Offensive Active Directory Operator Course

Description

Syllabus

Day 1 - Tools and Defenses: platform selection, tool arsenal, obfuscation, AMSI, logging bypasses, AVs and EDRs.
- Introduction to Active Directory: Key concepts in AD structure and Kerberos authentication.
- Active Directory Enumeration: Techniques for enumeration and related OPSEC. - Active Directory Federation Services: Abuse and Initial Access
- Password Attacks: Password spraying, service ticket attacks, GMSA exploitation, and shadow credential attacks.
- Man-in-the-Middle (MITM) Attacks: protocol poisoning, relays, bypassing protections, and Potato exploits.

Day 2
- File Share Exploitation: Mapping shares, sensitive data discovery and privilege escalation.
- Delegation Attacks: Exploiting ACLs, delegation and more.
- Local Admin Password Reuse: Weak password policies and LAPS security - Exploiting MSSQL: Enumeration, abuse, safe exfiltration, and privilege escalation - Active Directory Certificate Services (AD CS) Exploitation: Exploitation, certificate abuse, code signing and tradecraft. - SCCM Exploitation: Enumeration, privilege escalation, account relays, code execution, and persistence.

Day 3 - Advanced Post-Exploitation Techniques: Dumping credentials, ticket-based attacks and Domain persistence.
- Cross-Forest Privilege Escalation: Child-to-parent escalation, bypassing SID filtering, TGT attacks, and various trust abuses.
- Real-World Scenarios: Practical application of techniques, from initial foothold to domain admin, using a combined attack path.
- Defenses and Deception: Deception, decoys, tampering attack telemetry, and securing AD against common exploits.

Trainer Bio

Munaf Shariff is an information security professional whose primary areas of expertise include penetration testing, red teaming, malware development, defense evasion and Active Directory security. Munaf has worked extensively on various Red Team and Active Directory security topics holding industry recognized certifications and is actively contributing to the community with open source projects like Disable-TamperProtection and more. He also has delivered trainings at conferences like DEFCON, BLACKHAT and more.

He works as a Senior CNO Tool Developer at White Knight Labs which is a company focused on offensive security services and hands-on enterprise security trainings.

Key Learning Objectives

• Introduction to Tools and Defenses
• Introduction to Active Directory
• Active Directory Enumeration & Reconnaissance
• Active Directory Federation Services abuse
• Password Attacks in Active Directory
• Man-in-the-Middle (MITM) Attacks
• File Share Enumeration and Exploitation
• Delegation based Attacks
• Local Admin Password Reuse & Tools for Exploitation
• Exploiting MSSQL in Active Directory Environments
• Active Directory Certificate Services (ADCS) Exploitation
• Microsoft System Center Configuration Manager (SCCM) Abuse
• Advanced Post-Exploitation Techniques
• Cross-Forest Privilege Escalation
• Hands-on Labs & Real-World Scenarios
• Defenses and Deception

Who Should Attend?

This course is ideal for penetration testers looking to break into red teaming and blue teamers that want to understand hyper-current techniques and explore Active Directory offensive security.

Prerequisite Knowledge

This is an intermediate/advanced level course – a background in Active Directory, Networking Basics. programming and Windows Internals would be useful.

Hardware Requirements

Students must have an active AWS admin account with programmatic access to run the Terraform script that can create the lab environment.

Bio