1. InfoconDB
  2. CactusCon
  3. CactusCon 12 (2024)
  4. Introduction to Hacking Active Directory

Introduction to Hacking Active Directory

Presented at CactusCon 12 (2024), Feb. 16, 2024, 9 a.m. (245 minutes).

As a penetration tester, understanding the intricacies of Active Directory is paramount to assessing the security of a network. This hands-on, introductory, workshop aims to provide an overview of the concepts, techniques, and tools used in hacking Active Directory. We will dive into Active Directory's fundamentals, covering its architecture, components, and role in authentication, authorization, and resource management. The heart of this exploration lies in understanding the vulnerabilities and weaknesses that can be exploited by malicious actors. We will cover common attack vectors, such as brute force attacks, pass-the-hash, pass-the-ticket, and Kerberoasting, shedding light on their potential risks to an organization. To provide practical insights, we will introduce popular penetration testing tools and techniques, including BloodHound, Mimikatz, and PowerShell. These tools are indispensable for discovering Active Directory vulnerabilities, escalating privileges, and maintaining persistence within a compromised network. By the end of this workshop, you'll have a foundational understanding of Active Directory hacking techniques, preparing you to embark on a path towards becoming a proficient penetration tester who can identify and mitigate network security risks. Whether you're a novice or a pro, this workshop is key to your honing skills. * Participants need a laptop equipped with WiFi and Kali Linux.

Presenters:

  • iamv1nc3nt - Adversary Emulator
    Vincent is a security researcher and a senior penetration tester focusing on securing small to medium-sized businesses. Vincent is an Air Force veteran as well as a veteran of the technology world with over 30 years of experience -- 20 years of which spent running a small technology business. Vincent is an author, a previous speaker at CactusCon, Grrcon, and BSides security conferences, and a recreational bug bounty hunter. In his spare time, Vincent drinks copious amounts of coffee, he enjoys petting his two dogs, and when he’s not in front of a computer, he’s out running hundred-mile ultramarathons.

Links:

Similar Presentations: