Advanced Pen Testing Techniques for Active Directory

سرفصل های دوره

As a security professional, one of your most important jobs is to make sure that only authorized users have access to your system. Most often, this is achieved via credential-based access control, where credentials are stored in central directories like Microsoft Active Directory (AD). But are you really ready to handle an unexpected cyberattack?

In this course, instructor Malcolm Shore gives you an overview of Active Directory, including how to enumerate it and validate its security with penetration testing. Explore the core concepts of penetration testing and why it’s so important for enterprise security management. Learn how AD interacts with identity providers and how you interact with it at the command line using LDAP protocol as well as through Powerpoint. Malcolm teaches you some key tricks and gives you examples of how to get the most out of your audits by understanding and utilizing spray attacks, hash extractions, impacket libraries, and brute force attacks.

01 - Introduction

01 - Understand and test the security of identity providers

02 - What you should know

03 - Disclaimer

02 - 1. Introduction to Identities

01 - Understand Active Directorys role in security

02 - The LDAP protocol

03 - Interact with LDAP at the command line

04 - The LDAPAdmin tool

05 - What is Active Directory

06 - Interact with Active Directory at the command line

07 - Access LDAP services with a GUI client

08 - Add users and computers to a domain

09 - Active Directory security audit

03 - 2. Testing Active Directory

01 - Set up for testing

02 - Extract the AD hashes

03 - Password spraying Active Directory

04 - Kerberos brute-forcing attacks

05 - Use CrackMapExec to access and enumerate AD

06 - Investigate the SYSVOL share

07 - Take advantage of legacy data

04 - 3. Advanced Penetration Testing

01 - Specific Active Directory attacks

02 - Remote extraction of AD hashes

03 - Carry out a Kerberos roasting

04 - Run a no-preauthentication attack

05 - Forge a golden ticket

06 - Running a shadow attack

07 - Using rubeus to take over the domain

08 - Relaying attacks to get a certificate

09 - Using smartcards to gain privileged access

10 - Set the BloodHound loose

05 - Conclusion

01 - Next steps

189,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)