisoning overview and mitigations
    5. LLMNR poisoning practical attack using SMB
    6. LLMNR poisoning practical attack using WPAD
    7. SMB relay attack overview and mitigations
    8. SMB relay attack practical
    9. AS-REP Roasting overview
    10. AS-REP Roasting practical attack
    11. PasswordSpray attack overview
    12. PasswordSpray attack practical
    13. More methods of initial access on AD
    14. Breaching mitigations
    15. Quiz
  7. Enumeration In Active Directory Pentesting
    1. Enumeration in active directory overview
    2. Enumeration using powershell native commands
    3. PowerView overview
    4. PowerView – 1
    5. Lab Update
    6. PowerView – 2
    7. PowerView – 3
    8. BloodHound overview
    9. BloodHound Practical
    10. AD lab troubleshooting
    11. Task
    12. Quiz
  8. Lateral Movement in Active Directory Pentesting
    1. Lateral movement overview
    2. Pass-the-hash attack overview and mitigations
    3. Pass-the-hash attack practical
    4. Pass-the-ticket overview
    5. Pass-the-ticket attack practical
    6. Overpass-the-hash overview
    7. Overpass-the-hash attack practical
    8. RDP Hijacking overview
    9. RDP Hijacking attack practical
    10. Task
    11. Quiz
  9. Pivoting In Active Directory Pentesting
    1. Pivoting intro
    2. Lab setup overview
    3. Chisel intro
    4. Pivoting practical
    5. Quiz
  10. Exploitation In Active Directory Pentesting
    1. Exploitation overview
    2. Kerberosting overview
    3. kerberosting Practical
    4. Exploiting permission delegation overview #1
    5. Exploiting permission delegation practical #1
    6. Exploiting permission delegation overview #2
    7. Exploiting permission delegation practical #2
    8. Group memebership abuse overview #1
    9. Group memebership abuse practical #1
    10. Group memebership abuse overview #2
    11. Group memebership abuse practical #2
    12. More on group membership abuse
    13. GPO abuse overview
    14. GPO abuse practical
    15. Extracting logged on admins hashes
    16. Printnightmare attack overview
    17. Printnightmare attack practical
    18. Zerologgon attack overview
    19. Zerologgon attack practical
    20. Keberos delegation overview
    21. Task
    22. Quiz
  11. Persistence In Active Directory Pentesting
    1. Persistance overview
    2. Golden and silver ticket attack overview and mitigations
    3. Golden and silver ticket attack practical
    4. Diamond ticket attack overview
    5. Diamond ticket attack practical
    6. DCSync overview
    7. DCSync attack practical
    8. DSRM abuse overview
    9. DSRM Abuse practical
    10. GPO for persistance
    11. Task
    12. Quiz
  12. Bonus Lecture
    1. Bonus lecture

Thank You,

Vivek Pandit

Who this course is for:

  • Ethical hackers
  • Red Teamers
  • Penetration Testers

Tutorial Bar