Red Team Fundamentals for Active Directory
June 27 @ 11:00 am – 4:00 pm EDT
Instructor: Eric Kuehn
Course Length: 8 Hours
Includes: Six months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
The Red Team Fundamentals for Active Directory course is an 8-hour class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests. The goal is not only to cover different attacks but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity. This combination opens the course to those looking to hone their offensive skills as well as those who are protecting an enterprise network.
The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques. The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations that are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access. Ultimately, the students will gain full control of an AD Forest.
While in class, students will be provided access to a lab containing realistic targets and tools to learn both the attacks and defenses of Active Directory. This environment enables the attendees to understand how the covered techniques are used in the real world.
- Active Directory Concepts & Exploitation
- Forests, Domains, and Domain Controllers
- Attributes and Data Replication
- OUs and ACLs
- Group Policy Objects
- Authentication Protocols
- Boundary between Windows systems and Active Directory
Who Should Take This Course
While attendees don’t necessarily need any prior security experience to take this course, they will get the most out of it with a basic grasp of the following:
- Windows Operating Systems
What Each Student Should Bring
A laptop with internet access
Before coming to Secure Ideas, Eric Kuehn spent close to 20 years working with enterprise scale Microsoft infrastructures for large Fortune 100 companies. Since its release, his core focus has been Active Directory. He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures used by one of the world’s largest financial institutions. This included ongoing maintenance and major enhancements of not only a highly secure authentication environment, but also of all the supporting toolsets required to monitor its health and integrity. This experience has given him a very strong knowledge of a variety of Microsoft products and best practices. Now that Eric has moved to consulting with Secure Ideas, he continues to utilize his knowledge of Active Directory, both in exploiting common configurations in penetration tests as well as providing training and awareness briefings to multiple audiences.