- Breaking and Pwning Active Directory
Breaking and Pwning Active Directory
Abhisek Datta & Omair
Trainer Name: Abhisek Datta & Omair
Title: Breaking and Pwning Active Directory
Duration: 3 Days
Dates: 20th - 22nd June 2018
Active Directory is one of the most popular and widely deployed directory service for centralised domain management. It is susceptible to a wide variety of attacks due to vulnerabilities, configuration weaknesses and its inherent architectural complexity. Many large enterprises adopt Active Directory based domain management practises and hence its security is of prime concern for enterprise administrators and security auditors.
In this tools and technique oriented training, the participants will be taken to a journey of discovering, enumerating and exploiting various services in a Active Directory enviroment. Participants will start as an outsider in the domain environment with only network level access. Using a combination of recon, exploitation and post-exploitation techniques, the participants will be able to perform multi-staged attacks to finally obtain domain administrator privilege. The training will conclude by discussing various lateral movement and persistence techniques to spread and maintain access in a compromised domain environment once domain administrator privilege is obtained.
- Attackers intro to Active Directory and Domain Management
- Network Discovery and Fingerprinting
- Active Directory Recon
- Domain Discovery
- Trust Mapping
- Users and Group Discovery
- Computer Discovery
- User Hunting
- Exploiting Network Services
- Client Side Attacks
- Domain Credential Harvesting
- Kerberos Attacks
- Pass the Ticket
- TGS Cracking
- Lateral Movement
- PsExec/WMIExec with Hash/Ticket (PtH/PtT)
- Rogue GPO
- PowerShell Remoting
- Golden Tickets
- Silver Tickets
- Backdooring Domain Controller
- Experience with vulnerability assessment and penetration testing.
- Basic knowledge of TCP/IP network protocol.
- Familiarity with virtualization software like VMware/VirtualBox
What to expect
A live Active Directory environment to perform various attacks for gaining domain administrator privilege and to maintain access using various Active Directory specific persistence techniques.
What to bring
- A laptop with administrator privileges.
- Minimum 50 GB of free hard hisk space.
- Minimum 4 GB RAM for virtual machines.
- Laptop should have a ethernet and wifi capability.
- VM Player or VMWare Workstation installed.
Abhisek Datta is a Security Researcher and Consultant with over 10+ years of experience. His core area of expertise includes Penetration Testing, Vulnerability Analysis, Exploit Development, Reverse Engineering & Malware Analysis and Source Code Review. He has been involved in multiple high profile Reverse Engineering and Penetration Testing projects in the past for clients in India and abroad. He has multiple CVE's under his name for reporting vulnerabilities in various products. Some of CVE's reported by him CVE-2014-4117, CVE-2015- 0085, CVE-2014-6113, CVE-2015-1650, CVE-2015-1682, CVE-2015- 2376, and CVE-2015-2555.
At present he heads the technology team at Appsecco Consulting Pvt. Ltd. and is responsible for security tools develoment and process automation.
Omair has over eight years of experience in penetration testing, vulnerability assessment and network security. He has been responsible for maintaining a secure network for mission critical applications. His area of work includes Vulnerability Assessment, Security Audits, Penetration Test, Source Code Reviews and Trainings.
He was led penetration tester for various clients in the telecom, retail,government and banking sector based in India, Saudi, Morocco,Mauritius, UAE, Kuwait, Oman and Bahrain with a team size varying from 5-8 members.
He has also published security advisories pertaining to various vulnerabilities in commonly used software like Excel, Real Player, Internet Explorer and Chrome. His area of expertise includes VulnerabilityResearch, Reverse Engineering and Fuzzing. Some of the latest CVE's reported by him CVE-2015-1240, CVE-2015-1668, CVE-2015-0043, CVE-2015-0042, CVE-2014-4128, CVE-2014-6354, CVE-2014-4145, CVE-2014-4050, CVE-2014-1772, CVE-2014-0313, and CVE-2014-0263.
Omair has various industry certification under his name.
- OSCP Offensive Security Certified Professional
- CEH Certified Ethical Hacker
- RHCE Red Hat Certified Engineer
- VCP VMware Certified Professional
- JNCIS-JES Juniper Networks Certified Internet Specialist, Enhanced Services
- JNCIA-EX Juniper Networks Certified Internet Associate, Enterprise
- IBM Certified System Expert - System x Blade Centre Technical Switching Support V5
- IBM IBM System x Technical Principles V9
- HP Accredited Platform Specialist - Proliant ML / DL Servers