Active Directory Exploitation And Lateral Movement Black-Box

Exploiting Kerberos Delegations, Forest Trusts, SQL Server, ACLs, Excessive Users and Groups privilege and Many more

What you'll learn

Learn how to enumerate information from Active Directory, including users, groups, computers, and trust relationships. Understand the importance of information

Learn how to abuse some active directory intended functionality to established foothold and escalate privilege

Identify common attack vectors in Active Directory, such as misconfigurations, weak passwords, and insecure group memberships. Understand how attackers exploit

Understand the importance of reconnaissance in penetration testing. Learn to use tools for AD reconnaissance, such as BloodHound and PowerView.

Explore common vulnerabilities in Active Directory, such as pass-the-hash attacks, Kerberoasting, and DCSync attacks.

Understand post-exploitation activities, including lateral movement and privilege escalation.

Understand the concept of trusts in Active Directory and how they can be exploited

Learn about common trust-based attacks, such as Golden Ticket attacks.

Student will learn how to build active directory lab create forests and trust between forests

Requirements

Basic knowledge of Ethical Hacking

Description

Understanding Windows Active Directory is an invaluable skill for security professionals for several compelling reasons1 Critical Infrastructure: Active Directory is a critical component in most Windows-based networks, serving as the backbone for authentication, authorization, and resource management. Penetrating Active Directory can lead to unauthorized access to sensitive information, making it a prime target for attackers. Understanding how to test and secure it is essential for protecting overall network security.2  Common Attack Vector: Active Directory is a common target for attackers attempting to compromise an organization's network. Knowing how to conduct penetration testing allows security professionals to identify and address vulnerabilities before malicious actors can exploit them.3 Risk Mitigation: By proactively testing Active Directory, security professionals can identify and mitigate potential risks and vulnerabilities. This proactive approach is essential for preventing security incidents and data breaches.4 Career Advancement: For individuals pursuing a career in cybersecurity, having expertise in Active Directory penetration testing is a valuable skill. Employers often seek professionals who can assess and enhance the security of critical infrastructure components like Active Directory.Red Team Operations: Active Directory penetration testing is a fundamental skill for red team operations. Red teams simulate real-world attacks to test an organization's defenses, and a strong understanding of Active Directory is essential for effective red teaming.In summary, learning Active Directory penetration testing is important for enhancing cybersecurity, preventing unauthorized access, meeting compliance requirements, and staying ahead of evolving cyber threats. It equips security professionals with the skills needed to protect critical IT infrastructure and respond effectively to security challenges.

Overview

Section 1: Creating Active Directory Penetration Testing Lab

Lecture 1 OverView

Lecture 2 Creating VMs and Downloading Evaluation Copies of Windows Servers and Clients

Lecture 3 Installing Windows Server 2019 as root Domain

Lecture 4 Installing AD-DS on ROOT-DC01

Lecture 5 Installing and Configuring Sql Server on ROOT-DC01

Lecture 6 Installing and Configuring the Child Domain

Lecture 7 Installing TRUSTED-DC03 for Forest Trust

Lecture 8 Installing and Configuring Sql Server on TRUSTED-DC03

Lecture 9 Installing and Configuring WIndows 10 Client Machine

Lecture 10 Installing windows server 2016 as DMZ-SRV

Lecture 11 Installing and Configuring Sql Server on DMZ-SRV

Lecture 12 Installing Windows Server 2008 as File Server

Lecture 13 Configuring Trust Relationship between Forests

Lecture 14 Creating Domain Users

Lecture 15 Creating Groups and GPO

Lecture 16 Foreign Group Membership Configuration

Lecture 17 Creating Mssql Server logins, Databases and login Impersonation

Section 2: External Enumeration

Lecture 18 Ports Scanning with Nmap

Lecture 19 SMB null session enum with smbclient,smbmap nbtscan , rpcclient and Nmap

Lecture 20 Bruteforcing Mssql Server with Nmap

Lecture 21 Bruteforcing Mssql Server with hydra

Lecture 22 Bruteforcing Mssql Server with Metasploit

Lecture 23 Bruteforcing Mssql Server with Crackmapexec

Section 3: Code Execution and Initial Enumeration

Lecture 24 Code Execution with with Crackmapexec using Sql Server sa Credential

Lecture 25 Uploading SharpView.exe to the DMZ Server using Cracmapexec

Lecture 26 Domain Enumeration with Sharpview.exe

Lecture 27 Getting Foothold Using Crackmapexec with Mssql Credential

Lecture 28 Getting Foothold Using Impacket with Mssql Credential

Section 4: Post Exploitation

Lecture 29 Dumping System Secrets with mimikatz

Lecture 30 Port forwarding with netsh windows native tool

Lecture 31 Pivoting with chisel and proxychains

Section 5: Internal Domain Enumeration with PowerView Python

Lecture 32 Domain Users Enumeration with PowerView Python

Lecture 33 Domain Groups Enumeration with PowerView Python

Lecture 34 Domain Computers Enumeration with PowerView Python

Lecture 35 Forest trust enumeration with PowerView Python

Section 6: Internal Domain enumeration with CrackMapExec

Lecture 36 Domain Users, Groups, Computers and Shares Enumeration with CrackMapExec

Section 7: Domain Enumeration with Windapsearch

Lecture 37 Domain Users, Groups and Computer enumeration with Windapsearch

Section 8: Domain Enumeration with rpcclient

Lecture 38 Domain Users, Groups and Computers Enumeration with rcpclient

Section 9: Domain Enumeration with BloodHound

Lecture 39 Domain Enumeration with Bloodhound

Section 10: Domain Privilege Escalation

Lecture 40 ASREProasting with impacket

Lecture 41 Kerberoasting with impacket

Lecture 42 ASREProasting with CrackMapExec

Lecture 43 Kerberoasting with CrackMapExec

Lecture 44 DCSync with CracMapExec and Impacket

Lecture 45 Computer Unconstrained delegation

Lecture 46 Computer Unconstrained Delegation - Printer Bug

Lecture 47 Computer Constrained Delegation with impacket

Lecture 48 Resource-Based Constrained Delegation with impacket

Lecture 49 Link-local multicast name resolution (LLMNR Poisoning) exploiting with responder

Section 11: Domain PrivEsc – Mssql server-CrackMapExec

Lecture 50 Exploiting SQL Impersonation from public role to sysadmin role with CrackMapexec

Lecture 51 Little about CrackMapExec Database

Section 12: Domain PrivEsc – Mssql server - Impacket

Lecture 52 Exploiting SQL Server Nested impersonation with Impacket

Section 13: Pass the Hash Lateral Movement

Lecture 53 Pass the hash (Pth) with CrackMapExec, Impacket, Evil-winrm and xfreerdp

Section 14: Cross-Forest Trust Attack

Lecture 54 Cross-Forest Trust AsReproasting

Lecture 55 Cross-Forest Trust Kerberoasting

Lecture 56 Foreign Group Membership Enumeration

Lecture 57 Foreign Group Membership Attack

Section 15: Cross-Forest Trust SQL Server Trustworthy Database Attack

Lecture 58 Cross-Forest Privilege Escalation Trustworthy database, with PowerUPSQL

Section 16: Attacking Domain Trusts - Child -> Parent Trusts

Lecture 59 Domain Privilege Escalation from DA of Child Domain to EA domain with Powershell

Lecture 60 Domain Privilege Escalation from DA of Child Domain to EA domain Impacket

Section 17: Active Directory Persistence

Lecture 61 Golden Ticket with Impacket

Lecture 62 Silver Ticket with Impacket

Lecture 63 AdminSDHolder Overview

Lecture 64 ACL Attack > ForceChangePassword

Lecture 65 ACL Attack > GenericWrite

Lecture 66 AdminSDHolder ACL Attack

Students who want tp become an Active Directory Pentesting Expert,Student Intending to sit for OSCP Exam,Students who want to know how build and Exploit Active Directory Lab