Tweet
CANCELED:
URL=https://training.defcon.org/products...cloud-azure-ad
URL=https://training.defcon.org/products...cloud-azure-ad
Originally posted by URL
Name of Training:
Hands-on Identity Attacks: On-Premise & Cloud (Azure AD)
Training Description:
This training takes you on a journey inside the organization's Active Directory. You will go through a close to real-world scenario where you will compromise servers, steal credentials, escalate privileges and move latterally inside an organization on-premise and on their cloud infrastructure on Azure (Azure AD).
Trainer(s) bio:
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies, including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis, 2nd Edition" book published by Packt Publishing.
Amr has spoken at top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals worldwide build their expertise in malware analysis, threat hunting, red teaming, and, most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
Trainer(s) social media links:
https://linkedin.com/in/AmrThabet
https://twitter.com/Amr_Thabet
https://youtube.com/@AmrThabet
Training Outline:
Day 01:
1. Active Directory Fundamentals & Enumeration
* Intro to Active Directory & Identity Attacks
* Authentication Protocols: NTLM & Kerberos
* Domain Enumeration using Powershell
* Group Policy Enumeration
* Enumerating ACL for Weaknesses & Misconfiguration
* Planning Your Attack Path using BloodHound
2. Credential Theft (On-Premise)
* Stealing Domain & Local Credentials using Mimikatz
* Hijacking Service Accounts Using Kerberoasting
* Hunting For Passwords in AD Attributes
* Hunting for Cloud Credentials
* Local Admin Password Solution (LAPS) Hijacking
* group Managed Service Account (gMSA) Hijacking
* Ticket Creation (Silver & Golden Tickets)
3. Lateral Movement:
* Remote Connection Protocols & Tools (WMI, WinRM, NetBIOS & RDP)
* Pass-The-Hash & OverPass-The-Hash Attacks
* Lateral Movement using Unconstrained Delegation
* Lateral Movement using Constrained Delegation
* Lateral Movement using Resource-Based Constrained Delegation
* DCSync Abuse for Full Domination
Day 02:
1. Cloud Reconnaissance & Assets Discovery
* Cloud vs On-Premise
* Identities on Cloud: Cloud Authentication Methods (Azure, AWS)
* Domain Discovery, Bruteforcing & Assets Reconnaissance
* Post Compromise Reconnaissance (Azure AD and AWS)
* Service Accounts (Azure Managed Identities & AWS Roles)
2. Initial Access Attacks
* Spear-Phishing with illicit consent
* Password Spraying Attacks
* Storage Misconfigurations (S3 & Storage Blobs)
3. Privilege Escalation & Lateral Movement
* Managed Identities & AWS AssumeRole Abuse
* Credential Harvesting
* Accessing Keyvaults & Secrets Harvesting
* Credential Harvesting Through Source Code (Github, Terraform & Cloud Formation)
* Lateral Movement to On-Prem: Using Hybrid Automation & Automation Admin
* Lateral Movement to On-Prem: AD Connect & Federation
The training presequities are:
* Understanding of Cybersecurity Concepts and terms
* Understanding of Network Protocols and basic Windows Administration skills
* Basic Powershell scripting skills
* Familiar of cloud infrastructure (AWS or Azure)
Technical difficulty:
Beginner/Intermediate
Suggested Prerequisites:
* Understanding of Cybersecurity Concepts and terms
* Understanding of Network Protocols and basic Windows Administration skills
* Basic Powershell scripting skills
* Familiar of cloud infrastructure (AWS or Azure)
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Amr Thabet
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
Hands-on Identity Attacks: On-Premise & Cloud (Azure AD)
Training Description:
This training takes you on a journey inside the organization's Active Directory. You will go through a close to real-world scenario where you will compromise servers, steal credentials, escalate privileges and move latterally inside an organization on-premise and on their cloud infrastructure on Azure (Azure AD).
Trainer(s) bio:
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies, including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis, 2nd Edition" book published by Packt Publishing.
Amr has spoken at top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals worldwide build their expertise in malware analysis, threat hunting, red teaming, and, most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
Trainer(s) social media links:
https://linkedin.com/in/AmrThabet
https://twitter.com/Amr_Thabet
https://youtube.com/@AmrThabet
Training Outline:
Day 01:
1. Active Directory Fundamentals & Enumeration
* Intro to Active Directory & Identity Attacks
* Authentication Protocols: NTLM & Kerberos
* Domain Enumeration using Powershell
* Group Policy Enumeration
* Enumerating ACL for Weaknesses & Misconfiguration
* Planning Your Attack Path using BloodHound
2. Credential Theft (On-Premise)
* Stealing Domain & Local Credentials using Mimikatz
* Hijacking Service Accounts Using Kerberoasting
* Hunting For Passwords in AD Attributes
* Hunting for Cloud Credentials
* Local Admin Password Solution (LAPS) Hijacking
* group Managed Service Account (gMSA) Hijacking
* Ticket Creation (Silver & Golden Tickets)
3. Lateral Movement:
* Remote Connection Protocols & Tools (WMI, WinRM, NetBIOS & RDP)
* Pass-The-Hash & OverPass-The-Hash Attacks
* Lateral Movement using Unconstrained Delegation
* Lateral Movement using Constrained Delegation
* Lateral Movement using Resource-Based Constrained Delegation
* DCSync Abuse for Full Domination
Day 02:
1. Cloud Reconnaissance & Assets Discovery
* Cloud vs On-Premise
* Identities on Cloud: Cloud Authentication Methods (Azure, AWS)
* Domain Discovery, Bruteforcing & Assets Reconnaissance
* Post Compromise Reconnaissance (Azure AD and AWS)
* Service Accounts (Azure Managed Identities & AWS Roles)
2. Initial Access Attacks
* Spear-Phishing with illicit consent
* Password Spraying Attacks
* Storage Misconfigurations (S3 & Storage Blobs)
3. Privilege Escalation & Lateral Movement
* Managed Identities & AWS AssumeRole Abuse
* Credential Harvesting
* Accessing Keyvaults & Secrets Harvesting
* Credential Harvesting Through Source Code (Github, Terraform & Cloud Formation)
* Lateral Movement to On-Prem: Using Hybrid Automation & Automation Admin
* Lateral Movement to On-Prem: AD Connect & Federation
The training presequities are:
* Understanding of Cybersecurity Concepts and terms
* Understanding of Network Protocols and basic Windows Administration skills
* Basic Powershell scripting skills
* Familiar of cloud infrastructure (AWS or Azure)
Technical difficulty:
Beginner/Intermediate
Suggested Prerequisites:
* Understanding of Cybersecurity Concepts and terms
* Understanding of Network Protocols and basic Windows Administration skills
* Basic Powershell scripting skills
* Familiar of cloud infrastructure (AWS or Azure)
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Amr Thabet
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.