Most enterprise networks today are managed using Windows Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure.
Active Directory Pretesting is designed to provide security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The course is beginner friendly and comes with a walkthrough videos course and all documents with all the commands executed in the videos. The course is based on our years of experience of breaking Windows and AD environments and research.
When it comes to AD security, there is a large gap of knowledge which security professionals and administrators struggle to fill. Over the years, I have taken numerous world trainings on AD security and always found that there is a lack of quality material and specially, a lack of good walkthrough and explanation.
The course simulate real world attack and defense scenarios and we start with a non-admin user account in the domain and we work our way up to enterprise admin. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities.
We cover topics like AD enumeration, tools to use, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket, Silver ticket and more), ACL issues, SQL server trusts, and bypasses of defenses.
Attacking and Hacking Active Directory With Kali Linux Full Course – Read Team Hacking Pentesting
Introduction
Introduction
Network Enumeration – Kali
NMAP
NMAP SMB
More NMAP Enumeration
Domain Enumeration – Kali
winapsearch
LdapDomainDump
Enumerating With Enum4Linux
NMAP – Users
GetADUsers.py
SwisArmy – CrackMapExec – Kali
CrackMapExec Intro
CrackMapExec – Password Spraying
CrackMapExec – ENUM 1.1
CrackMapExec – ENUM 1.2
CrackMapExec – Command Execution
crackmapexec – Command execution + Using Local Auth
Get PowerShell Reverse Shell
Dumping SAM
Dumping LSA + PTH with CME
pth-winexe and xfreerdp
CrackMapExec Modules
CrackMapExec CMEDB
BloodHound Installation
BADDD No AUDIO Getting Shells with CrackMapExec
EvilWinRM + Local Privilege Escalation – Kali
Basic commands
Upload and Download
PowerView.ps1
Build SharpSploit – Enumeration
User, Group, and Network
OS, AV, and Configuration
Tools – Local Priv Esc
Sherlock and Watson
CVE-2019-1388
SEImpersonate
Unquoted Service Path
Windows – Privilege Escalation and Local Enumeartion Cheat Sheet
Recommended Windows Hack The Box machines
PowerShell Empire – The Ultimate Tool – Kali
Basics and Installing
Getting a Shell + CME + Powershell
Getting a shell + Evil-WinRM + Bat File
Privilege Escalation 1 – ReverShell With Unquoted Path
Privilege Escalation 2 – Stager with NT/SYSTEM
Privilege Escalation 3
Elevated with Empire – Mimikatz and pth
Pth + dcsync + dcshadow -1
Troubleshooting Empire Pth + dcsync + dcshadow – 2
Failed to get + dcsync + dcshadow – 3
Getting Shell with JenkinsAdmin
Finally Getting Dcsync + Persistent
Metasploit – Kali
Intro
Exploiting Ethernal Blue Metasploit
Enumeration 1 – User, Groups, Computers
Enumeration 2 – Arp, Tokens, Patches
Enumeration 3 – Shares, SMB, and More
Exploit Suggestor
Exploit Suggestor 2
Back door add user
HashDump With Metasploit
Lateral Movement – PTH With metasploit
Lateral Movement To DC – Metasploit
Steal_Token and Dumping All Hashes – Metasploit
DcSync With Metasploit
Golden Ticket With Metasploit
BACKDOOR METERPRETER SERVICE 1
BACKDOOR METERPRETER SERVICE 2
Domain Enumeration – RDP
Intro Domain Enumeration
Domain User Enumeration
Domain Group Enumeration
Domain Computer/Servers Enumeration
PowerView – GPO and OU
Domain Shares Enumeration
PowerView – ACL
Active Directory Recon
BloodHound Installation
BloodHound Basics
Domain Enumeration Cheat Sheet – PowerView
Lateral Movement – RDP
Intro to Lateral Movement – RDP
How Kerberos Work
Dumping SAM and SYSTEM For Offline Cracking
SAM & LSA with MimiKatz
PassTheHash with MimiKatz
Passing the ticket
Pass the ticket with Rubeus
Session Hijack
SMB Relay Attack
10 ways to get dump files
Domain Privilege Escalation – RDP
Intro – Domain Privilege Escalation
ACL – GenericAll on Group
Priv Esc – DNSAdmins
dcsync
Unconstrained delegation – Computer
constrained Delegation – Computer
ACL – GenericWrite on User
SET-SPN – Kerberoast
Targeted Kerberoasting – AS-REPs – FINDING
Targeted Kerberoasting – AS-REPs – SET
Domain Persistence and Dominance – RDP
Intro Domain Persistence and Dominance – RDP
DSRM
DCShadow – Change Attribute
DCShadow – SIDHistory
DCShadow – hash
Golden Ticket
Silver Ticket
AdminSDHolder – Adding Permission
AdminSDHolder – Abusing Permission
ZeroLogon — Do This Last
