Active Directory Pentesting Engineer

Active Directory components

Trees and forests in Active Directory

Interacting with AD (admin, client and hacker tools and commands)

Basic Active Directory enumeration

Why Entra ID?

Introduction to Entra ID

Difference between Entra ID and on-prem AD

Understanding security principles

Deep dive into security contexts

Understanding SID/RID and their abuses

Hunting for interesting users

What are groups and OUs and why do we need both

Understanding types, scopes and attributes

Enumerating and hunting for interesting groups and OUs

Understanding ACEs, ACLs, DACLs and SACLs

Practical examples of bad and exploitable permissions

Enumerating and honing on bad permissions

Abusing bad permissions for privilege escalation

Understanding GPOs and their typical uses

Enumerating and identifying exploitable GPOs

Exploiting GPOs for persistence and escalation

How lateral movement happens in AD environments

Abusing different protocols for lateral movement

Bloodhound for offense and defense

Bloodhound setup and basic queries

Custom queries with Bloodhound

Password profiling

Understanding password policies

Enumerating password policies

Password spraying

Username enumeration in Entra ID

Safe password spraying

Conditional Access Policies and possible bypasses

Different types of hashes

Understanding MS-NLMP

Capturing NTLMv2 hashes

Understanding LSASS

Dumping LSASS

Pass-the-hash

Kerberos deep dive

Finding and exploiting AS-REP Roastable accounts

When and how to Kerberoast

Silver Ticket Attack

Golden Ticket Attack

Delegation Attacks