Prashant Mahajan - Active Directory: Purple Training - $1,800

Active Directory : Purple Teaming

Active Directory is one of the most popular and widely deployed directory services for centralised domain management. It is susceptible to a wide variety of attacks due to vulnerabilities, configuration weaknesses and its inherent architectural complexity. Many large enterprises adopt Active Directory based domain management practices and hence its security is of prime concern for enterprise administrators and security auditors.

The participants will be taken to a journey of discovering, enumerating and exploiting various services in an Active Directory environment. Participants will start as an outsider in the domain environment with only network level access. Using a combination of recon, exploitation and post-exploitation techniques, the participants will be able to perform multi-staged attacks to finally obtain domain administrator privilege. At the same time understand the concepts of Purple Teaming, visibility & detection and tooling to identify the gaps.

Trainer(s) bio:

Prashant Mahajan is a Director at Payatu Australia Pty Ltd (https://www.payatu.com.au). He has over a decade of experience with various aspects of Information Security including penetration testing, vulnerability analysis, digital forensics, and incident response. He is also a developer of open-source tools such as ADRecon (https://github.com/adrecon/ADRecon) and AzureADRecon (https://github.com/adrecon/AzureADRecon), a founder member of Null - The Open Security Community (https://null.community) and a frequent speaker at industry events and trainings.

Trainer(s) social media links:

LinkedIn: https://www.linkedin.com/in/prashant3535/
Twitter: https://twitter.com/prashant3535

Outline:

DAY 1 - Attack focused
* Discovering / Enumerating AD environments within an AD environment
* Post exploitation
* Lateral movement
* Domain Pwnage

DAY 2 - Purple Teaming
* Auditing the AD security posture
* Setting up baseline security in AD
* Visibility into AD activities
* Detecting malicious activities
* Playbooks

* Introduction to AD (1.5 hrs)
- Basic Concepts (Forest, Domain, DC's, OU, Sites, GPO's and more)
- Protocols in Use (LDAP, MS-RPC, WinRM, WMI and more)
* Enumeration / Discovery in AD (15 mins)
- Unauthenticated Recon Tools: DHCP, DNS, LDAP, Meta Data
- Authenticated Recon Tools : ADRecon, BloodHound
* Lab time (1 hrs 15 mins)
* Post Exploitation paths to Local Admin (15 mins)
* Lab time (45 mins)
* Lateral Movement (1.5 Hrs)
* Domain pwnage (10 mins)
* Domain Admin to Enterprise Admin (5 mins)
* Lab time (45 mins)

DAY 2 - Purple Teaming
* Auditing AD Security Posture (30 mins)
- Introduction to security Best practices
* Lab time (30 mins)
* Baseline Security Setup (15 mins)
- Identify gaps using automated tools
- Tools: PingCastle, Invoke-TrimarcADChecks
* Lab time (45 mins)
* Logging and Obervability in AD (1.5 hrs)
- Log common details
- Common best practices
* Purple Teaming Playbook (1 hrs)
- Basic concentps
- TTPS, Threat Actors
- Cyber Kill Chain, Mitre ATT&CK and D3FEND
- Tools: Caldera, Atomic Red Team, Purplesharp
* Lab time (2.5 hrs)

Training information:

Prashant has delivered trainings at multiple events. A few of the links are mentioned below:
- https://india.c0c0n.org/2022/active-directory-purple-teaming-c0c0n-edition
- https://nullcon.net/goa-2022/training/advanced-infrastructure-security-assessment-training/
- https://www.blackhat.com/us-22/training/schedule/index.html#attack-and-defend-android-applications-25660
- https://www.blackhat.com/us-22/training/schedule/index.html#attack-and-defend-android-applications-256601645123759
- https://archive.nullcon.net/website/goa-2020/training/advanced-infrastructure-security-assessment.php
- https://archive.nullcon.net/website/bangalore-2019/training/breaking-and-pwning-active-directory.php

Technical difficulty:
Beginner

Basic familiarity with user level AD operations is the only requirement besides command-line of Windows & Linux.

Suggested prerequisites:

This course is for beginners Basic familiarity with user level AD operations is the only requirement besides command-line of Windows & Linux.

Students should bring:
Laptop with:
- 80+ GB free hard disk space
- 8+ GB RAM
- VirtualBox / VMWare installed on the machine
- Administrative access on the system and BIOS
- External USB access allowed

Setup instructions will be sent over as part of pre-course communication. On-site help can be provided with regards to VM Setup but would absolutely need administrative access on laptop OS as well as BIOS.

DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Prashant Mahajan

- 16 hours of training with a certificate of completion.

- 2 coffee breaks are provided per day
- Note: Food is not included

 

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.