Pentest

Pentest Active Directory 1 Intermediate - 5 days

Description

For many companies, Active Directory is the heart of identity and access management. Its ubiquity within information systems makes it a prime target for computer attacks, and penetration testing is a key component of its defense against threats.

During this five-day training, you will learn the skills necessary to perform an in-depth Active Directory penetration test. By following the five course modules, students will learn the methodology and techniques used by our experts during an intrusion, from anonymous access to the complete compromise of the environment and the persistence of access within it. To illustrate new concepts, learners will be guided through two comprehensive corporate environments.

  • 5 days ( 35 hours )

  • 5 course modules covering all intrusion steps + 1 Azure module

  • 2 corporate environments with more than 40 machines and an Azure environment

Public and prerequisites

This training is suitable for people with notions of offensive security but no prior experience in Active Directory environments. It is aimed primarily at pentesters, system administrators and security architects, but also at any technical profile wishing to enrich their professional career with a security component.

  • Pentesters

  • System administrators

  • Security architects

Notions of offensive security and good network and Unix knowledge are recommended.

Content

Day 1

Theoretical foundations of security mechanisms: administration mechanisms ( RPC, SMB, WMI, RDP, WinRM ), identity and access management, storage of secrets, network authentication protocols ( NTLM, Kerberos ), hierarchy and Active Directory trusts. Reconnaissance and exploitation techniques from anonymous access: enumeration, network protocol poisoning, relaying.

Day 2

Reconnaissance on the domain from non-privileged access: objects extraction ( users, groups, machines, GPOs ) and mapping with BloodHound. Local privilege escalation: enumeration and exploitation ( local services, scheduled tasks, ACLs, public vulnerabilities ), UAC bypass techniques.

Day 3

Escalation of privileges within a domain: secrets extraction ( registry, LSASS, DPAPI ), replay of authentication, kerberoasting, abuse of control paths. Bypassing software restrictions: AppLocker, evading restricted desktops ( Citrix, RDP Kiosk ).

Day 4

Post-exploitation steps from privileged access on the domain: secrets extraction ( NTDS, DPAPI ), ticket forgery ( silver and golden tickets ), manipulating ACLs, persisting within the environment, and erasing traces. Extending the compromise: cross-domain and cross-forest trust relationships, Kerberos delegation abuse.

Day 5

Introduction to Azure: fundamental concepts ( terminology, identity and access management ), integration with Active Directory ( identity synchronization, Single Sign-On mechanisms ), recognition and compromise steps from the on-premise environment.