Tag Archive for: WDATP

Our Master Class Active Directory Security workshop at a glance

Become an Active Directory security expert! This five-day workshop provides the practical know-how needed to implement an Active Directory implementation that both resists known attacks and is hardened against future attacks.

After attending this course you will have no (!) more questions about Active Directory security – I promise!

About the seminar

This workshop takes a close look at Active Directory security. Meanwhile, various attack scenarios are known (e.g., mimikatz) that target credential theft or ransomware implementation. The goal of this workshop is to understand these scenarios so that you can then prevent them and implement an Active Directory implementation that resists these attacks and is also hardened against future attacks. Active Directory are your “crown jewels” – without Active Directory, most corporate environments are completely crippled in production. Therefore: understand, harden and monitor so that you can sleep better.

Requirements

Attendees should have at least five years of experience with Active Directory and client systems.

Target group

The workshop is aimed at network administrators and security experts.

Training environment

The training runs completely virtualized. Each participant has a PC with 128 GB RAM, two NVME SSDs (throughput read up to 3,500 MB/s, write up to 2,300 MB/s) and a total bandwidth to the Internet of 1 Gbps.

Each participant “builds” his environment completely by himself with the trainer. With the appropriate hardware, new systems can be set up in seconds.

Agenda

  • Introduction and best practices for installing domain controllers
  • Homegrown security problems in Active Directory
    • Understanding Kerberos
    • NTLM vs. Kerberos
    • SMB (versions, attack scenarios, secure deployment)
    • PAC validation and the problems with Microsoft’s implementation of Kerberos
    • PTH – Pass the Hash/Silver Ticket/Golden Ticket/Skeleton Key
  • Kerberos Ticket Service
    • Change Kerberos passwords
  • Prevent credential thefting
    • Attack Scenarios (PTH – Pass the Hash/Silver Ticket/Golden Ticket/Skeleton Key)
    • Windows Defender Credential Guard, Windows Defender Remote Credential Guard BitLocker, Windows Defender Device Guard, AppLocker, Windows Defender Application Guard
  • Understanding concepts
    • Operate animal models
    • Red Forest/Golden Forest/Bastion Forests
    • Single domain model highly secure
  • Clean Install Source
    • Verify hash values of *.iso files
    • Fciv.exe
    • PowerShell
    • 7zip and IgorHasher
  • Setting up the first domain controller
    • ms-ds-machineaccountquota understand
    • redircmp use for new computer systems
    • use redirusr for new users
    • BitLocker and TPM 1.2 vs. 2.0
    • BitLocker and pre-boot authentication
    • AppLocker
    • Monitoring (AD-Audit-Plus, CyberArk)
    • Secure backup and recovery of BitLocker-protected backup volumes
    • Firewalling on domain controllers
    • Configure IPSec with RDP
    • Hardening of domain controllers according to Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft tools
  • Setting up additional domain controllers
  • Operating domain controllers securely via IPSec
    • IPSec monitoring via MMC
  • Set up PKI server as internal trusted ROOT CA
    • Enable automatic certificate deployment via group policies
    • Enrolment of non-standard certificates
    • Hardening of PKI according to Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft tools
  • Jump Server and Privileged Acccess Workstation (PAW) – Understanding and Implementing Concepts
    • Set up and configure Jump servers (RSAT installation, install ADMIN center with valid certificate from a trusted root PKI, BitLocker and TPM 1.2 vs. 2.0, BitLocker and pre-boot authentication, AppLocker, configure IPSec with RDP, backup Jump servers to BitLocker-protected volumes, firewalling on Jump servers).
    • Hardening of Jump servers according to Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft tools
    • Set up and configure PAW (BitLocker and TPM 1.2 vs. 2.0, BitLocker and pre-boot authentication, configuring AppLocker, IPSec and RDP, backing up PAWs to BitLocker-protected volumes, firewalling on PAWs).
    • Hardening of domain controllers according to Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft tools
  • Security in domain networks
    • 802.1X with MAC addresses/certificates
    • Turn off MAC flooding on switches and hubbing mode
    • IPSec with Kerberos and certificates
  • Windows Defender Advanced Threat Protection (WDATP)
    • Understand concept of WDATP
    • Roll out and monitor WDATP
    • WDATP on domain controllers/jump servers and PAWs/Windows 10 clients.