Abusing Active Directory
2-Day Training | Hybrid
| 22-23 November 2021

Abusing Active Directory

In this course we introduce common Active Directory misconfigurations, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies.
Subject Matter Expert
Co-Founder - Head of Penetration Testing / Red Teaming, Malcrove LLC

Available seats

TBA

Difficulty

Beginner
US$ 2,299

Attend in-person

at ADNEC Abu Dhabi

Attend online

via livestream

Date

22-23 November 2021

Time

09:00 to 17:00 GST/GMT+4

Active Directory is at the heart of 95% of the Global Fortune 1000. Almost every enterprise in the world uses AD. However, common misconfigurations prevail, allowing for threat actors to take full control over entire infrastructures. Despite this, core security concepts related to AD go misunderstood and often ignored.

In this course we introduce common Active Directory misconfigurations, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies.

From our experience the audience that most benefited from the course are:

▪ Junior penetration testers
▪ SOC L1, L2 analysts
▪ System administrators

Although this is beginner-friendly course, it does require some basic prerequisites. Attendees should be familiar with concepts such as:

▪ Hashing
▪ Encryption
▪ Password cracking
▪ Etc

+Testimonials

You explains the things really well and in simple english. I know what DACL ,SACL were. But I know how frustrating they where when I learned about them last year. You explained it really well that a beginner can understand.

As usual, Tarek is the man. This course is very well thought out and he explains every topic thoroughly. Very well put together, great pace, highly interesting – plus you get labs to see exploits done in real time. Highly recommended!

It was really a great class. You explained it really well unlike other courses in which the instructors just put so many things at the same time. + it was really fun in your class.  Awesome work.

I really recommend this course when its published. Its beginner friendly and will give you a lot of information about Active Directory and how the compromise usually happening. Again, Thank you Tarek for your efforts! – Farhan Alkhubize, 1st Cyber Security Officer

Thank you, Tarek was very informative course and one of my dreams come true is to understand  Kerberos 🙂

+agenda

Title

Details

Date

Active Directory introduction

– Components
– Trees and forests
– Enumeration

22-23 November 2021
User Account deep dive

– Security principles
– Security contexts
– SID/RIDs
– UPN
– User enumeration

22-23 November 2021
Groups and OUs

– Types and scope
– Difference between groups and OUs
– Attributes
– Enumerating group and OUs

22-23 November 2021
Computer Objects

– Understanding and enumerating computer objects

22-23 November 2021
Access Control

– ACEs
– ACLs
– DACLs/SACLs
– Understanding bad permissions
– Enumerating permissions
– Abusing permissions

22-23 November 2021
Password Attacks

– Password profiling
– Understanding password policies
– Enumerating password policies
– Password spraying

22-23 November 2021
Lateral Movement

– PSExec, WMI, PS

 

22-23 November 2021
Hash and Authentication Protocols

– Different types of hashes
– MS-NLMP
– Capture NTLMv2 hashes

22-23 November 2021
Dumping Hashes

– Understanding LSASS
– Understanding Mimikatz modules and output
– Pass the hash

22-23 November 2021
Kerberos

– Kerberos deep dive
– AS-REP Roasting
– Kerberoasting
– Silver Ticket
– Golden Ticket

22-23 November 2021

Book your spot for this training

+TRAINERS

Tarek Naja
Subject Matter Expert

Tarek Naja carries an Msc. in Information Security, and is an OWASP chapter leader with 14 years experience in security between EU and GCC. He started his career in penetration testing where he transitioned to lead teams across multiple geographies for Fortune 500 customers. He regularly trains regionally on the art of network hacking and Kali Linux. He has taught hundreds of students in the UAE alone and thousands of students online.

He is an Arabic native and fluent English speaker. In this video below, Tarek explain AS-REP Roasting, a topic that is covered in more details in his training:

https://www.youtube.com/watch?v=3GvcfQSOj5E

Khalifa AlShamsi
Co-Founder - Head of Penetration Testing / Red Teaming, Malcrove LLC

Khalifa started his Penetration Testing career in 2014. He is a founder of Malcrove. Companies specialize in Managed Cyber Defense and Offensive Security services, where he led more than 60 projects in Penetration Testing and Red Teaming. He has worked as Strategic Technical Advisor to many organizations in UAE and worked on multiple projects such as developing Penetration Testing tools and discovering vulnerabilities.

Khalifa has also participated as an assistant trainer at BlackHat course “Attacking and Securing APIs” and led OWASP chapter from 2014 till 2017.

+OTHER COURSES YOU MIGHT BE INTERESTED IN

x86-64 All You Can Learn Buffet!
US$ 4,299
x86-64 All You Can Learn Buffet!

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
4-Day Training Hybrid
x86-64 Reset Vector Firmware
US$ 2,299
x86-64 Reset Vector Firmware

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 OS Internals
US$ 2,299
x86-64 OS Internals

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 Assembly
US$ 2,299
x86-64 Assembly

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
2-Day Training Hybrid