Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Active Directory Security Workshop by Chirag Savla

BreachForce
October 19, 2024
Technology
0
20

Active Directory Security Workshop by Chirag Savla

Title: Active Directory Security Workshop
Presenter: Chirag Savla
Event: BreachForce CyberSecurity Cohort
Talk Date: 13th-May-2024

Key Takeaways:
📢 Chirag Savla on "Active Directory Basics & Lab Environment Setup"
Exploring the foundational elements of Active Directory and how to set up a Virtual Lab for testing and practicing AD Pentesting skills.

BreachForce

October 19, 2024
Tweet

More Decks by BreachForce

See All by BreachForce
Art of Smuggling HTTP Requests
breachforce
0
3
COOL RECON TECHNIQUES EVERY HACKER MISSES
breachforce
0
9
Can Request Encryption Fix Your Web Apps?
breachforce
0
11
iOS App Pentesting Discover Exploit Secure
breachforce
0
3
Phone Systems and their security
breachforce
0
8
Cybersecurity for Satellites by Jaden Furtado
breachforce
0
5
Nmap in Depth by Nathaniel Fernandes
breachforce
0
3
Understanding SOC: The heartbeat of Cybersecurity and Network Infrastructure
breachforce
0
4
IoT Security 101: Deep Dive Into Attack Surfaces & Vulnerabilities
breachforce
0
7

Other Decks in Technology

See All in Technology
最速最小からはじめるデータプロダクト / Data Product MVP
amaotone
4
640
CyberAgent 生成AI Deep Dive with Amazon Web Services / genai-aws
cyberagentdevelopers
PRO
1
460
LLMアプリをRagasで評価して、Langfuseで可視化しよう!
minorun365
PRO
2
280
新卒1年目が挑む!生成AI × マルチエージェントで実現する次世代オンボーディング / operation-ai-onboarding
cyberagentdevelopers
PRO
1
140
初心者に Vue.js を 教えるには
tsukuha
5
300
Jamstack でリニューアルするグリーグループのメディア
gree_tech
PRO
2
230
Capybara+生成AIでどこまで本当に自然言語のテストを書けるか?
yusukeiwaki
6
1.3k
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
500
【若手エンジニア応援LT会】AWS Security Hubの活用に苦労した話
kazushi_ohata
0
140
なんで、私がAWS Heroに!? 〜社外の広い世界に一歩踏み出そう〜
minorun365
PRO
6
940
内製化によるシステムモダナイゼーションの実践
kazokmr
3
550
omakaseしないための.rubocop.yml のつくりかた / How to Build Your .rubocop.yml to Avoid Omakase #kaigionrails
linkers_tech
3
460

Featured

See All Featured
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
The Invisible Side of Design
smashingmag
297
50k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2k
Why Our Code Smells
bkeepers
PRO
334
57k
Being A Developer After 40
akosma
86
590k
Building Your Own Lightsaber
phodgson
102
6k
Building Applications with DynamoDB
mza
90
6k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Agile that works and the tools we love
rasmusluckow
327
21k
Building Adaptive Systems
keathley
38
2.2k
Writing Fast Ruby
sferik
626
60k

Transcript

  1. Building Active Directory Lab for Red Teaming

  2. #whoami 👉 Chirag Savla 👉 Twitter – @chiragsavla94 👉 Interest

    area – Red Teaming, Application Security, Penetration Testing 2 Blog – https://3xpl01tc0d3r.blogspot.com

  3. “ Prevention is ideal, detection is a must

  4. What is Active Directory ? ▸ Active Directory is a

    directory service that centralizes the management of users, computers and other objects within a network. Its primary function is to authenticate and authorize users and computers in a windows domain. 4

  5. What is Active Directory ? 5

  6. What is Forest? 6 rtlabs.local sales.rtlabs.local accounts.rtlabs.local techno.local dev.techno.local sec.techno.local

    Domain Tree Domain Forest = Groups = Organizational Unit = Domain Trust Relationship = Users / Groups

  7. Active Directory Components ▸ Forest ▸ Domain Trees ▸ Domains

    ▸ Schema ▸ Objects ▹ Organizational Units (OUs) ▹ Groups ▹ Users ▹ Computer ▸ Sites ▸ Global Catalog (GC) ▸ Group Policy ▸ Domain Trust 7

  8. Forest ▸ An Active Directory forest (AD forest) is the

    top most logical container in an Active Directory configuration that contains domains, users, computers, and group policies. 8

  9. Domain Tree ▸ When you add a child domain to

    a parent domain you create what is called a domain tree. A domain tree is just a series of domains connected together in a hierarchical fashion all using the same DNS namespace. 9

  10. Domain ▸ The domain is a logical structure of containers

    and objects within Active Directory. A domain contains the following components: ▹ A hierarchical structure for users, groups, computers and other objects ▹ Security services that provide authentication and authorization to resources in the domain and other domains ▹ Policies that are applied to users and computers ▹ A DNS name to identify the domain. When you log into a computer that is part of a domain you are logging into the DNS domain name. 10

  11. Schema ▸ The Active Directory schema defines every object class

    that can be created and used in an Active Directory forest. It also defines every attribute that can exist in an object. In other words, it is a blueprint of how data can be stored in Active Directory. 11

  12. Object ▸ Objects are defined as a group of attributes

    that represent a resource in the domain. These objects are assigned a unique security identifier (SID) that is used to grant or deny the object access to resources in the domain. 12

  13. Organizational Units (OUs) ▸ An OU is a container object

    that can contain different objects from the same domain. You will use OUs to store and organize, user accounts, contacts, computers, and groups. You will also link group policy objects to an OU. 13

  14. Groups ▸ There are two types of objects, a Security

    group, and a distribution group. A security group is a grouping of users accounts that can be used to provide access to resources. Distribution groups are used for email distribution lists. 14

  15. Users ▸ A domain user is one whose username and

    password are stored on a domain controller rather than the computer the user is logging into. ▸ User accounts are used to gain access to the domain resources. 15

  16. Computer ▸ Each domain-joined computer has an account in AD

    DS. Computer accounts are used in the same ways that user accounts are used for users. Each computer has a Security Identification (SID) and attributes. when you create a domain, a Computers container is created. 16

  17. Sites ▸ A site is a collection of subnets. The

    Active Directory sites help define the replication flow and resource location for clients such as a domain controller. 17

  18. Global Catalog (GC) ▸ The global catalog server contains a

    full replica of all objects and is used to perform forest wide searches. By default the first domain controller in a domain is designated as the GC server. 18

  19. Group Policy ▸ Group policy allows you to centrally manage

    user and computer settings. You can use group policy to set password policies, auditing policies, lock screen, map drives, deploy software, one drive, office 365 settings and much more. 19

  20. Domain Trust ▸ In an AD environment, trust is a

    relationship between two domains or forests which allows users of one domain or forest to access resources in the other domain or forest. ▸ Trust can be automatic (parent-child, same forest etc.) or established (forest, external). ▸ Trusted Domain Objects (TDOs) represent the trust relationships in a domain. 20

  21. Domain Trust ▸ In an AD environment, trust is a

    relationship between two domains or forests which allows users of one domain or forest to access resources in the other domain or forest. ▸ Trust can be automatic (parent-child, same forest etc.) or established (forest, external). ▸ Trusted Domain Objects (TDOs) represent the trust relationships in a domain. 21

  22. Domain Trust ▸ Trust Direction ▹ One-way trust – Unidirectional.

    Users in the trusted domain can access resources in the trusting domain but the reverse is not true. ▹ Two-way trust – Bi-directional. Users of both domains can access resources in the other domain. 22

  23. Domain Trust ▸ Trust Direction ▹ One-way trust – Unidirectional.

    Users in the trusted domain can access resources in the trusting domain but the reverse is not true. ▹ Two-way trust – Bi-directional. Users of both domains can access resources in the other domain. 23

  24. Domain Trust 24 rtlabs.local techno.local Trust Relationship One-way trust Direction

    of Trust Direction of Access

  25. Domain Trust 25 rtlabs.local techno.local Trust Relationship Two-way trust

  26. Domain Trust ▸ Trust Transitivity ▹ Transitive – Can be

    extended to establish trust relationships with other domains. All the default intra-forest trust relationships (Tree-root, ParentChild) between domains within a same forest are transitive two-way trusts. ▹ Nontransitive – Cannot be extended to other domains in the forest. Can be two-way or one-way. This is the default trust (called external trust) between two domains in different forests when forests do not have a trust relationship. 26

  27. Domain Trust 27 Domain A Transitive Domain C Domain B

  28. Domain Trust 28 Domain A Nontransitive Domain C Domain B

  29. Domain Trust ▸ Default/Automatic Trusts – ▹ Parent-child trust –

    It is created automatically between the new domain and the domain that precedes it in the namespace hierarchy, whenever a new domain is added in a tree. For example, sales.rtlabs.local is a child of rtlabs.local. This trust is always two-way transitive. ▹ Tree-root trust – It is created automatically between whenever a new domain tree is added to a forest root. This trust is always two-way transitive. 29

  30. Domain Trust 30 Parent-child trust techno.local dev.techno.local sec.techno.local

  31. Domain Trust 31 Tree-root trust techno.local dev.techno.local sec.techno.local sec.rtcloud.local aws.sec.rtcloud.local

  32. Domain Trust ▸ Shortcut Trusts – Used to reduce access

    times in complex trust scenarios. Can be one-way or two-way transitive. ▸ External Trusts – Between two domains in different forests when forests do not have a trust relationship. Can be one-way or two-way and is nontransitive. ▸ Forest Trusts – Between forest root domain. Cannot be extended to a third forest (no implicit trust). Can be one-way or two-way and transitive or nontransitive. 32

  33. Domain Trust 33 Shortcut Trusts techno.local dev.techno.local sec.techno.local sec.rtcloud.local aws.sec.rtcloud.local

  34. Domain Trust 34 External Trusts rtlabs.local sales.rtlabs.local accounts.rtlabs.local sec.techno.local techno.local

    Two-Way External Trust One-Way External Trust

  35. Domain Trust 35 Forest Trusts rtlabs.local techno.local consult.local Forest trust

    Forest trust

  36. Setup Active Directory 36

  37. Setup Active Directory 37

  38. Setup Active Directory 38

  39. Setup Active Directory 39

  40. Setup Active Directory 40

  41. Setup Active Directory 41

  42. Setup Active Directory 42

  43. Setup Active Directory 43

  44. Setup Active Directory 44

  45. Setup Active Directory 45

  46. Setup Active Directory 46

  47. Setup Active Directory 47

  48. Setup Active Directory 48

  49. Setup Active Directory 49

  50. Setup Active Directory 50

  51. Setup Active Directory 51

  52. Setup Active Directory 52

  53. Setup Active Directory 53

  54. Setup Active Directory 54

  55. Setup Active Directory 55

  56. Setup Active Directory 56

  57. Setup Active Directory 57

  58. Integrate Client Machine 58

  59. Integrate Client Machine 59

  60. Integrate Client Machine 60

  61. Integrate Client Machine 61

  62. Integrate Client Machine 62

  63. Integrate Client Machine 63

  64. Credits Thanks to @NullMumbai for granting me the privilege to

    present. 64

  65. Reference ▸ https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server- 2003/cc780036(v=ws.10) ▸ https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server- 2003/cc773178(v=ws.10) ▸ https://activedirectorypro.com/glossary/ ▸

    https://adsecurity.org/ 65

  66. 66 THANKS! Any questions? You can find me at @chiragsavla94