Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Pentesting Active Directory and Windows-based Infrastructure
  • Table Of Contents Toc
  • Feedback & Rating feedback
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

By : Denis Isakov
4.9 (14)
Buy this Book
close
close
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

4.9 (14)
By: Denis Isakov
Buy this Book

Overview of this book

This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities. You’ll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You’ll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You’ll also learn how to move laterally by blending into the environment’s traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you’ll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM. By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company.
Table of Contents (13 chapters)
close
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Chapter 1: Getting the Lab Ready and Attacking Exchange Server
Chapter 1: Getting the Lab Ready and Attacking Exchange Server
Technical requirements
Lab architecture and deployment
Active Directory kill chain
Why we will not cover initial access and host-related topics
Attacking Exchange Server
Summary
Further reading
Free Chapter
2
Chapter 2: Defense Evasion
Chapter 2: Defense Evasion
Technical requirements
AMSI, PowerShell CLM, and AppLocker
PowerShell Enhanced Logging and Sysmon
Event Tracing for Windows (ETW)
Summary
References
Further reading
3
Chapter 3: Domain Reconnaissance and Discovery
Chapter 3: Domain Reconnaissance and Discovery
Technical requirements
Enumeration using built-in capabilities
Enumeration tools
Enumerating services and hunting for users
Enumeration detection evasion
Summary
References
Further reading
4
Chapter 4: Credential Access in Domain
Chapter 4: Credential Access in Domain
Technical requirements
Clear-text credentials in the domain
Capture the hash
Forced authentication
Roasting the three-headed dog
Automatic password management in the domain
NTDS secrets
DCSync
Dumping user credentials in clear text via DPAPI
Summary
References
Further reading
5
Chapter 5: Lateral Movement in Domain and Across Forests
Chapter 5: Lateral Movement in Domain and Across Forests
Technical requirements
Usage of administration protocols in the domain
Relaying the hash
Pass-the-whatever
Kerberos delegation
Abusing trust for lateral movement
Summary
References
Further reading
6
Chapter 6: Domain Privilege Escalation
Chapter 6: Domain Privilege Escalation
Technical requirements
Zero2Hero exploits
ACL abuse
Group Policy abuse
Other privilege escalation vectors
Summary
References
Further reading
7
Chapter 7: Persistence on Domain Level
Chapter 7: Persistence on Domain Level
Technical requirements
Domain persistence
Domain controller persistence
Summary
References
8
Chapter 8: Abusing Active Directory Certificate Services
Chapter 8: Abusing Active Directory Certificate Services
Technical requirements
PKI theory
Certificate theft
Account persistence
Domain privilege escalation
Domain persistence
Summary
References
9
Chapter 9: Compromising Microsoft SQL Server
Chapter 9: Compromising Microsoft SQL Server
Technical requirements
Introduction, discovery, and enumeration
Privilege escalation
OS command execution
Lateral movement
Persistence
Summary
Further reading
10
Chapter 10: Taking Over WSUS and SCCM
Chapter 10: Taking Over WSUS and SCCM
Technical requirements
Abusing WSUS
Introduction to MECM/SCCM
Reconnaissance
Privilege escalation
Lateral movement
Defensive recommendations
Summary
References
Further reading
11
Index
Index
Why subscribe?
12
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

What this book covers

Chapter 1, Getting the Lab Ready and Attacking Exchange Server, provides an overview of the attack kill chain, shows you how to deploy the lab environment, and focuses on Exchange Server attack surfaces with practical examples.

Chapter 2, Defense Evasion, teaches you about evading Antimalware Scan Interface (AMSI) and AppLocker, PowerShell enhanced logging, Sysmon, and Event Tracing for Windows (ETW).

Chapter 3, Domain Reconnaissance and Discovery, is where you will learn how to perform reconnaissance in a domain, blend into environment traffic, and learn more about the internals of tools such as BloodHound and Microsoft Advanced Threat Analytics (ATA).

Chapter 4, Credential Access in a Domain, covers ways to obtain credentials in the domain environment by capturing the hash, coercing authentication, “roasting” Kerberos, reading clear-text passwords if Local Administrator Password Solution (LAPS) is misconfigured, and collecting hashes of gMSA accounts or of a whole domain via DCSync.

Chapter 5, Lateral Movement in Domain and Across Forests, shows how an adversary can maneuver across an environment by abusing different types of delegation, passing different types of credential materials, relaying captured hashes, as well as moving to other forests.

Chapter 6, Domain Privilege Escalation, is where we will focus on ways to elevate privileges in a domain by abusing misconfigured Access Control Lists (ACL), Group Policy Objects (GPO), and special built-in groups, as well as moving from a child domain to a parent domain.

Chapter 7, Persistence on Domain Level, shows techniques to establish persistence on the domain level by forging tickets and manipulating ACLs and objects, as well as on the domain controller itself by adding a Skeleton Key, malicious SSP, a registry backdoor, and so on.

Chapter 8, Abusing Active Directory Certificate Services, covers the fundamentals of Public Key Infrastructure (PKI) implementation by Microsoft, along with ways to steal certificates, escalate privileges in the domain, and achieve persistence on account and domain levels.

Chapter 9, Compromising Microsoft SQL Server, is where we will focus on how to attack SQL Server, including enumeration, privilege escalation, lateral movement, and persistence.

Chapter 10, Taking over WSUS and SCCM, provides an overview of IT support management software and ways to abuse its functionality, leading to a complete takeover of the whole environment.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY