Instructors: cirosec consultants

Duration: 3 days

This three-day training covers the security of Windows infrastructures as they are typically operated in corporate networks today. The focus will be on the two Microsoft directory services Active Directory and Entra ID.

First, our experienced trainers will talk about the basics of how these directory services work (e.g., protocol basics). Then, selected attack vectors will be discussed, demonstrated or practically abused by the participants in hands-on exercises. In doing so, the participants are also going to learn how to use open-source hacking tools, with the aim of finding vulnerabilities in their own infrastructure in order to fix them.

During the training, we will discuss typical threat scenarios in Active Directory infrastructures. You will find out how implementing the Microsoft tier model (aka enterprise access model), which serves as a basis for a concept for secure infrastructure administration, allows you to significantly reduce the existing attack surface.

These days, more and more organizations are moving increasingly larger parts of their IT infrastructure or processes into the Microsoft cloud. This results in an increased spreading of Microsoft’s cloud-based Entra ID – especially in hybrid scenarios, i.e. in combination with Active Directory. We therefore present Entra ID and the way it works and take a look at the different possibilities to operate these two directory services together. Moreover, we will discuss how to secure and administrate Entra ID.

Our training environment enables you to get to know relevant configuration settings and how to handle selected tools. We use common, freely available hacker tools to demonstrate the effects of individual hardening measures and features. During the training, each participant can use a laptop with various pre-installed tools.

The training is comprised of the following areas:

• Introduction
  • Basics of Active Directory
  • PingCastle tool
  • BloodHound tool
• Protocols and trusts
  • NTLM
  • Kerberos
  • Trusts
• Attacks
  • MITRE ATT&CK
  • Attack vectors of Windows infrastructures
  • Domain compromise
  • War stories
• Securing access
  • Tier model
  • PAW
  • PAM
• Azure / Entra ID
  • Basics
  • Introduction to cloud computing
  • Attacks against Entra ID
  • Securing Entra ID

Target group:
Administrators, SOC members, blue team or red team members and (project) managers responsible for Windows administration.

Requirement:
The participants should have solid administration experience in the Windows environment. Basic experience in the administration of Active Directory and Entra ID as well as knowledge about common attacking tools and vectors are an advantage if you want to have the biggest training effect.

The following resources can be used in the run-up to the training in order to familiarize yourself with typical attacking techniques:

https://www.thehacker.recipes (“Active Directory” section)

https://www.ired.team (“Active Directory & Kerberos Abuse” and “Credential Access & Dumping” sections)

The exercises require the use of command-line tools such as PowerShell and of common administrative tools from the Active Directory environment. Where necessary, our trainers are happy to assist with the use of attacking tools and Microsoft tools. The exercises are set up in multiple levels, which means that, on the one hand, even experienced Windows administrators will still be challenged, while it is on the other hand made possible for beginners to reproduce the solution of each exercise using the sample solutions that are being provided.

Price:
€ 2,400

Early booking discount:
If you register 8 weeks prior to the start of the training, you will receive an early booking discount of 5%.

The training is conducted in German by two experienced trainers. They work as consultants and can thus complement the course with comprehensive and recent practical experience. You will receive CPE Points for participating in the Hardening and Secure Configuration training. The training takes 24 hours. You will get a certificate after having completed the training.
This training will be held in German.

Dates:
May 14-16, 2024 in Cologne
Online October 22-24, 2024 online    
November 26-28, 2024 in Munich

Place:
The training course will take place in fine, specially selected hotels:

• Cologne: Köln Marriott Hotel
• Munich: Pullman Hotel Munich

We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.

We may also gladly offer you the course in form of an in-house training.