Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition DCTLV2025
    Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition DCTLV2025

    Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition DCTLV2025

    Las Vegas 2025

    Name of Training: Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition
    Trainer(s): Altered Security
    Dates: August 11-12, 2025
    Time: 8:00 am to 5:00 pm PT
    Venue: Las Vegas Convention Center
    Cost: $1,500

    Course Description: 

    More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.

    This training is aimed towards attacking modern AD with focus on OPSEC and Stealth. The training is based on real world penetration tests and Red Team engagements for highly secured environments.  Some of the techniques used in the course:

    • Introduction to OPSEC and Stealth used in the class. 

    •  Offensive .NET and PowerShell tradecraft

    • Extensive AD Enumeration

    • Active Directory trust mapping and abuse.

    • Privilege Escalation (User Hunting, Delegation issues, LAPS abuse, gMSA abuse, SPN Hijacking, Shadow Credentials and more)

    • Advanced Kerberos Attacks and Defense (Diamond, Golden, Silver ticket, Kerberoast and more)

    • Advanced cross forest trust abuse (Lateral movement across forest, PrivEsc and more)

    • Credentials Replay Attacks (Over-PTH, Token Replay, Certificate Replay etc.)

    • Attacking Entra ID integration (Hybrid Identity)

    • Abusing trusts for MS products (AD CS, SQL Server etc.) 

    • Persistence (WMI, GPO, Domain and Host ACLs and more)

    • Monitoring Active Directory

    • Defenses (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, MDE EDR, Microsoft Defender for Identity etc.)

    • Bypassing defenses (MDE, MDI and Elastic)

    The course is a mixture of fun, demos, exercises, hands-on and lecture. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools. 

    Attendees will get free two months access to an Active Directory environment comprising of multiple domains and forests, during and after the training and a Certified Red Team Expert Exam (CRTE) certification attempt. 

    Course Outline: 

    Day 1

    • Introduction OPSEC and Stealth used in the class

    • Attack methodology and tradecraft

    • Extensive AD Enumeration (Attacks and Defense)

    • Trust and Privileges Mapping

    • Local Privilege Escalation

    • Credential Replay Attacks with MDI bypass (Over-PTH, Token Replay etc.)

    • Domain Privilege Escalation (User Hunting, Delegation issues, LAPS abuse, gMSA abuse, SPN Hijacking, Shadow Credentials and more)

    • Dumping System and Domain Secrets with EDR bypass

    • Advanced Kerberos Attacks and Defense (Golden, Silver ticket, Kerberoast and more)

    Day 2

    • Advanced cross forest trust abuse (Lateral movement across forest, PrivEsc and more)

    • Persistence (WMI, GPO, Domain and Host ACLs and more)

    • Attacking Azure integration and components

    • Abusing trusts for MS products (AD CS, SQL Server etc.)

    • Monitoring AD using Defender 365 and Elastic Dashboard

    • Defenses (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, MDE EDR Microsoft Defender for Identity etc.)

    • Bypassing Defenses (MDE, MDI and Elastic)

    Difficulty Level:

    Intermediate/Advanced

    Suggested Prerequisites:

    A basic knowledge of Active Directory security and ability to use command line tools.

    What Students Should Bring: 

    • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. 

    • Privileges to disable/change any antivirus or firewall.

    Trainer(s) Bio:

    Manthan is a security researcher with a strong passion for enterprise security, red teaming and Active Directory security. He specializes in testing enterprise security defences with a deep understanding of offensive strategies, including EDR evasion and Active Directory attacks. He continuously researches emerging threats, attack techniques, and mitigation strategies to stay ahead of evolving adversaries.

    He works as a Security Researcher at Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

    Shaunak is a security researcher who is highly competent in executing red team operations in enormous enterprise environments with OPSEC considerations and malware development to bypass modern threat detection/prevention solutions. He likes to work on customizing open-source C2s and other tooling to bypass detection. 

    He works as a Security Researcher at Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

    Nikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

    He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences. 

    He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more. 

    Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

    Registration Terms and Conditions: 

    Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

    Trainings are non-refundable after July 8, 2025.

    Training tickets may be transferred. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    $1,300.00
    $1,500.00
    DEF CON Communications, inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    Powered by Shopify