$30 off During Our Annual Pro Sale. View Details »

Active Directory Security Workshop by Chirag Savla

BreachForce
October 19, 2024
Technology
0
25

Active Directory Security Workshop by Chirag Savla

Title: Active Directory Security Workshop
Presenter: Chirag Savla
Event: BreachForce CyberSecurity Cohort
Talk Date: 13th-May-2024

Key Takeaways:
📢 Chirag Savla on "Active Directory Basics & Lab Environment Setup"
Exploring the foundational elements of Active Directory and how to set up a Virtual Lab for testing and practicing AD Pentesting skills.

BreachForce

October 19, 2024
Tweet

More Decks by BreachForce

See All by BreachForce
Art of Smuggling HTTP Requests
breachforce
0
3
COOL RECON TECHNIQUES EVERY HACKER MISSES
breachforce
0
11
Can Request Encryption Fix Your Web Apps?
breachforce
0
12
iOS App Pentesting Discover Exploit Secure
breachforce
0
4
Phone Systems and their security
breachforce
0
8
Cybersecurity for Satellites by Jaden Furtado
breachforce
0
9
Nmap in Depth by Nathaniel Fernandes
breachforce
0
4
Understanding SOC: The heartbeat of Cybersecurity and Network Infrastructure
breachforce
0
5
IoT Security 101: Deep Dive Into Attack Surfaces & Vulnerabilities
breachforce
0
9

Other Decks in Technology

See All in Technology
Entra ID の基礎(Japan Microsoft 365 コミュニティ カンファレンス 2024)
murachiakira
2
540
50以上のマイクロサービスを支えるアプリケーションプラットフォームの設計・構築の後悔と進化 #CNDW2024 / regrets and evolution of application platform
toshi0607
4
350
【LT】ソフトウェア産業は進化しているのか? #Agilejapan
takabow
1
130
MTDDC Meetup TOKYO 2024 運用フェーズに突入したウェブサイト。年々コスト増えていませんか?
kurashige
0
100
LLMの気持ちになってRAGのことを考えてみよう
john_smith
0
170
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
240
モバイルアプリ開発未経験者が プロダクト開発に携わるまでに取り組んだこと/nikkei-tech-talk-27-3
nikkei_engineer_recruiting
0
110
Continuous Integration! Raising the Bar
tdpauw
1
110
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
260
2024年のAmazon Bedrockアップデート一挙おさらい 〜まだ間に合う! re:Invent直前までの重大ニュースを速習しよう〜
minorun365
PRO
3
130
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
730
組織成長を加速させるオンボーディングの取り組み
sudoakiy
3
380

Featured

See All Featured
Practical Orchestrator
shlominoach
186
10k
Building Applications with DynamoDB
mza
90
6.1k
Why Our Code Smells
bkeepers
PRO
334
57k
It's Worth the Effort
3n
183
27k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Music & Morning Musume
bryan
46
6.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Being A Developer After 40
akosma
87
590k

Transcript

  1. Building Active Directory Lab for Red Teaming

  2. #whoami 👉 Chirag Savla 👉 Twitter – @chiragsavla94 👉 Interest

    area – Red Teaming, Application Security, Penetration Testing 2 Blog – https://3xpl01tc0d3r.blogspot.com

  3. “ Prevention is ideal, detection is a must

  4. What is Active Directory ? ▸ Active Directory is a

    directory service that centralizes the management of users, computers and other objects within a network. Its primary function is to authenticate and authorize users and computers in a windows domain. 4

  5. What is Active Directory ? 5

  6. What is Forest? 6 rtlabs.local sales.rtlabs.local accounts.rtlabs.local techno.local dev.techno.local sec.techno.local

    Domain Tree Domain Forest = Groups = Organizational Unit = Domain Trust Relationship = Users / Groups

  7. Active Directory Components ▸ Forest ▸ Domain Trees ▸ Domains

    ▸ Schema ▸ Objects ▹ Organizational Units (OUs) ▹ Groups ▹ Users ▹ Computer ▸ Sites ▸ Global Catalog (GC) ▸ Group Policy ▸ Domain Trust 7

  8. Forest ▸ An Active Directory forest (AD forest) is the

    top most logical container in an Active Directory configuration that contains domains, users, computers, and group policies. 8

  9. Domain Tree ▸ When you add a child domain to

    a parent domain you create what is called a domain tree. A domain tree is just a series of domains connected together in a hierarchical fashion all using the same DNS namespace. 9

  10. Domain ▸ The domain is a logical structure of containers

    and objects within Active Directory. A domain contains the following components: ▹ A hierarchical structure for users, groups, computers and other objects ▹ Security services that provide authentication and authorization to resources in the domain and other domains ▹ Policies that are applied to users and computers ▹ A DNS name to identify the domain. When you log into a computer that is part of a domain you are logging into the DNS domain name. 10

  11. Schema ▸ The Active Directory schema defines every object class

    that can be created and used in an Active Directory forest. It also defines every attribute that can exist in an object. In other words, it is a blueprint of how data can be stored in Active Directory. 11

  12. Object ▸ Objects are defined as a group of attributes

    that represent a resource in the domain. These objects are assigned a unique security identifier (SID) that is used to grant or deny the object access to resources in the domain. 12

  13. Organizational Units (OUs) ▸ An OU is a container object

    that can contain different objects from the same domain. You will use OUs to store and organize, user accounts, contacts, computers, and groups. You will also link group policy objects to an OU. 13

  14. Groups ▸ There are two types of objects, a Security

    group, and a distribution group. A security group is a grouping of users accounts that can be used to provide access to resources. Distribution groups are used for email distribution lists. 14

  15. Users ▸ A domain user is one whose username and

    password are stored on a domain controller rather than the computer the user is logging into. ▸ User accounts are used to gain access to the domain resources. 15

  16. Computer ▸ Each domain-joined computer has an account in AD

    DS. Computer accounts are used in the same ways that user accounts are used for users. Each computer has a Security Identification (SID) and attributes. when you create a domain, a Computers container is created. 16

  17. Sites ▸ A site is a collection of subnets. The

    Active Directory sites help define the replication flow and resource location for clients such as a domain controller. 17

  18. Global Catalog (GC) ▸ The global catalog server contains a

    full replica of all objects and is used to perform forest wide searches. By default the first domain controller in a domain is designated as the GC server. 18

  19. Group Policy ▸ Group policy allows you to centrally manage

    user and computer settings. You can use group policy to set password policies, auditing policies, lock screen, map drives, deploy software, one drive, office 365 settings and much more. 19

  20. Domain Trust ▸ In an AD environment, trust is a

    relationship between two domains or forests which allows users of one domain or forest to access resources in the other domain or forest. ▸ Trust can be automatic (parent-child, same forest etc.) or established (forest, external). ▸ Trusted Domain Objects (TDOs) represent the trust relationships in a domain. 20

  21. Domain Trust ▸ In an AD environment, trust is a

    relationship between two domains or forests which allows users of one domain or forest to access resources in the other domain or forest. ▸ Trust can be automatic (parent-child, same forest etc.) or established (forest, external). ▸ Trusted Domain Objects (TDOs) represent the trust relationships in a domain. 21

  22. Domain Trust ▸ Trust Direction ▹ One-way trust – Unidirectional.

    Users in the trusted domain can access resources in the trusting domain but the reverse is not true. ▹ Two-way trust – Bi-directional. Users of both domains can access resources in the other domain. 22

  23. Domain Trust ▸ Trust Direction ▹ One-way trust – Unidirectional.

    Users in the trusted domain can access resources in the trusting domain but the reverse is not true. ▹ Two-way trust – Bi-directional. Users of both domains can access resources in the other domain. 23

  24. Domain Trust 24 rtlabs.local techno.local Trust Relationship One-way trust Direction

    of Trust Direction of Access

  25. Domain Trust 25 rtlabs.local techno.local Trust Relationship Two-way trust

  26. Domain Trust ▸ Trust Transitivity ▹ Transitive – Can be

    extended to establish trust relationships with other domains. All the default intra-forest trust relationships (Tree-root, ParentChild) between domains within a same forest are transitive two-way trusts. ▹ Nontransitive – Cannot be extended to other domains in the forest. Can be two-way or one-way. This is the default trust (called external trust) between two domains in different forests when forests do not have a trust relationship. 26

  27. Domain Trust 27 Domain A Transitive Domain C Domain B

  28. Domain Trust 28 Domain A Nontransitive Domain C Domain B

  29. Domain Trust ▸ Default/Automatic Trusts – ▹ Parent-child trust –

    It is created automatically between the new domain and the domain that precedes it in the namespace hierarchy, whenever a new domain is added in a tree. For example, sales.rtlabs.local is a child of rtlabs.local. This trust is always two-way transitive. ▹ Tree-root trust – It is created automatically between whenever a new domain tree is added to a forest root. This trust is always two-way transitive. 29

  30. Domain Trust 30 Parent-child trust techno.local dev.techno.local sec.techno.local

  31. Domain Trust 31 Tree-root trust techno.local dev.techno.local sec.techno.local sec.rtcloud.local aws.sec.rtcloud.local

  32. Domain Trust ▸ Shortcut Trusts – Used to reduce access

    times in complex trust scenarios. Can be one-way or two-way transitive. ▸ External Trusts – Between two domains in different forests when forests do not have a trust relationship. Can be one-way or two-way and is nontransitive. ▸ Forest Trusts – Between forest root domain. Cannot be extended to a third forest (no implicit trust). Can be one-way or two-way and transitive or nontransitive. 32

  33. Domain Trust 33 Shortcut Trusts techno.local dev.techno.local sec.techno.local sec.rtcloud.local aws.sec.rtcloud.local

  34. Domain Trust 34 External Trusts rtlabs.local sales.rtlabs.local accounts.rtlabs.local sec.techno.local techno.local

    Two-Way External Trust One-Way External Trust

  35. Domain Trust 35 Forest Trusts rtlabs.local techno.local consult.local Forest trust

    Forest trust

  36. Setup Active Directory 36

  37. Setup Active Directory 37

  38. Setup Active Directory 38

  39. Setup Active Directory 39

  40. Setup Active Directory 40

  41. Setup Active Directory 41

  42. Setup Active Directory 42

  43. Setup Active Directory 43

  44. Setup Active Directory 44

  45. Setup Active Directory 45

  46. Setup Active Directory 46

  47. Setup Active Directory 47

  48. Setup Active Directory 48

  49. Setup Active Directory 49

  50. Setup Active Directory 50

  51. Setup Active Directory 51

  52. Setup Active Directory 52

  53. Setup Active Directory 53

  54. Setup Active Directory 54

  55. Setup Active Directory 55

  56. Setup Active Directory 56

  57. Setup Active Directory 57

  58. Integrate Client Machine 58

  59. Integrate Client Machine 59

  60. Integrate Client Machine 60

  61. Integrate Client Machine 61

  62. Integrate Client Machine 62

  63. Integrate Client Machine 63

  64. Credits Thanks to @NullMumbai for granting me the privilege to

    present. 64

  65. Reference ▸ https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server- 2003/cc780036(v=ws.10) ▸ https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server- 2003/cc773178(v=ws.10) ▸ https://activedirectorypro.com/glossary/ ▸

    https://adsecurity.org/ 65

  66. 66 THANKS! Any questions? You can find me at @chiragsavla94