Pentesting Active Directory and Windows-Based Infrastructure A Comprehensive Practical Guide to Penetration Testing Microsoft Infrastructure

Book Cover
Average Rating
Author
Isakov, Denis,
Published
Birmingham : Packt Publishing, Limited, 2023.
Status
Available Online

Description

Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerations Key Features Find out how to attack real-life Microsoft infrastructure Discover how to detect adversary activities and remediate your environment Apply the knowledge you've gained by working on hands-on exercises Purchase of the print or Kindle book includes a free PDF eBook Book Description This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities. You'll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You'll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You'll also learn how to move laterally by blending into the environment's traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you'll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM. By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company. What you will learn Understand and adopt the Microsoft infrastructure kill chain methodology Attack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL Server Disappear from the defender's eyesight by tampering with defensive capabilities Upskill yourself in offensive OpSec to stay under the radar Find out how to detect adversary activities in your Windows environment Get to grips with the steps needed to remediate misconfigurations Prepare yourself for real-life scenarios by getting hands-on experience with exercises Who this book is for This book is for pentesters and red teamers, security and IT engineers, as well as blue teamers and incident responders interested in Windows infrastructure security. The book is packed with practical examples, tooling, and attack-defense guidelines to help you assess and improve the security of your real-life environments. To get the most out of this book, you should have basic knowledge of Windows services and Active Directory.

More Details

Format
Edition
1st edition.
Language
English
ISBN
9781804618271, 1804618276

Notes

General Note
Description based upon print version of record.
General Note
Child/parent domain escalation
Description
Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerations Key Features Find out how to attack real-life Microsoft infrastructure Discover how to detect adversary activities and remediate your environment Apply the knowledge you've gained by working on hands-on exercises Purchase of the print or Kindle book includes a free PDF eBook Book Description This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities. You'll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You'll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You'll also learn how to move laterally by blending into the environment's traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you'll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM. By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company. What you will learn Understand and adopt the Microsoft infrastructure kill chain methodology Attack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL Server Disappear from the defender's eyesight by tampering with defensive capabilities Upskill yourself in offensive OpSec to stay under the radar Find out how to detect adversary activities in your Windows environment Get to grips with the steps needed to remediate misconfigurations Prepare yourself for real-life scenarios by getting hands-on experience with exercises Who this book is for This book is for pentesters and red teamers, security and IT engineers, as well as blue teamers and incident responders interested in Windows infrastructure security. The book is packed with practical examples, tooling, and attack-defense guidelines to help you assess and improve the security of your real-life environments. To get the most out of this book, you should have basic knowledge of Windows services and Active Directory.
Local note
O'Reilly O'Reilly Online Learning: Academic/Public Library Edition

Table of Contents

Cover
Title Page
Copyright and Credits
Dedications
Contributors
Table of Contents
Preface
Chapter 1: Getting the Lab Ready and Attacking Exchange Server
Technical requirements
Lab architecture and deployment
Active Directory kill chain
Why we will not cover initial access and host-related topics
Attacking Exchange Server
User enumeration and password spraying
Dumping and exfiltrating
Zero2Hero exploits
Gaining a foothold
Summary
Further reading
Chapter 2: Defense Evasion
Technical requirements
AMSI, PowerShell CLM, and AppLocker
Antimalware Scan Interface
Way 1
Error forcing
Way 2
Obfuscation
Way 3
Memory patch
AppLocker and PowerShell CLM
PowerShell Enhanced Logging and Sysmon
Event Tracing for Windows (ETW)
Summary
References
Further reading
Chapter 3: Domain Reconnaissance and Discovery
Technical requirements
Enumeration using built-in capabilities
PowerShell cmdlet
WMI
net.exe
LDAP
Enumeration tools
SharpView/PowerView
BloodHound
Enumerating services and hunting for users
SPN
The file server
User hunting
Enumeration detection evasion
Microsoft ATA
Honey tokens
Summary
References
Further reading
Chapter 4: Credential Access in Domain
Technical requirements
Clear-text credentials in the domain
Old, but still worth trying
Password in the description field
Password spray
Capture the hash
Forced authentication
MS-RPRN abuse (PrinterBug)
MS-EFSR abuse (PetitPotam)
WebDAV abuse
MS-FSRVP abuse (ShadowCoerce)
MS-DFSNM abuse (DFSCoerce)
Roasting the three-headed dog
Kerberos 101
ASREQRoast
KRB_AS_REP roasting (ASREPRoast)
Kerberoasting
Automatic password management in the domain
LAPS
gMSA
NTDS secrets
DCSync
Dumping user credentials in clear text via DPAPI
Summary
References
Further reading
Chapter 5: Lateral Movement in Domain and Across Forests
Technical requirements
Usage of administration protocols in the domain
PSRemoting and JEA
RDP
Other protocols with Impacket
Relaying the hash
Pass-the-whatever
Pass-the-hash
Pass-the-key and overpass-the-hash
Pass-the-ticket
Kerberos delegation
Unconstrained delegation
Resource-based constrained delegation
Constrained delegation
Bronze Bit attack aka CVE-2020-17049
Abusing trust for lateral movement
Summary
References
Further reading
Chapter 6: Domain Privilege Escalation
Technical requirements
Zero2Hero exploits
MS14-068
Zerologon (CVE-2020-1472)
PrintNightmare (CVE-2021-1675 & CVE-2021-34527)
sAMAccountName Spoofing and noPac (CVE-2021-42278/CVE-2021-42287)
RemotePotato0
ACL abuse
Group
Computer
User
DCSync
Group Policy abuse
Other privilege escalation vectors
Built-in security groups
DNSAdmins abuse (CVE-2021-40469)

Discover More

More Like This

  • Cybersecurity attacks: Red Team strategies : a practical guide to building a penetration testing program having homefield advantage Cover
  • MALWARE DEVELOPMENT FOR ETHICAL HACKERS: learn how to develop various types of malware to strengthen cybersecurity Cover
  • BUG BOUNTY FROM SCRATCH: a comprehensive guide to discovering vulnerabilities and succeeding in cybersecurity Cover
  • Network scanning cookbook: practical network security using Nmap and Nessus 7 Cover
  • Mastering Metasploit: take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit Cover
  • Microcontroller exploits Cover
  • Practical network scanning: capture network vulnerabilities using standard tools such as Nmap and Nessus Cover
  • Hands on hacking Cover
  • Tribe of hackers security leaders: tribal knowledge from the best in cybersecurity leadership Cover
  • INTRODUCTION TO KALI PURPLE: harness the synergy of offensive and defensive cybersecurity strategies of Kali Linux Cover
  • IoT system testing: an IoT journey from devices to analytics and the edge Cover
  • Becoming the hacker: the playbook for getting inside the mind of an attacker Cover
  • Pentesting APIs: A Practical Guide to Discovering, Fingerprinting, and Exploiting APIs Cover
  • The Complete Metasploit Guide: Explore Effective Penetration Testing Techniques with Metasploit Cover
  • Hands-on penetration testing on Windows: unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis Cover
  • Learn ethical hacking from scratch: your stepping stone to penetration testing Cover
  • Kali Linux, an ethical hacker's cookbook: practical recipes that combine strategies, attacks, and tools for advanced penetration testing Cover
  • CEH Certified Ethical Hacker Cert guide Cover
  • Gray hat hacking: the ethical hacker's handbook Cover
  • Linux basics for hackers: getting started with networking, scripting, and security in Kali Cover
  • Quick start guide to penetration testing: with NMAP, OpenVAS and Metasploit Cover
  • Advanced infrastructure penetration testing: defend your systems from methodized and proficient attackers Cover
  • How I rob banks: (and other such places) Cover
  • Penetration testing Azure for ethical hackers: develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments Cover
  • Reconnaissance for Ethical Hackers: Focus on the Starting Point of Data Breaches and Explore Essential Steps for Successful Pentesting Cover

Reviews from GoodReads

Loading GoodReads Reviews.

Citations

APA Citation, 7th Edition (style guide)

Isakov, D. (2023). Pentesting Active Directory and Windows-Based Infrastructure: A Comprehensive Practical Guide to Penetration Testing Microsoft Infrastructure (1st edition.). Packt Publishing, Limited.

Chicago / Turabian - Author Date Citation, 17th Edition (style guide)

Isakov, Denis. 2023. Pentesting Active Directory and Windows-Based Infrastructure: A Comprehensive Practical Guide to Penetration Testing Microsoft Infrastructure. Birmingham: Packt Publishing, Limited.

Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)

Isakov, Denis. Pentesting Active Directory and Windows-Based Infrastructure: A Comprehensive Practical Guide to Penetration Testing Microsoft Infrastructure Birmingham: Packt Publishing, Limited, 2023.

Harvard Citation (style guide)

Isakov, D. (2023). Pentesting active directory and windows-based infrastructure: a comprehensive practical guide to penetration testing microsoft infrastructure. 1st edn. Birmingham: Packt Publishing, Limited.

MLA Citation, 9th Edition (style guide)

Isakov, Denis. Pentesting Active Directory and Windows-Based Infrastructure: A Comprehensive Practical Guide to Penetration Testing Microsoft Infrastructure 1st edition., Packt Publishing, Limited, 2023.

Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.

Staff View

Grouped Work ID
5a419302-f291-5f4e-9018-63a06f19d2b5-eng
Go To Grouped Work View in Staff Client

Grouping Information

Grouped Work ID5a419302-f291-5f4e-9018-63a06f19d2b5-eng
Full titlepentesting active directory and windows based infrastructure a comprehensive practical guide to penetration testing microsoft infrastructure
Authorisakov denis
Grouping Categorybook
Last Update2025-01-24 12:33:29PM
Last Indexed2025-04-11 03:13:51AM

Book Cover Information

Image Sourcedefault
First LoadedJan 3, 2025
Last UsedFeb 27, 2025

Marc Record

First DetectedDec 16, 2024 11:27:20 PM
Last File Modification TimeDec 17, 2024 08:26:44 AM
SuppressedRecord had no items

MARC Record

LEADER07568cam a22004697a 4500
001on1407315625
003OCoLC
00520241217082458.0
006m     o  d        
007cr cnu---unuuu
008231111s2023    enk     o     000 0 eng d
020 |a 9781804618271|q (electronic bk.)
020 |a 1804618276
035 |a (OCoLC)1407315625
040 |a EBLCP|b eng|c EBLCP|d OCLCO|d ORMDA|d OCLCF|d N$T
049 |a MAIN
050 4|a QA76.9.A25
08204|a 005.8|2 23/eng/20240520
1001 |a Isakov, Denis,|e author.
24510|a Pentesting Active Directory and Windows-Based Infrastructure|h [electronic resource] :|b A Comprehensive Practical Guide to Penetration Testing Microsoft Infrastructure /|c Denis Isakov.
250 |a 1st edition.
260 |a Birmingham :|b Packt Publishing, Limited,|c 2023.
300 |a 1 online resource (360 p.)
500 |a Description based upon print version of record.
500 |a Child/parent domain escalation
5050 |a Cover -- Title Page -- Copyright and Credits -- Dedications -- Contributors -- Table of Contents -- Preface -- Chapter 1: Getting the Lab Ready and Attacking Exchange Server -- Technical requirements -- Lab architecture and deployment -- Active Directory kill chain -- Why we will not cover initial access and host-related topics -- Attacking Exchange Server -- User enumeration and password spraying -- Dumping and exfiltrating -- Zero2Hero exploits -- Gaining a foothold -- Summary -- Further reading -- Chapter 2: Defense Evasion -- Technical requirements -- AMSI, PowerShell CLM, and AppLocker
5058 |a Antimalware Scan Interface -- Way 1 -- Error forcing -- Way 2 -- Obfuscation -- Way 3 -- Memory patch -- AppLocker and PowerShell CLM -- PowerShell Enhanced Logging and Sysmon -- Event Tracing for Windows (ETW) -- Summary -- References -- Further reading -- Chapter 3: Domain Reconnaissance and Discovery -- Technical requirements -- Enumeration using built-in capabilities -- PowerShell cmdlet -- WMI -- net.exe -- LDAP -- Enumeration tools -- SharpView/PowerView -- BloodHound -- Enumerating services and hunting for users -- SPN -- The file server -- User hunting -- Enumeration detection evasion
5058 |a Microsoft ATA -- Honey tokens -- Summary -- References -- Further reading -- Chapter 4: Credential Access in Domain -- Technical requirements -- Clear-text credentials in the domain -- Old, but still worth trying -- Password in the description field -- Password spray -- Capture the hash -- Forced authentication -- MS-RPRN abuse (PrinterBug) -- MS-EFSR abuse (PetitPotam) -- WebDAV abuse -- MS-FSRVP abuse (ShadowCoerce) -- MS-DFSNM abuse (DFSCoerce) -- Roasting the three-headed dog -- Kerberos 101 -- ASREQRoast -- KRB_AS_REP roasting (ASREPRoast) -- Kerberoasting
5058 |a Automatic password management in the domain -- LAPS -- gMSA -- NTDS secrets -- DCSync -- Dumping user credentials in clear text via DPAPI -- Summary -- References -- Further reading -- Chapter 5: Lateral Movement in Domain and Across Forests -- Technical requirements -- Usage of administration protocols in the domain -- PSRemoting and JEA -- RDP -- Other protocols with Impacket -- Relaying the hash -- Pass-the-whatever -- Pass-the-hash -- Pass-the-key and overpass-the-hash -- Pass-the-ticket -- Kerberos delegation -- Unconstrained delegation -- Resource-based constrained delegation
5058 |a Constrained delegation -- Bronze Bit attack aka CVE-2020-17049 -- Abusing trust for lateral movement -- Summary -- References -- Further reading -- Chapter 6: Domain Privilege Escalation -- Technical requirements -- Zero2Hero exploits -- MS14-068 -- Zerologon (CVE-2020-1472) -- PrintNightmare (CVE-2021-1675 & CVE-2021-34527) -- sAMAccountName Spoofing and noPac (CVE-2021-42278/CVE-2021-42287) -- RemotePotato0 -- ACL abuse -- Group -- Computer -- User -- DCSync -- Group Policy abuse -- Other privilege escalation vectors -- Built-in security groups -- DNSAdmins abuse (CVE-2021-40469)
520 |a Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerations Key Features Find out how to attack real-life Microsoft infrastructure Discover how to detect adversary activities and remediate your environment Apply the knowledge you've gained by working on hands-on exercises Purchase of the print or Kindle book includes a free PDF eBook Book Description This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities. You'll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You'll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You'll also learn how to move laterally by blending into the environment's traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you'll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM. By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company. What you will learn Understand and adopt the Microsoft infrastructure kill chain methodology Attack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL Server Disappear from the defender's eyesight by tampering with defensive capabilities Upskill yourself in offensive OpSec to stay under the radar Find out how to detect adversary activities in your Windows environment Get to grips with the steps needed to remediate misconfigurations Prepare yourself for real-life scenarios by getting hands-on experience with exercises Who this book is for This book is for pentesters and red teamers, security and IT engineers, as well as blue teamers and incident responders interested in Windows infrastructure security. The book is packed with practical examples, tooling, and attack-defense guidelines to help you assess and improve the security of your real-life environments. To get the most out of this book, you should have basic knowledge of Windows services and Active Directory.
5880 |a Print version record.
590 |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition
650 0|a Penetration testing (Computer security)|9 403748
650 0|a Microsoft software|x Testing.
650 0|a Computer security.|9 65527
77608|i Print version:|a Isakov, Denis.|t Pentesting Active Directory and Windows-Based Infrastructure.|b 1st edition.|d Birmingham : Packt Publishing, Limited, 2023|z 9781804618271
85640|u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781804611364/?ar|x O'Reilly|z eBook
938 |a ProQuest Ebook Central|b EBLB|n EBL30842254
938 |a EBSCOhost|b EBSC|n 3713282
994 |a 92|b VIA
999 |c 360029|d 360029