Advanced Active Directory Exploitation

SensePost Training
Virtual Training | July 20 - 26 | 16 hours

BOOK NOW

Advanced Active Directory Exploitation

SensePost Training

Book Now

Advanced Active Directory Exploitation (AADE) course provides a meticulous and thorough examination of domain object relationships and of the quite complicated Kerberos protocol, the latter being scrutinized on a request and response level.

ABSTRACT

Mere vulnerability scanning has been rendered obsolete, in particular for more conscious and mature organisations. Penetration testing, red team and purple team engagements against Active Directory environments deployed on the premises require, among others, robust knowledge of the relationships between domain objects and of the Kerberos protocol, in order to meet their goals.

Although many tools have been made available which aid in the enumeration of domain environments and the discovery and abuse of misconfigurations thereof, they are rarely used efficiently. Rather than the tools themselves, this most often stems from the fundamental misconception and misinterpretation of those relationships and protocols in place. In consequence, contributing to further confusion and to the failure to attack and defend a domain environment appropriately.

Standing on the shoulders of giants in the industry, the Advanced Active Directory Exploitation (AADE) course provides a meticulous and thorough examination of domain object relationships and of the quite complicated Kerberos protocol, the latter being scrutinized on a request and response level. The end goal being to enable attackers and defenders into engaging with domain environments deployed on the premises with efficiency and precision. This is achieved by comprehensive theory in conjunction with a series of practical exercises within a unique to each student domain environment.

INTENDED AUDIENCE

💡
Penetration testers, network administrators, security professionals, and IT security enthusiasts who have a need to acquaint themselves with real-world offensive tactics, techniques and tools used to target Active Directory environments.

Defenders who are looking to enhance their understandings of these attacks in order to better protect their networks and environments.

KEY LEARNING OBJECTIVES

  • Domain objects and the relationships between them.
  • The misunderstood Kerberos protocol and its delegation flavours.
  • How to attack or defend a domain environment.

COURSE DETAILS

AGENDA

Main Content:

  • Windows authentication and access tokens:
    • How does Windows authentication work in a domain environment?
    • What are the differences between local and domain authentication?
    • Access tokens; what are they and how can they be compromised?
  • Relayed and coerced authentication:
    • What are network spoofing and relay attacks?
    • What is coerced authentication and cross-protocol relaying?
  • Domain object relationships:
    • What constitutes a domain object?
    • What are the relationships between them?
    • What are the access controls imposed on them?
    • What is inheritance and how does it work?
  • Group Policy Objects:
    • What are Group Policy Objects?
    • How can they be abused?
    • Can they facilitate lateral movement?
  • Kerberos Protocol:
    • How does Kerberos work on a request and response level?
    • What are the roasting attacks against the Kerberos protocol?
    • What is the double-hop problem and how does delegation solve it?
    • What is domain user impersonation and how does it aid in delegation?
    • How does delegation work on a request and response level?
    • How can each delegation flavour be configured or misconfigured?
    • How can each delegation flavour be abused?
  • Domain Compromise:
    • What are some significant persistence avenues?
    • What are Kerberos Silver and Golden Tickets?
    • What is credential dumping?
  • Domain Trust Relationships:
    _ What are trust relationships between domains?
    _ How can they be abused?

Bonus Content:

  • Active Directory Certificate Services:
    • What is the Active Directory Certificate Service?
    • How domain objects enrol certificates?
    • How can they be misconfigured and abused?

KNOWLEDGE PREREQUISITES

Extensive hacking experience is not required for this course, albeit a solid technical grounding is an absolute must. We recommend familiarity with the Windows operating system and its command line at a minimum.

REQUIREMENTS

Hardware

  • A Laptop

Software

  • A Web Browser

ABOUT THE TRAINER

SensePost, an elite ethical hacking team of Orange Cyberdefense have been training since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.

Ringzer0’s Virtual Training Experience
What can I expect from a virtual training delivered by Ringzer0, and answers to frequently asked questions.