Abusing Active Directory (On-prem & Azure)

Active Directory is at the heart of 95% of the Global Fortune 1000. Almost every enterprise in the world uses AD. And steadily organizations are adopting the hybrid setup where Azure Active Directory is becoming part of their identity. Despite this, core security concepts related to AD go misunderstood and often ignored. This allows for commons misconfigurations to prevail, allowing for threat actors to take full control over entire infrastructures. In this course we introduce common Active Directory misconfigurations for both on-premise and Azure, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies. Enumeration deep dive into user account, groups, OUs, GPOs Understanding and enumerating ACLs Lateral movement Different password attacks Understanding authentication protocols and different attacks (NTLM relay, PTH, Over-PTH, etc.) Kerberos deep dive and multiple attacks (AS-REP roasting, kerberoasting, silver ticket, golden ticket) Azure AD connect, user tokens and PRT Understanding different authentication methods Initial access to Azure Privilege escalation and persistence in Azure