Skip to main content
Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition $1,700 (Early $1,500)
Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition $1,700 (Early $1,500)

Altered Security - Active Directory Attacks for Red and Blue Teams - Advanced Edition $1,700 (Early $1,500)

$1,500.00

Name of Training:

Active Directory Attacks for Red and Blue Teams - Advanced Edition

Description:

This training is aimed towards attacking modern AD using built-in tools, scripting and other trusted OS resources.

Training description:

More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete network. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining interoperability with a variety of products, AD lack ability to tackle latest threats.
This training is aimed towards attacking modern AD using built-in tools, scripting and other trusted OS resources. Some of the techniques, used in the course:
-  Extensive AD Enumeration
-  Trust mapping and abuse
-  Privilege Escalation 
-  Advanced Kerberos Attacks
-  Advanced cross forest trust abuse
-  Attacking Azure AD integration
-  Abusing trusts for MS products
-  Credentials Replay Attacks 
-  Persistence 
-  Defenses 
-  Bypassing defenses 

You start from a user desktop and work your way up to multiple forest pwnage. 
Attendees will get free one month access to an AD environment comprising of multiple domains and forests.

This course is very useful in securing the backbone of any Enterprise Environment. We have been teaching this course at BlackHat for many years now and the feedback has always been very good. The students have always enjoyed the course and the lab. We provide multiple ways of solving the lab that helps the students to utilize the lab to fullest!

Past content:

BlackHat USA 2022 - https://www.blackhat.com/us-22/training/schedule/#active-directory-attacks-for-red-and-blue-teams--advanced-edition-25796
BruCON 2022 - https://www.brucon.org/2022/brucon-2022-training/active-directory-attacks-for-red-and-blue-teams-advanced-edition/

Trainer(s) bio:
Munaf Shariff
Munaf is an information security professional whose areas of interest include penetration testing, red teaming, malware development, defense evasion and Active Directory security. Munaf likes to research on EDR evasion and C2 frameworks. He has worked extensively on various Red Team and Active Directory security topics.

He works as a Security Researcher at Altered Security - a company focusing on hands-on Azure security learning - https://www.alteredsecurity.com/

Nagendrra C
Nagendrra is an information security professional whose areas of interest includes Azure, Active Directory security, and application security. Nagendrra likes to research on enterprise security attacks and defense. He has worked extensively on Azure and application security.

He works as a Security Researcher at Altered Security - a company focusing on hands-on Azure security learning - https://www.alteredsecurity.com/
Trainer(s) social media links:

https://twitter.com/alteredsecurity : @alteredsecurity




Outline:

Total 960 minutes

Detailed outline - Day 1
- Introduction to Active Directory and Kerberos (20 minutes)
- Introduction to Attack methodology and tradecraft (20 minutes)
- Extensive AD Enumeration (Attacks and Defense) (90 minutes)
- Trust and Privileges Mapping (20 minutes)
- Local Privilege Escalation (30 minutes)
- Credential Replay Attacks (Over-PTH, Token Replay etc.) (30 minutes)
- Domain Privilege Escalation (User Hunting, Delegation issues and more) (120 minutes)
- Dumping System and Domain Secrets (30 minutes)
- Advanced Kerberos Attacks and Defense (Golden, Silver ticket, Kerberoast and more) (120 minutes)

Detailed outline - Day 2
- Advanced cross forest trust abuse (Lateral movement across forest, PrivEsc and more) (120 minutes)
- Persistence (WMI, GPO, Domain and Host ACLs and more) (90 minutes)
- Attacking Azure integration and components (30 minutes)
- Abusing trusts for MS products (AD CS, SQL Server etc.) (120 minutes)
- Monitoring AD (30 minutes)
- Defenses (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, Microsoft Defender for Identity etc.) (60 minutes)
- Bypassing Defenses (30 minutes)

Takeaways for the students after completing the class:
- The course has been very popular with students at BlackHat who are responsible for securing an Enterprise. We constantly work on feedback on what to improve in the course and keep it updated to address latest threats in Active Directory. This enable students to address real threats in their environments and therefore help them with their daily job!

- Students get to practice in an environment that is fully patched, contains modern Windows machines, the latest Forest functional level and is pretty big. In addition, the course focuses only on abuse of functionality. This means whatever the students practice in the lab will be useful for many years. 

- Students get to know how threat actors move in a modern environment and therefore can develop detections to track attackers.

Technical difficulty:

Intermediate/Advanced. 

Suggested Prerequisites:

A basic knowledge of Active Directory security and ability to use command line tools.

What students should bring:

- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. 
- Privileges to disable/change any antivirus or firewall.

DATE: August 12th-13th 2024
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Altered Security Team Member

- 16 hours of training with a certificate of completion
- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.