Enterprise Active Directory Attack Playbook for Red and Blue Teams

This training takes place inside a dedicated network, simulating a production environment with a complete Windows/Active Directory deployment.  Students will assume the roles of both an adversary and the defender, starting as a regular desktop user and gradually escalating privileges and moving laterally across the enterprise.  We'll review reconnaissance techniques, discover blind spots, pivot and eventually compromise otherwise-segregated servers.

Students will gain invaluable insights into Active Directory attack, understanding the artifacts that they leave behind and practical preventative and monitoring controls.  To reduce attack footprint and simulate a real adversary, the playbook is exclusively built on Windows scripts and tools.  We will not use Metasploit, Cobalt Strike, etc.

Prerequisites:
As an introductory class, no previous red or blue-team experience is required.  However, students are expected to be familiar with basic Windows and network infrastructure.  Basic Powershell and command-line experience is recommended.

Equipment:
Please bring a laptop computer capable of running at least two Windows 10 VMs (VM image will be distributed prior to class).

Aelon Porat

Aelon Porat is an information security manager at Cision. He has extensive experience attacking and defending corporate environments. Aelon likes to jump inside networks and out of planes, and in his spare time, he enjoys demoing, speaking, and providing training at different events and conferences. Follow him @whereIsBiggles.