Attacking Active Directory With Advanced Techniques With Lab

Attacking Active Directory Advanced - Red Team Hacking

What you'll learn

Enumerate Active Directory Anonymously

Exploiting Active Directory With Poison and Relay

Exploit Active Directory User Misconfiguration

Exploiting PrintNightmare

Exploit Active Directory Constrained Delegation

Exploit Active Directory With Metasploit

Exploit Active Directory Certificate Services

Active Directory User ACL Exploits

MSSQL servers Exploitation

Requirements

Familiarity with basic command-line usage, networking, and security principles will be beneficial.

Participants should have a solid foundation in ethical hacking and penetration testing concepts, as well as a fundamental understanding of Active Directory.

By the end of the "Attacking Active Directory with Advanced Techniques" course, participants will have honed their skills in attacking AD environments, learned how to identify and exploit vulnerabilities, and gained the expertise needed to secure AD infrastructures effectively.

Description

Course Overview: The "Attacking Active Directory with Advanced Techniques" course is an intensive and hands-on training program designed for cybersecurity professionals, ethical hackers, and penetration testers who wish to elevate their skills in exploiting and attacking Active Directory (AD) environments. This comprehensive course covers a wide array of advanced techniques that participants can use to discover and exploit vulnerabilities in AD systems, gaining invaluable insights into securing AD infrastructures effectively.Key Learning Objectives:Reconnaissance: Learn advanced reconnaissance techniques to gather critical information about Active Directory infrastructures, including domain controllers, users, groups, and trusts. Understand how to map out the AD environment to identify potential attack surfaces and weaknesses.Exploiting with Poisoning and Relay: Dive into techniques like NTLM relay attacks, SMB relay, and Kerberos ticket manipulation to exploit AD systems through various attack vectors.Active Directory User Enumeration Exploits: Master the art of extracting sensitive information from AD users and groups, and use this data to launch targeted attacks.Hacking Active Directory with Metasploit: Understand how to utilize the powerful Metasploit framework to launch sophisticated attacks against AD environments, including exploiting vulnerabilities and post-exploitation activities.Hacking Active Directory Certificate Services: Explore techniques to exploit Certificate Services in AD environments, bypassing security mechanisms and gaining unauthorized access.MSSQL Servers Exploitation: Learn how to identify and exploit misconfigurations and vulnerabilities in MSSQL servers integrated with Active Directory, potentially leading to privilege escalation and data exfiltration.User ACL Exploits in Active Directory: Delve into Active Directory's Access Control Lists (ACLs) and understand how to manipulate permissions to gain unauthorized access and escalate privileges.

Overview

Section 1: Building the Lab

Lecture 1 Install VirtualBox & Vagrant

Lecture 2 Install git and HomeLab Setup

Lecture 3 Ansible Install_

Lecture 4 Setup Ubuntu Server RDP PArt 1

Lecture 5 Setup Ubuntu Server RDP PArt 2

Lecture 6 Vagrant Up

Lecture 7 Vagrant Commands

Lecture 8 Ansible Playbook

Lecture 9 VPN Setup - Part 1

Lecture 10 VPN Setup - Part 2

Lecture 11 Adding Parrot OS or Kali Linux

Section 2: Reconnaissance

Lecture 12 Anonymously Quering or Binding LDAP To Enumerate Active Directory

Lecture 13 Enumerate Users Anonymously - CME

Lecture 14 Enumerate Users Anonymously - RPC

Lecture 15 Enumerate Users Anonymously - enum4linux

Lecture 16 Enumerate Guest Access on Shares - CME

Section 3: Exploiting With Poison and Relay

Lecture 17 I love Responder

Lecture 18 The importance of SMB signing

Lecture 19 responder + ntlmrelayx + proxychain = SAM Database DUMP

Lecture 20 Socks Relay to Dump lsassy

Lecture 21 responder + ntlmrelayx + proxychain + DonPapi & wmiexec.py

Lecture 22 Pass-The-Hash - wmiexec.py

Lecture 23 Pass-The-Hash - Evil-WinRm

Lecture 24 Pass the Hash with CrackMapExec

Lecture 25 Coerced auth smb + ntlmrelayx to ldaps with drop the mic

Section 4: User Enumeration Exploits

Lecture 26 Exploiting Username - ASREP

Lecture 27 Password Spray

Lecture 28 User listing with GetADUsers and ldapsearch

Lecture 29 Kerberoasting User Accounts

Lecture 30 Setting Up PowerView

Lecture 31 Get-NetUser

Lecture 32 Get-NetGroup

Lecture 33 Get-NetComputer

Lecture 34 Invoke-ShareFinder

Lecture 35 Get-NetGPO

Lecture 36 Get-ObjectAcl

Lecture 37 Get-NetDomainTrust

Lecture 38 PowerView Bible

Section 5: Exploiting Servers

Lecture 39 NoPac Exploit From Linux With NoPAC.py

Lecture 40 NoPac Exploit From Windows With NoPAC.exe

Lecture 41 PrintNightmare - BRONX

Lecture 42 PrintNightmare - BALTIMORE$

Lecture 43 Constrained Delegation With Protocol Transition - User:Elena.Lopexz

Lecture 44 Constrained Delegation Without Protocol Transition - Server:Yonkers$

Lecture 45 Resource Based Constrained Delegation - Server:NYC$

Lecture 46 Enumerate Trust

Lecture 47 Foreign group and users

Lecture 48 IIS - Webshell

Lecture 49 Getting a Better Shell

Lecture 50 SeImpersonatePrivilege With Invoke-BadPotato.ps1

Section 6: Metasploit

Lecture 51 Enumeration 1 - Users, Groups, Computers

Lecture 52 Enumeration 2 - Arp, Tokens, Patches

Lecture 53 Enumeration 3 - Shares, SMB, and More

Lecture 54 Back Door Add User

Lecture 55 HashDump With Metasploit

Lecture 56 Lateral Movement With Metasploit

Lecture 57 DsSync With Metasploit from NT Autority/System to Administrator

Lecture 58 Golden Ticket with Metasploit

Lecture 59 BackDoor Meterpreter Service

Section 7: BloodHound

Lecture 60 Blooodhound & Neo4j Install

Lecture 61 Hunting with bloodhound Collector

Section 8: Active Directory Certificate Services (ADCS)

Lecture 62 ADCS reconnaissance and enumeration (with certipy and bloodhound)

Lecture 63 coerce to domain admin with petitpotam - ESC8

Lecture 64 coerce to domain admin with certipy- ESC8

Lecture 65 ADCS Exploitation with certipy - ESC1

Lecture 66 ADCS Exploitation with certipy - ESC2 & ESC3

Lecture 67 ADCS Exploitation with certipy - ESC4

Lecture 68 ADCS Exploitation with certipy - ESC6

Lecture 69 Certifried with certipy - CVE-2022–26923

Lecture 70 Shadow Credentials with certipy

Section 9: User ACL Exploits

Lecture 71 Recon ACL with BloodHound

Lecture 72 ForceChangePassword

Lecture 73 GenericWrite - (Target Kerberoasting)

Lecture 74 WriteDacl on User

Lecture 75 Add self on Group

Lecture 76 AddMember on Group

Lecture 77 WriteOwner on Group

Lecture 78 Generic all on user

Lecture 79 GPO abuse

Lecture 80 LAPS Read Password Abuse

Section 10: MSSQL servers Exploitation

Lecture 81 Enumerate MSSQL servers with GetUserSPNs & NMAP

Lecture 82 Enumerate MSSQL servers with CrackMapExec and Impacket

Lecture 83 Exploiting MSSQL - impersonate - execute as login

Lecture 84 Exploiting MSSQL - Coerce and relay

Lecture 85 Exploiting MSSQL - trusted links

Lecture 86 Exploiting MSSQL - Command execution to shell - Yonkers

Lecture 87 Exploiting MSSQL - Command execution to shell - Salisbury

Cybersecurity professionals and penetration testers seeking to advance their knowledge of Active Directory exploitation.,System administrators and IT personnel responsible for securing Active Directory infrastructures.