دانلود آموزش تست نفوذ و هک Active Directory

اهمیت سرویس Active Directory را نمیتوان در یک شبکه دست کم و نادیده گرفت . بیش از ۹۰٪ شرکتهای بزرگ از سرویس دامین کنترلر ویندوز برای لاگین سیستم عامل ها استفاده میکنند . قدرت این سرویس در اعمال پالیسی و مدیریت شبکه در سطح سیستم عامل ها دارای اهمیت بالایی است . وقتی موضوع امنیت AD به میان می‌آید .

دوره Attacking and Defective Active Directory یک دوره عالی در زمینه شناسایی تهدیدات ، امنیت و تست نفوذ و هک سرویس Active Directory و سرویس های وابسته به آن است .

Attacking and Defending Active Directory

A non-exhasutive list of topics to be covered include:

          • Active Directory Enumeration. Use scripts, built-in tools and MS ActiveDirectory module to enumerate the target domain.

    • Understand how useful information like users, groups, group memberships, computers, user properties etc. from the domain controller is available to even a normal user.

    • Understand and enumerate intra-forest and inter-forest trusts. Practice how to extract information from the trusts.

    • Enumerate Group policies.

    • Enumerate ACLs and learn to find out ‘interesting rights on ACLs in the target domain to carry out attacks.

            • Local Privilege Escalation

    • Learn different local privilege escalation techniques on a Windows machine.

    • Hunt for local admin privileges on machines in the target domain using multiple methods.

    • Abuse enterprise applications to execute complex attack paths that involve bypassing antivirus and pivoting to different machines.

            • Domain Privilege Escalation

    • Learn to find credentials and sessions of high privileges domain accounts like Domain Administrators, extracting their credentials and then using credential replay attacks to escalate privileges, all of this with just using built-in protocols for pivoting.

    • Learn to extract credentials from a restricted environment where application whitelisting is enforced. Abuse derivative local admin privileges and pivot to other machines to escalate privileges to domain level.

    • Understand the classic Kerberoast and its variants to escalate privileges.

    • Enumerate the domain for objects with unconstrained delegation and abuse it to escalate privileges.

    • Find domain objects with constrained delegation enabled. Understand and execute the attacks against such objects to escalate privileges to a single service on a machine and to the domain administrator using alternate tickets.

    • Learn how to abuse privileges of Protected Groups to escalate privileges.

            • Domain Persistence and Dominance

    • Abuse Kerberos functionality to persist with DA privileges. Forge tickets to execute attacks like Golden ticket and Silver ticket to persist.

    • Subvert the authentication on the domain level with Skeleton key and custom SSP.

    • Abuse the DC safe mode Administrator for persistence.

    • Abuse the protection mechanism like AdminSDHolder for persistence.

    • Abuse minimal rights required for attacks like DCSync by modifying ACLs of domain objects.

    • Learn to modify the host security descriptors of the domain controller to persist and execute commands without needing DA privileges.

            • Cross trust attacks

    • Learn to elevate privileges from Domain Admin of a child domain to Enterprise Admin on the forest root by abusing Trust keys and krbtgt account.

    • Execute intra-forest trust attacks to access resources across forest.

    • Abuse database links to achieve code execution across forest by just using the databases.

            • Forest persistence and dominance

    • Understand forest persistence technique like DCShadow. Execute it to modify objects in the forest root without leaving change logs. Learn minimal permissions required to use DCShadow and avoid change logs for minimal permissions using Shadowception.

            • Defenses – Monitoring

    • Learn about useful events logged when the discussed attacks are executed.

            • Defenses and bypass – Architecture and Work culture Changes

    • Learn briefly about architecture and work culture changes required in an organization to avoid the discussed attacks. We discuss Temporal group membership, ACL Auditing, LAPS, SID Filtering, Selective Authentication, credential guard, device guard, Protected Users Group, PAW, Tiered Administration and ESAE or Red Forest.

    • Learn how Microsoft’s Advanced Threat Analytics and other similar tools detect domain attacks and the ways to avoid and bypass such tools.

            • Defenses and bypass – Deception

    • Understand how Deception can be effective deployed as a defense mechanism in AD. Deploy decoy user objects, which have interesting properties set, which have ACL rights over other users and have high privilege access in the domain along with available protections. Deploy computer objects and Group objects to deceive an adversary. Learn how adversaries can identify decoy objects and how defenders can avoid the detection.

            • Defenses and bypass – PowerShell

    • Learn about various improvements in Windows PowerShell v5 and their significance in detecting attacks. We will discuess System Wide Transcription, Enhance logging, Constrained Language Mode, AMSI etc. Learn how JEA helps in secure administration. Execute bypasses against the discussed defenses and the detection of bypasses.