Attacking Active Directory with Linux Lab Objective:
Attacking Active Directory with Linux (LinuxAD) is a training environment and playground. Students get access to dedicated lab setup (not shared with other students).
The lab contains a Linux based machine to execute attacks and a target AD setup. The target AD is a fully patched AD environment with all Server 2019 machines.
Students can practice techniques like network discovery, enumeration, abusing file shares, bypassing AMSI and Windows Defender, metasploit payloads, domain enumeration, credentials spraying and reuse, extracting secrets, testing LOLBAS, evading application whitelisting, SQL Server abuse, pivoting, ACL abuse, exploiting delegation, domain privilege escalation and more!
There are 30 flags to capture across various categories. The flags help in further understanding key concepts like credentials storage in Windows, local privilege escalation, application whitelisting enumeration, extracting secrets from SQL Server, WMI permanent events, manipulating windows firewall etc.
The lab is beginner friendly and comes with a lab manual and 6+ hours of video content containing course and walk-through!
If you need advanced labs, check out our Red Team labs
What will your learn?
The LinuxAD lab enables you to:
- Understand and practice the basics of attacking Active Directory using metasploit and other tools.
- Understand how to approach attacking Windows Server 2019 machines.
- Practice popular tools to understand the techniques they implement.
- Learn to execute memory-only attacks from Linux against Windows machines.
- Basic familiarity with Linux command line
- Basic understanding of information security concepts
I. Network Discovery and Enumeration
- Use port scanning and other techniques to find target machines in the network
- Find open shares on target machines and abuse them
II. Bypassing AMSI and Windows Defender
- Use publicly known bypasses of AMSI and Windows Defender to run metasploit payloads from memory
- Enumerate and abuse exclusions for Windows defender
III. Generating and using Metasploit payloads
- Generate metasploit payloads using msfvenom
- Using metasploit payloads with an AMSI bypass stager from memory
IV. Active Directory Enumeration
- Enumerate AD using PowerShell, .Net and Python tools.
- Find interesting information like delegation issues, credentials in clear-text etc.
- Enumerate and abuse Restricted Groups.
V. Credentials spraying and re-use
- Understand and Execute efficient password spraying attacks against AD.
VI. Local Privilege Escalation
- Enumerate local users and built-in local groups and abusing their privileges.
- Understand service permissions issue.
VII. Extracting Secrets
- Extract credentials from unattend.xml, Registry Autologon, SAM hive, LSASecrets, lsass process, PowerShell history, application configuration files
VIII. Basics of Application Whitelisting and evading it
- Find application whitelisting solution in use and enumerate its policies.
- Practice methods of evading it.
IX. Abusing SQL Servers
- Enumerating information about SQL Server.
- Abusing Agent jobs to get code execution.
- Find information like emails and CC from databases.
X. Pivoting and Port Forwarding on Windows
- Understanding Kerberos double hop
- Using metasploit and Windows built-in netsh command for pivoting and port forwarding.
- Super simple modification to impacket tools to connect to non-standard ports.
- Understand built-in commands in Windows to play with Windows firewall.
XI. Active Directory ACL Abuse
- Enumerating and abusing ACL permissions in AD
XII. Abusing Unconstrained Delegation
- Find machines with Unconstrained Delegation using PowerShell, .Net and/or Python tools.
- Abuse unconstrained delegation to get credentials of the domain controller.
XIII. Escalating to Domain Administrator
- Execute DCSync attack to extract secrets from DC and escalate to DA.
- Get meterpreter in memory on the DC.
Lab Completion Certificate
Every student who successfully completes the lab and captures all the flags will get a verifiable lab completion certificate.
A certification holder demonstrates the understanding of active directory based attacks and holds the skills to test the most prevalent mis-configurations in enterprise active directory environments.
$199 $149 for 30 Hours Lab Access
Terms of Purchase and Use:
- You get 30 hours of total lab time which must be used within 30 days
- You need a Google account to access to the lab portal as we use login with Google
- Your 30 days subscription will start within 24 hours of purchase once you receive a confirmation email
- Purchase includes access to the videos and lab manual.
- Every student gets a dedicated lab environment that is not shared with other students.