Advanced Windows Active Directory Penetration Testing

Focused View

7:29:38

0 View

1 - Module 00 Welcome

1 -Welcome!.mp4

01:12

2 -whoami.mp4

01:00

3 -Why This Course.mp4

01:54

4 -Course Expectations.mp4

01:44

5 -Target Audience.mp4

00:55

6 -Course Road Map.mp4

03:33

2 - Module 01 Introduction To Penetration Testing

1 -Module Introduction.mp4

01:11

2 -What Is Penetration Testing.mp4

01:46

3 -Why Penetration Testing.mp4

02:08

4 -Penetration Testing Limitations.mp4

06:58

5 -Penetration Testing Logistics.mp4

10:25

6 -Attack Kill Chain.mp4

04:46

6 -mitre att&ck framework.zip

6 -the cyber kill chain.zip

6 -the unified kill chain.zip

7 -Module Summary.mp4

01:10

3 - Module 02 Active Directory Overview

1 -Module Introduction.mp4

02:12

2 -Active Directory Simplified.mp4

08:05

2 -active directory domain services overview.zip

3 -Domain Trust Simplified.mp4

04:59

3 -attacking domain trusts.zip

4 -Kerberos Authentication Simplified.mp4

08:13

5 -Module Summary.mp4

00:38

4 - Module 03 Active Directory Lab Setup

1 -Active Directory Lab Setup Introduction.mp4

02:49

2 -Lab Topology Overview.mp4

01:15

3 -Lab Host Specs.mp4

00:43

4 -Lab Host Tools Installations.mp4

02:53

4 -chocolatey installation.zip

4 -vagrant installation.zip

5 -Deploying Lab Virtual Machines.mp4

09:24

5 -child domain controller vm.zip

5 -child domain server vm.zip

5 -child domain workstation vm.zip

5 -external forest domain controller vm.zip

5 -external forest domain server vm.zip

5 -pentesters kali vm.zip

5 -primary domain controller vm.zip

5 -primary domain workstation vm.zip

5 -vagrantfile.zip

5 - Module 04 Initial Access

1 -Pentest Engagement Introduction.mp4

02:20

2 -Initial Access Introduction.mp4

03:12

3 -Kali Linux Setup.mp4

05:18

3 -bloodhound.zip

3 -ghostpack.zip

3 -rusthound.zip

3 -targeted kerberoast.zip

4 -ANNOUNCEMENT Phonebook.cz Is Now A Paid Service.mp4

02:07

5 -Username Enumerations via OSINT (Phonebook).mp4

04:31

6 -Username Enumerations via OSINT (CrossLinked).mp4

02:15

6 -crosslinked.zip

7 -Username Enumerations via OSINT (Default Service Accounts).mp4

02:24

7 -default service accounts.zip

8 -LDAP 101.mp4

04:59

8 -understanding ldap.zip

9 -Network Mapping - AD DS Enumerations with Dig.mp4

02:39

10 -Network Mapping - NetBIOSSMB Enumerations with NetExec and nbtscan.mp4

02:39

10 -netexec.zip

11 -Network Mapping - Finding LDAP Servers with nmap.mp4

01:12

12 -Network Mapping - Finding Domain Controllers with nslookup.mp4

01:14

13 -Network Mapping - Active Network Scanning with nmap.mp4

04:15

14 -Network Mapping - Taking Screenshots with gowitness.mp4

02:36

14 -gowitness.zip

15 -Network Mapping - Target Development.mp4

02:58

16 -Password Spraying 101.mp4

10:35

17 -SMB vs Kerberos Password Spray Traffic Analysis with Wireshark.mp4

04:38

18 -Password Spray Attack with kerbrute.mp4

02:44

19 -Local Administrator Access Checks.mp4

00:53

20 -Dumping AD Users with NetExec, Impacket-GetADUsers and ldapsearch.mp4

03:58

21 -NBNSLLMR 101.mp4

04:57

22 -Abusing NBNSLLMR with Responder.mp4

06:56

23 -Responder Tip.mp4

03:08

24 -Cracking Responder Hashes with Hashcat.mp4

01:31

25 -NTLM Relay 101.mp4

06:36

26 -NTLM Relay Attack with NetExec, Responder and Impacket.mp4

10:11

27 -AS-REP Roasting 101.mp4

01:57

27 -as-rep roasting.zip

28 -AS-REP Roasting Attack with Impacket and Hashcat.mp4

01:33

29 -Cracking AS-REP Roasting Hash with Hashcat.mp4

00:43

30 -HOW TO Abusing IPv6 for Domain Enumeration wit mitm6 and Impacket.mp4

03:18

31 -Module Summary.mp4

01:59

6 - Module 05 Network Propagation

1 -Network Propagation Introduction.mp4

02:26

2 -SITUATIONAL AWARENESS.mp4

02:03

3 -Enumerations with NetExec.mp4

11:26

3 -netexec.zip

4 -Vulnerability Checks with NetExec.mp4

01:42

5 -BloodHound 101.mp4

01:53

5 -bloodhound.zip

6 -BloodHound Setup I.mp4

02:03

7 -BloodHound Setup II.mp4

00:43

8 -BloodHound Data Ingestion.mp4

03:25

8 -rusthound.zip

9 -Enumerations with BloodHound.mp4

19:02

9 -bloodhound cypher query cheatsheet.zip

9 -bloohound cypher queries.zip

10 -PRIVILEGE ESCALATION.mp4

03:08

11 -Kerberoasting 101.mp4

04:49

12 -Privilege Escalation via Kerberoast Attack.mp4

06:25

12 -kerberoasting attack.zip

13 -Kerberos Delegations 101.mp4

02:43

14 -Unconstrained Delegation Overview.mp4

02:43

14 -kerberos unconstrained delegation.zip

14 -s4u2pwnage.zip

15 -Privilege Escalation via Unconstrained Delegation Attack.mp4

15:53

15 -exploiting unconstrained delegation.zip

15 -unconstrained delegation.zip

16 -Constrained Delegation Overview.mp4

01:55

17 -Privilege Escalation via Constrained Delegation Attack.mp4

07:04

18 -Resource-Based Constrained Delegation (RBCD) Overview.mp4

03:12

18 -kerberos resource-based constrained delegation computer object takeover.zip

19 -Privilege Escalation via Resource-Based Constrained Delegation Attack.mp4

04:20

20 -Resource-Based Constrained Delegation Attack Clean Up.mp4

00:51

21 -LATERAL MOVEMENT.mp4

04:43

22 -Lateral Movement via PS-Remoting.mp4

03:13

23 -Lateral Movement via Remote Desktop Protocol (RDP).mp4

03:24

23 -enable restricted admin using powershell and use mimikatz for rdp.zip

24 -Lateral Movement via Pass-the-Ccache.mp4

01:49

25 -DOMAIN DOMINANCE.mp4

01:12

26 -Golden Ticket 101.mp4

03:52

26 -list of sids.zip

26 -sid filtering.zip

27 -Persistence via Golden Ticket Attack.mp4

03:59

28 -Silver Ticket 101.mp4

02:08

29 -Persistence via Silver Ticket Attack.mp4

03:07

30 -Diamond Ticket 101.mp4

02:49

30 -a diamond ticket in the ruff.zip

30 -diamond tickets.zip

31 -Persistence via Diamond Ticket Attack (High Privileged Account).mp4

04:17

32 -Persistence via Diamond Ticket Attack (Low Privileged Account).mp4

02:00

33 -Sapphire Ticket 101.mp4

01:39

33 -sapphire tickets.zip

34 -Persistence via Sapphire Ticket Attack.mp4

02:25

34 -sapphire tickets.zip

35 -Domain Trust 101.mp4

05:21

35 -trusts.zip

36 -Domain Trust Abuse via Golden Ticket Attack (Manual).mp4

05:24

36 -sid-history injection.zip

37 -Domain Trust Abuse via Golden Ticket Attack (Automated).mp4

02:48

38 -Domain Trust Abuse via Trust Key Attack.mp4

03:41

39 -Foreign Domain Group Membership 101 (I).mp4

07:48

40 -Foreign Domain Group Membership 101 (II).mp4

00:25

41 -Domain Trust Abuse via Foreign Group Membership Attack.mp4

02:26

42 -Domain Trust Abuse via Unconstrained Delegation Attack.mp4

04:37

43 -Credential Hunting I.mp4

04:05

44 -Credential Hunting II.mp4

02:28

45 -Credential Hunting III.mp4

00:39

46 -ACL Enumerations with BloodHound.mp4

04:38

46 -abusing active directory aclsaces.zip

46 -more on acls.zip

47 -Abusing ACL via ForceChangePassword Attack.mp4

01:06

48 -Abusing ACL via GenericWrite Attack.mp4

02:54

48 -shadow credentials.zip

49 -Abusing ACL via WriteDACL Attack.mp4

02:41

50 -Abusing ACL via AddSelf To Group Attack.mp4

02:26

51 -DCSync Attack.mp4

01:39

52 -Mapping Forest Trusts.mp4

02:01

53 -Active Directory Certificate Service 101.mp4

05:51

53 -certificate services (ad-cs).zip

54 -AD CS Vulnerability Enumerations with Certipy.mp4

04:03

55 -ESC1 Certificate Template Vulnerability Analysis 101.mp4

02:51

56 -Forest Trust Abuse via AD CS ESC1 Attack.mp4

03:30

57 -ESC2 Certificate Template Vulnerability Analysis 101.mp4

01:42

58 -Forest Trust Abuse via AD CS ESC2 Attack.mp4

02:52

59 -ESC4 Certificate Template Vulnerability Analysis 101.mp4

01:21

60 -Forest Trust Abuse via AD CS ESC4 Attack.mp4

03:29

61 -Forest Trust SID Hopping 101.mp4

02:09

61 -abusing inter-forest trust (forest, external).zip

62 -Cross Forest Trust Abuse via Golden Ticket Attack.mp4

03:49

63 -Cross Forest Trust Abuse via Trust Key Attack.mp4

03:22

64 -Network Propagation Module Summary.mp4

01:09

7 - Module 06 Engagement Closure

1 -Module Introduction.mp4

01:48

2 -Penetration Test Report Writing.mp4

04:06

3 -CyberGen - CLIENT Internal Network Penetration Test Report September 2024.docx

3 -Sample Penetration Test Report Walkthrough.mp4

19:05

4 -Penetration Test Debriefing.mp4

02:18

5 -Module Summary.mp4

00:34

Description

Hone Your Internal Windows AD Pentesting Skills

What You'll Learn?

Overview of Penetration Testing, it's limitations and some logistics in delivering a pentest engagement.
Deploy an Active Directory lab to execute attacks in a safe environment.
Master the fundamentals of Active Directory (AD).
Walkthrough the phases of AD Kill Chain when conducting a Windows Active Directory penetration tests.
Learn to use an external OSINT as part of your internal AD penetration testing process.
Learn Initial Access techniques such as Kerberos-based Password Spray, NTLM Relay, NBNS/LLMNR protocol abuse, AS-REP Roasting, etc.
Learn Network and Domain Enumeration techniques, both manually and semi-automatically using tools such as Dig, Nslookup, NetExec, BloodHound, etc.
Learn Domain Privilege Escalation and Lateral Movement techniques by abusing Kerberos Protocol for attacks such as Kerberoasting, Kerberos Delegations, etc.
Learn Domain Privilege Escalation and Lateral Movement techniques by abusing misconfigured Active Directory Access Control Lists (ACLs).
Learn Domain Privilege Escalation and Lateral Movement techniques by abusing general misconfigurations and poor AD User habits.
Abuse misconfigured Active Directory Certificate Services for Privilege Escalation and Dominance.
Learn Domain Persistence techniques such as Golden Ticket, Silver Ticket, Diamond Ticket, Sapphire Ticket.
Explore different advanced techniques in Cross Domain and Cross Forest attacks such as SID Filtering bypass, etc.
Writing a Penetration Testing Report that will help your client in prioritizing and addressing discovered attack vectors and vulnerabilities.

Who is this for?

Penetration testers

Ethical hackers

Red teamers

Blue teamers

Digital forensic specialist who want to better understand offensive tactics.

IT security professionals seeking to enhance their Active Directory penetration testing expertise.

System administrators responsible for securing Active Directory environments.

Security enthusiasts looking to deepen their understanding of advanced AD attacks.

What You Need to Know?

Basic Foundation in Active Directory: A basic understanding of core Active Directory concepts such as User Accounts, Groups, Group Policy, and Domain Name System (DNS) is essential.

Basic Networking Knowledge: Familiarity with network protocols such as TCP/IP, firewalls, and network segmentation is recommended.

Command Line/Terminal Experience: Comfortable navigating the Windows and Linux command line/terminal and using basic commands is necessary.

Penetration Testing Experience: Experience in conducting penetration testing.

Willingness to Learn: Penetration testing is a constantly evolving field. A dedication to continuous learning is essential for success.

Determination and Patience: Penetration testing can be challenging. Be prepared to invest time and effort to master these advanced techniques.

Solid Computer: A computer with at least 32 Gig of RAM and 300 Gig of free Hard Drive space. A Windows OS is preferable.

More details

Description
Windows Active Directory (AD) has been the center stage for most corporate infrastructure for decades. Hence, it is crucial for security professionals to grasp the intricacies and threats associated with Windows infrastructures.
Active Directory Penetration Tests offer a better way for security experts to analyze and engage with the threats present in modern AD environments. This course, suitable for experienced pentesters and anyone interested in taking their pentesting to the next level, includes loads of detailed videos and thorough walkthroughs of attack scenarios and vectors, built upon extensive practical experience and dedicated research in compromising Windows AD ecosystems.
This course emulates real-world attack scenarios, beginning with an adversary with nothing but just a network-level access and no Active Directory-level access to obtaining an initial foothold, laterally moving withing the network and escalating privileges to that of Enterprise Administrator level. The emphasis lies on abusing often-overlooked domain features rather than merely software vulnerabilities.
Key areas of focus include:
External OSINT
Initial Access via Kerberos-based Password Spray, Network Protocol Abuses, etc.
Active Directory Situational Awareness
Privilege Escalation via Kerberoasting, Kerberos Delegations, Access Control Lists, etc.
Persistence via Golden Ticket, Silver Ticket, Diamond Ticket, Sapphire Ticket, etc.
Abusing Active Directory Certificate Services (AD CS)
Domain and Forest Trust Abuses
Penetration Testing Report Writing
Who this course is for:
Penetration testers
Ethical hackers
Red teamers
Blue teamers
Digital forensic specialist who want to better understand offensive tactics.
IT security professionals seeking to enhance their Active Directory penetration testing expertise.
System administrators responsible for securing Active Directory environments.
Security enthusiasts looking to deepen their understanding of advanced AD attacks.

User Reviews

Rating

average 0

Total votes0

Focused display

Active Directory

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.