• Post category:StudyBullet-6
  • Reading time:12 mins read


Attacking and Hacking Active Directory With Kali Linux Full Course – Red Team Hacking Pentesting

What you will learn

How to Use Metasploit to Exploit Active Directory

How to Use Empire to Exploit Active Directory

How to Use Evil-WinRM to Exploit Active Directory

How to Use CrackMapExec to Exploit Active Directory

How to Exploit Active Directory From Windows

How to Do Active Directory Enumeration

How to do Lateral Movement

Active Directory Post Exploitation

Active Directory Domain Privilege Escalation

Active Directory Persistence Attacks


Get Instant Notification of New Courses on our Telegram channel.


How to use Kali Linux to hack Active Directory

How to use nmap to Enumerate Servers

How to exploit EternalBlue

Description

Most enterprise networks today are managed using Windows Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure.

Active Directory Pretesting is designed to provide security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The course is beginner friendly and comes with a walkthrough videos course and all documents with all the commands executed in the videos. The course is based on our years of experience of breaking Windows and AD environments and research.

When it comes to AD security, there is a large gap of knowledge which security professionals and administrators struggle to fill. Over the years, I have taken numerous world trainings on AD security and always found that there is a lack of quality material and specially, a lack of good walkthrough and explanation.

The course simulate real world attack and defense scenarios and we start with a non-admin user account in the domain and we work our way up to enterprise admin. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities.

We cover topics like AD enumeration, tools to use, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket, Silver ticket and more), ACL issues, SQL server trusts, and bypasses of defenses.

Attacking and Hacking Active Directory With Kali Linux Full Course – Read Team Hacking Pentesting

English
language

Content

Introduction

Introduction

Network Enumeration – Kali

NMAP
NMAP SMB
More NMAP Enumeration

Domain Enumeration – Kali

winapsearch
LdapDomainDump
Enumerating With Enum4Linux
NMAP – Users
GetADUsers.py

SwisArmy – CrackMapExec – Kali

CrackMapExec Intro
CrackMapExec – Password Spraying
CrackMapExec – ENUM 1.1
CrackMapExec – ENUM 1.2
CrackMapExec – Command Execution
crackmapexec – Command execution + Using Local Auth
Get PowerShell Reverse Shell
Dumping SAM
Dumping LSA + PTH with CME
pth-winexe and xfreerdp
CrackMapExec Modules
CrackMapExec CMEDB
BloodHound Installation
BADDD No AUDIO Getting Shells with CrackMapExec

EvilWinRM + Local Privilege Escalation – Kali

Basic commands
Upload and Download
PowerView.ps1
Build SharpSploit – Enumeration
User, Group, and Network
OS, AV, and Configuration
Tools – Local Priv Esc
Sherlock and Watson
CVE-2019-1388
SEImpersonate
Unquoted Service Path
Windows – Privilege Escalation and Local Enumeartion Cheat Sheet
Recommended Windows Hack The Box machines

PowerShell Empire – The Ultimate Tool – Kali

Basics and Installing
Getting a Shell + CME + Powershell
Getting a shell + Evil-WinRM + Bat File
Privilege Escalation 1 – ReverShell With Unquoted Path
Privilege Escalation 2 – Stager with NT/SYSTEM
Privilege Escalation 3
Elevated with Empire – Mimikatz and pth
Pth + dcsync + dcshadow -1
Troubleshooting Empire Pth + dcsync + dcshadow – 2
Failed to get + dcsync + dcshadow – 3
Getting Shell with JenkinsAdmin
Finally Getting Dcsync + Persistent

Metasploit – Kali

Intro
Exploiting Ethernal Blue Metasploit
Enumeration 1 – User, Groups, Computers
Enumeration 2 – Arp, Tokens, Patches
Enumeration 3 – Shares, SMB, and More
Exploit Suggestor
Exploit Suggestor 2
Back door add user
HashDump With Metasploit
Lateral Movement – PTH With metasploit
Lateral Movement To DC – Metasploit
Steal_Token and Dumping All Hashes – Metasploit
DcSync With Metasploit
Golden Ticket With Metasploit
BACKDOOR METERPRETER SERVICE 1
BACKDOOR METERPRETER SERVICE 2

Domain Enumeration – RDP

Intro Domain Enumeration
Domain User Enumeration
Domain Group Enumeration
Domain Computer/Servers Enumeration
PowerView – GPO and OU
Domain Shares Enumeration
PowerView – ACL
Active Directory Recon
BloodHound Installation
BloodHound Basics
Domain Enumeration Cheat Sheet – PowerView

Lateral Movement – RDP

Intro to Lateral Movement – RDP
How Kerberos Work
Dumping SAM and SYSTEM For Offline Cracking
SAM & LSA with MimiKatz
PassTheHash with MimiKatz
Passing the ticket
Pass the ticket with Rubeus
Session Hijack
SMB Relay Attack
10 ways to get dump files

Domain Privilege Escalation – RDP

Intro – Domain Privilege Escalation
ACL – GenericAll on Group
Priv Esc – DNSAdmins
dcsync
Unconstrained delegation – Computer
constrained Delegation – Computer
ACL – GenericWrite on User
SET-SPN – Kerberoast
Targeted Kerberoasting – AS-REPs – FINDING
Targeted Kerberoasting – AS-REPs – SET

Domain Persistence and Dominance – RDP

Intro Domain Persistence and Dominance – RDP
DSRM
DCShadow – Change Attribute
DCShadow – SIDHistory
DCShadow – hash
Golden Ticket
Silver Ticket
AdminSDHolder – Adding Permission
AdminSDHolder – Abusing Permission
ZeroLogon — Do This Last