Attacking and Defending Active Directory
Attacking and Defending Active Directory ⫘
Service Overview ⫘
This training is designed to teach information technology and information security personnel about why and how Azure Active Directory (Active Directory) is used by threat actors in most of the compromises that occur today, and what to do to make Active Directory more secure while enhancing resiliency. It is not uncommon for information security personnel to conduct Active Directory activities that include the following:
- Identify the current management model of Active Directory
- Proactively identify accounts of interest to threat actors
- Understand how threat actors steal credentials
- Determine ease of lateral movement with stolen credentials
- Identify and mitigate hidden attack paths within Active Directory
- Implement changes to enhance Active Directory security
This training will provide your security personnel with appropriate skillsets to identify and understand the Active Directory techniques used against your organization by threat actors. With this knowledge, your personnel may implement the necessary changes for a more resilient Active Directory, and understand and explain the need for limiting specific account types (e.g., domain administrators). While personnel of all skill levels may attend, roles that will obtain the most value from this training include Active Directory administrators, information technology personnel, and information security personnel.
Service Methodology ⫘
Secureworks delivers this training to help improve your organization’s Active Directory resiliency. Specific topics that will be discussed include the following:
- Introduction to Active Directory
- Tiered Administrative Model
- Kerberoasting Attack
- Golden Ticket Attack (KRBTGT)
- Abusing Trusts to Enable Movement Between Domains
- Compromising Active Directory
- Open-Source Tools
Outcome ⫘
Participants receive a certificate of completion stating four hours of continuing education was completed and this may be used for certification renewal requirements. Participants are expected to obtain an improved set of skills to apply towards securing Active Directory and understanding common attacks.
Scope and Service Units ⫘
Four hours of training conducted remotely through teleconference; up to 12 participants; eight service units.
Limitations ⫘
As customer environments vary considerably, Secureworks will only address generic Active Directory concerns. Any customer-specific IT environment concerns may be addressed during a question and answer session at the conclusion of training.