Detailed Course Outline
Course Introduction Module 1 Introduction to PowerShell a. Different Tool Options b. Installing everything needed c. Language Basics d. Using the Windows API and WMI e. Interacting with the Registry f. Managing Objects and COM Objects Module 2 – Introduction to Active Directory and Kerberos a. Overview of Kerberos b. The three-headed monster c. Key Distribution Center d. Kerberos in Detail e. Why we care about Kerberos as a Hacker f. Overview of Active Directory g. Understanding AD concepts h. AD Objects and Attributes Module 3 – Pen Testing Methodology Revisited a. Introduction to the methodology b. The Plan!! c. Vulnerability Identification d. Client-side attacks with and without PowerShell Module 4 – Information Gathering and Enumeration a. What can a domain user see? b. Domain Enumeration c. Trust and Privileges Mapping d. After the client exploit Module 5 – Privilege Escalation a. Local Privilege Escalation b. Credential Replay Attacks c. Domain Privilege Escalation d. Dumping System and Domain Secrets e. PowerShell with Human Interface Devices Module 6 – Lateral Movements and Abusing Trust 1. Kerberos attacks (Golden, Silver Tickets and more) 2. Delegation Issues 3. Attacks across Domain Trusts 4. Abusing Forest Trusts 5. Abusing SQL Server Trusts 6. Pivoting to other machines Module 7 – Persistence and Bypassing Defenses a. Abusing Active Directory ACLs b. Maintaining Persistence c. Bypassing Defenses d. Attacking Azure Active Directory Module 8 – Defending Against PowerShell Attacks a. Defending an Active Directory Infrastructure b. Detecting Attacks c. Logging d. Transcripts e. Using Certificates f. Using Bastion Hosts g. Using AppLocker Detailed Labs Outline: Lab 1 – PowerShell Basics a. Understanding the Lab Setup b. PowerShell or Powershell ISE c. Leveraging Microsoft’s Management Components Lab 2 – Active directory Navigation Lab 3 – Metasploit Attack Lab 4 – PowerShell Enumeration a. Basic Enumeration from a Windows System b. Basic Enumeration from Kali Lab 5 – Guessing Passwords a. Guessing Passwords with .NET b. Guessing Passwords with DSQuery c. Guessing Passwords with Kali and Powershell Lab 6 – AD Golden Ticket a. Finding AD SPN Accounts b. Stealing an AD Golden Ticket Lab 7 – Using PowerShell Empire for Everything