Attacking Active Directory

Buy $150.00

Course Overview

Welcome to this course on Active Directory Ethical Hacking. All you need is a positive attitude and a desire to learn.

Course curriculum

1. How to Connect to the Lab - Windows
2. How to Connect to the Lab - Linux/Kali/Parrot
3. Intro to the lab and course
4. Do You Lab Access?
1. Lab Diagram V2
2. Anonymously Quering or Binding LDAP To Enumerate Active Directory
3. Enumerate Users Anonymously - CME
4. Enumerate Users Anonymously - RPC
5. Enumerate Users Anonymously - enum4linux
6. Enumerate Guest Access on Shares - CME
7. Read about Anonymously Binding Querying Active Directory
1. I love Responder
2. The importance of SMB signing How criminals can (potentially) take over the entire network if SMB signing is not enabled
3. responder + ntlmrelayx + proxychain = SAM Database DUMP
4. Socks Relay to Dump lsassy
5. responder + ntlmrelayx + proxychain + DonPapi & wmiexec.py
6. Pass-The-Hash - wmiexec.py
7. Pass-The-Hash - Evil-WinRm
8. Pass the Hash with CrackMapExec
9. Coerced auth smb + ntlmrelayx to ldaps with drop the mic
1. Exploiting Username - ASREP
2. Password Spray
3. User listing with GetADUsers and ldapsearch
4. Kerberoasting User Accounts
5. Setting Up PowerView
6. Get-NetUser
7. Get-NetGroup
8. Get-NetComputer
9. Invoke-ShareFinder
10. Get-NetGPO
11. Get-ObjectAcl
12. Get-NetDomainTrust
13. PowerView Bible
1. NoPac Exploit From Linux With NoPAC.py
2. NoPac Exploit From Windows With NoPAC.exe
3. PrintNightmare - BRONX
4. PrintNightmare - BALTIMORE$
5. Constrained Delegation With Protocol Transition - User:Elena.Lopexz
6. Constrained Delegation Without Protocol Transition - Server:Yonkers$
7. Resource Based Constrained Delegation - Server:NYC$
8. Enumerate Trust
9. Foreign group and users
10. IIS - Webshell
11. Getting a Better Shell
12. SeImpersonatePrivilege With Invoke-BadPotato.ps1
1. Enumeration 1 - Users, Groups, Computers
2. Enumeration 2 - Arp, Tokens, Patches
3. Enumeration 3 - Shares, SMB, and More
4. Back Door Add User
5. HashDump With Metasploit
6. Lateral Movement With Metasploit
7. DsSync With Metasploit from NT Autority/System to Administrator
8. Golden Ticket with Metasploit
9. BackDoor Meterpreter Service
1. Blooodhound & Neo4j Install
2. Hunting with bloodhound Collector
1. ADCS reconnaissance and enumeration (with certipy and bloodhound)
2. coerce to domain admin with petitpotam - ESC8
3. coerce to domain admin with certipy- ESC8
4. ADCS Exploitation with certipy - ESC1
5. ADCS Exploitation with certipy - ESC2 & ESC3
6. ADCS Exploitation with certipy - ESC4
7. ADCS Exploitation with certipy - ESC6
8. Certifried with certipy - CVE-2022–26923
9. Shadow Credentials with certipy
1. Recon ACL with BloodHound
2. ForceChangePassword
3. GenericWrite - (Target Kerberoasting)
4. WriteDacl on User
5. Add self on Group
6. AddMember on Group
7. WriteOwner on Group
8. Generic all on user
9. GPO abuse
10. LAPS Read Password Abuse
1. Enumerate MSSQL servers with GetUserSPNs & NMAP
2. Enumerate MSSQL servers with CrackMapExec and Impacket
3. Exploiting MSSQL - impersonate - execute as login
4. Exploiting MSSQL - Coerce and relay
5. Exploiting MSSQL - trusted links
6. Exploiting MSSQL - Command execution to shell - Yonkers
7. Exploiting MSSQL - Command execution to shell - Salisbury

About this course

$150.00
82 lessons
10.5 hours of video content

What Users Say About Us

“This was a fun course. The teacher put a lot of time and effort towards this course. It is easy to follow, and I recommend anyone to also purchase the lab, which is key to learn everything. ”

“The course was great and easy to follow along. I thought I wasn't going to learn much since I have taken other courses, but I was wrong!! My favorite part was the MSSQL and the ADCS exploits! ”

“Yes, it was a great course! It was long but definitely worth! I learned a lot of new skills that is going to help myself and my company. Also, the fact that there is a lab you can follow. It is awesome!!!!”