Advanced Windows Active Directory Penetration Testing
Hone Your Internal Windows AD Pentesting Skills
What you'll learn
-
Overview of Penetration Testing, it's limitations and some logistics in delivering a pentest engagement.
-
Deploy an Active Directory lab to execute attacks in a safe environment.
-
Master the fundamentals of Active Directory (AD).
-
Walkthrough the phases of AD Kill Chain when conducting a Windows Active Directory penetration tests.
-
Learn to use an external OSINT as part of your internal AD penetration testing process.
-
Learn Initial Access techniques such as Kerberos-based Password Spray, NTLM Relay, NBNS/LLMNR protocol abuse, AS-REP Roasting, etc.
-
Learn Network and Domain Enumeration techniques, both manually and semi-automatically using tools such as Dig, Nslookup, NetExec, BloodHound, etc.
-
Learn Domain Privilege Escalation and Lateral Movement techniques by abusing Kerberos Protocol for attacks such as Kerberoasting, Kerberos Delegations, etc.
-
Learn Domain Privilege Escalation and Lateral Movement techniques by abusing misconfigured Active Directory Access Control Lists (ACLs).
-
Learn Domain Privilege Escalation and Lateral Movement techniques by abusing general misconfigurations and poor AD User habits.
-
Abuse misconfigured Active Directory Certificate Services for Privilege Escalation and Dominance.
-
Learn Domain Persistence techniques such as Golden Ticket, Silver Ticket, Diamond Ticket, Sapphire Ticket.
-
Explore different advanced techniques in Cross Domain and Cross Forest attacks such as SID Filtering bypass, etc.
-
Writing a Penetration Testing Report that will help your client in prioritizing and addressing discovered attack vectors and vulnerabilities.
