Advanced Pen Testing Techniques for Active Directory

Explore concrete, practical strategies for penetration testing Active Directory to prevent enterprise cybersecurity threats.

Introduction

• Understand and test the security of identity providers
• What you should know
• Disclaimer

1. Introduction to Identities

• Understand Active Directory's role in security
• The LDAP protocol
• Interact with LDAP at the command line
• The LDAPAdmin tool
• What is Active Directory?
• Interact with Active Directory at the command line
• Access LDAP services with a GUI client
• Add users and computers to a domain
• Active Directory security audit

2. Testing Active Directory

• Set up for testing
• Extract the AD hashes
• Password spraying Active Directory
• Kerberos brute-forcing attacks
• Use CrackMapExec to access and enumerate AD
• Investigate the SYSVOL share
• Take advantage of legacy data

3. Advanced Penetration Testing

• Specific Active Directory attacks
• Remote extraction of AD hashes
• Carry out a Kerberos roasting
• Run a no-preauthentication attack
• Forge a golden ticket
• Running a shadow attack
• Using rubeus to take over the domain
• Relaying attacks to get a certificate
• Using smartcards to gain privileged access
• Set the BloodHound loose

Conclusion

• Next steps