24-27 Sep. 2024
9:00 - 18:00
10% OFF
€ 2.700,00
Mere vulnerability scanning has been rendered obsolete, in particular for more conscious and mature organizations. Penetration testing, red team and purple team engagements against Active Directory environments deployed on the premises require, among others, robust knowledge of the relationships between domain objects and of the Kerberos protocol, in order to meet their goals.
Although many tools have been made available which aid in the enumeration of domain environments and the discovery and abuse of misconfigurations thereof, they are rarely used efficiently. Rather than the tools themselves, this most often stems from the fundamental misconception and misinterpretation of those relationships and protocols in place. In consequence, contributing to further confusion and to the failure to attack and defend a domain environment appropriately. Standing on the shoulders of giants in the industry, the Advanced Active Directory Exploitation (AADE) course provides a meticulous and thorough examination of domain object relationships and of the quite complicated Kerberos protocol, the latter being scrutinized on a request and response level.
The end goal being to enable attackers and defenders into engaging with domain environments deployed on the premises with efficiency and precision. This is achieved by comprehensive theory in conjunction with a series of practical exercises within a unique to each student domain environment.
TRAINING TOPICS
SensePost, an elite ethical hacking team of Orange Cyberdefense have been training internationally since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0-day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.
John Iatridis is an intensely pedantic security analyst as SensePost, with academic background in computer engineering and informatics, and various information security certificates, although he would not list those right next to his LinkedIn profile name. He has trained internationally at conferences like Black Hat and DefCon.
Extensive hacking experience is not required for this course, albeit a solid technical grounding is an absolute must. We recommend familiarity with the Windows operating system and its command line at a minimum.
MODULE 1: Windows authentication and access tokens
MODULE 2: Relayed and coerced authentication
MODULE 3: Domain object relationships
MODULE 4: Group Policy Objects
MODULE 5: Kerberos Protocol
MODULE 6: Domain Compromise
MODULE 7: Domain Trust Relationships
MODULE 8: Bonus Content
RomHack is made with 🤍 by Cyber Saiyan
Support us making a donation or becoming a member
[ Code of Conduct ]
Cyber Saiyan Ente del Terzo Settore – C.F. (FC) 97958200582 – VAT 14669161003