Active Directory Pentesting Engineer

1. Active Directory components

2. Trees and forests in Active Directory

3. Interacting with AD (admin, client and hacker tools and commands)

4. Basic Active Directory enumeration

5. Why Entra ID?

6. Introduction to Entra ID

7. Difference between Entra ID and on-prem AD

8. Understanding security principles

9. Deep dive into security contexts

10. Understanding SID/RID and their abuses

11. Hunting for interesting users

12. What are groups and OUs and why do we need both

13. Understanding types, scopes and attributes

14. Enumerating and hunting for interesting groups and OUs

15. Understanding ACEs, ACLs, DACLs and SACLs

16. Practical examples of bad and exploitable permissions

17. Enumerating and honing on bad permissions

18. Abusing bad permissions for privilege escalation

19. Understanding GPOs and their typical uses

20. Enumerating and identifying exploitable GPOs

21. Exploiting GPOs for persistence and escalation

22. How lateral movement happens in AD environments

23. Abusing different protocols for lateral movement

24. Bloodhound for offense and defense

25. Bloodhound setup and basic queries

26. Custom queries with Bloodhound

27. Password profiling

28. Understanding password policies

29. Enumerating password policies

30. Password spraying

31. Username enumeration in Entra ID

32. Safe password spraying

33. Conditional Access Policies and possible bypasses

34. Different types of hashes

35. Understanding MS-NLMP

36. Capturing NTLMv2 hashes

37. Understanding LSASS

38. Dumping LSASS

39. Pass-the-hash

40. Kerberos deep dive

41. Finding and exploiting AS-REP Roastable accounts

42. When and how to Kerberoast

43. Silver Ticket Attack

44. Golden Ticket Attack

45. Delegation Attacks