DEF CON Training
Advanced Active Directory Manipulation - Orange Cyberdefense $2,800
Name of training:
Advanced Active Directory Manipulation
SensePost, an elite ethical hacking team of Orange Cyberdefense have been training internationally since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.
Trainer(s) social media links:
Have you taught this training before? Where and when?
A version of this course has been presented at Ringzer0 in 2022.
We have since modified various aspect of the course to appeal more toward the advanced techniques used in AD exploitation. We have also updated the course to contain knowledge and practicals related to the latest AD vulns such as certificate abuse.
Do you have links to sites that promoted your past training so we can better understand how you presented it to the public?
Here is the 2022 RingZer0 course link: https://ringzer0.training/archive/2022-february/active-directory.html
Mere vulnerability scanning has been rendered obsolete, in particular for more conscious and mature organizations. Penetration testing, red team and purple team engagements against Active Directory environments deployed on the premises require, among others, robust knowledge of the relationships between domain objects and of the Kerberos protocol, in order to meet their goals.
Although many tools have been made available which aid in the enumeration of domain environments and the discovery and abuse of misconfigurations thereof, they are rarely used efficiently. Rather than the tools themselves, this most often stems from the fundamental misconception and misinterpretation of those relationships and protocols in place. In consequence, contributing to further confusion and to the failure to attack and defend a domain environment appropriately.
Standing on the shoulders of giants in the industry, the Advanced Active Directory Exploitation (AADE) course provides a meticulous and thorough examination of domain object relationships and of the quite complicated Kerberos protocol, the latter being scrutinized on a request and response level. The end goal being to enable attackers and defenders into engaging with domain environments deployed on the premises with efficiency and precision. This is achieved by comprehensive theory in conjunction with a series of practical exercises within a unique to each student domain environment.
* 2-day course
* 60% practical and 40% theoretical
* A multi-domain lab environment unique to each student.
* 20+ practicals, including bonus ones.
* Domain object relationships and abuse thereof.
* Kerberos protocol and abuse thereof.
* Active Directory Certificate services and abuse thereof.
Come join our AD Master class!
Detailed course outline for use by the Def Con training review team – not to be shared publicly.
Each module and submodule contains active practicals in our multi-domain lab environment.
Windows authentication and access tokens:
* How does Windows authentication work in a domain environment?
* What are the differences between local and domain authentication?
* Access tokens; what are they and how can they be compromised?
Relayed and coerced authentication:
* What are network spoofing and relay attacks?
* What is coerced authentication and cross-protocol relaying?
Domain object relationships:
* What constitutes a domain object?
* What are the relationships between them?
* What are the access controls imposed on them?
* What is inheritance and how does it work?
Group Policy Objects:
* What are Group Policy Objects?
* How can they be abused?
* Can they facilitate lateral movement?
* How does Kerberos work on a request and response level?
* What are the roasting attacks against the Kerberos protocol?
* What is the double-hop problem and how does delegation solve it?
* What is domain user impersonation and how does it aid in delegation?
* How does delegation work on a request and response level?
* How can each delegation flavor be configured or misconfigured?
* How can each delegation flavor be abused?
* What are some significant persistence avenues?
* What are Kerberos Silver and Golden Tickets?
* What is credential dumping?
Domain Trust Relationships:
* What are trust relationships between domains?
* How can they be abused?
Active Directory Certificate Services:
* What is the Active Directory Certificate Service?
* How domain objects enroll certificates?
* How can they be misconfigured and abused?
Technical difficulty: Advanced
Suggested prerequisites for the class:
Extensive experience is not required for this course, albeit a solid technical grounding is an absolute must. We recommend familiarity with the Windows operating system and its command line at a minimum.
Items students will need to provide:
A laptop with a modern browser they are familiar with.
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.