Hacking & Defending Active Directory

Introduction:

One of the most common tools to structure and organize users and computers in a business environment is Microsoft’s Active Directory. However, Active Directory also happens to be one of the most exploited tools that hackers utilize to gain access to corporate networks.

This live Active Directory training class will not only teach you the most common exploits hackers use to break into networks, it will also teach you the steps that you need to take to remediate and patch these exploits. You’ll gain practical skills and knowledge that can be immediately applied to secure your environment.

Objectives:

Understand the structure and components of Active Directory, including both physical and logical elements

Identify and defend against common pre-compromise Active Directory attacks such as LLMNR poisoning, SMB relay, IPv6 spoofing, AS-REP roasting, and passback attacks

Use key post-compromise enumeration tools (e.g., BloodHound, PingCastle) to assess AD environments and recognize common administrative misconfigurations

Analyze and defend against post-compromise attacks including Kerberoasting, token impersonation, credential dumping, and persistence techniques

Adopt an attacker’s mindset to better anticipate and mitigate real-world AD exploitation tactics

Apply lessons from real penetration test case studies to strengthen Active Directory security posture

Course Outline:

Active Directory Overview

  • What is Active Directory?
  • Physical Active Directory Components
  • Logical Active Directory Components

Pre-Compromise AD Attacks and Defenses

  • LLMNR Poisoning Attacks and Defenses?
  • SMB Relay Attacks and Defenses?
  • IPv6 Attacks and Defenses?
  • AS-REP Roasting Attacks and Defenses?
  • Passback Attacks and Defenses?
  • Inside the Attacker’s Mindset?

Post-Compromise AD Enumeration

  • Reviewing common enumeration tools, such as: Bloodhound, Plumhound, Pingcastle, ldapdomaindump, and much more
  • Understanding common mistakes from an Administrator’s perspective

Post-Compromise AD Attacks and Defenses

  • Pass Attacks and Defenses
  • Kerberoasting Attacks and Defenses
  • Token Impersonation Attacks and Defenses
  • URL File Attacks and Defenses
  • GPP Attacks and Defenses
  • Credential Dumping Attacks and Defenses
  • Persistence Attacks and Defenses
  • Inside the Attacker’s Mindset – Revisited

AD Case Studies

  • Real case studies from real pentests AKA “How they got owned”

Enroll in this course

£599.00

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

GBP Pound sterling
EUR Euro