Hacking & Defending Active Directory

Course Duration

1 day

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Basic knowledge of computers and networking is recommended. CompTIA A+/Network+ equivalent knowledge or completion of the free Practical Help Desk course in TCM Security Academy will prepare you for this class.

Course Description

One of the most common tools to structure and organize users and computers in a business environment is Microsoft's Active Directory. However, Active Directory also happens to be one of the most exploited tools that hackers utilize to gain access to corporate networks. This live Active Directory training class will not only teach you the most common exploits hackers use to break into networks, it will also teach you the steps that you need to take to remediate and patch these exploits. You will gain practical skills and knowledge that can be immediately applied to secure your environment.

Learning Objectives

• Understand the structure and components of Active Directory, including both physical and logical elements
• Identify and defend against common pre-compromise Active Directory attacks such as LLMNR poisoning, SMB relay, IPv6 spoofing, AS-REP roasting, and passback attacks
• Use key post-compromise enumeration tools (e.g., BloodHound, PingCastle) to assess AD environments and recognize common administrative misconfigurations
• Analyze and defend against post-compromise attacks including Kerberoasting, token impersonation, credential dumping, and persistence techniques
• Adopt an attacker's mindset to better anticipate and mitigate real-world AD exploitation tactics
• Apply lessons from real penetration test case studies to strengthen Active Directory security posture

Course Outline

Active Directory Overview

• What is Active Directory?
• Physical Active Directory Components
• Logical Active Directory Components

Pre-Compromise AD Attacks and Defenses

• LLMNR Poisoning Attacks and Defenses
• SMB Relay Attacks and Defenses
• IPv6 Attacks and Defenses
• AS-REP Roasting Attacks and Defenses
• Passback Attacks and Defenses
• Inside the Attacker's Mindset

Post-Compromise AD Enumeration

• Common enumeration tools: BloodHound, Plumhound, PingCastle, ldapdomaindump, and more
• Understanding common mistakes from an Administrator's perspective

Post-Compromise AD Attacks and Defenses

• Pass Attacks and Defenses
• Kerberoasting Attacks and Defenses
• Token Impersonation Attacks and Defenses
• URL File Attacks and Defenses
• GPP Attacks and Defenses
• Credential Dumping Attacks and Defenses
• Persistence Attacks and Defenses

AD Case Studies

• Real case studies from real penetration tests