Attacks, Defense, Monitoring, and Investigation of the Active Directory (ADMI)

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 12 participants by default, or supported by an assistant instructor if the number of delegates exceeds 12. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

Module 1: Advanced Attack Techniques
1. Password based attacks
2. NTLM related attacks
3. Kerberos related attacks
4. NGC / Shadow credentials
5. AD objects privilege abuse
6. Active Directory domain and forest trust abuse
7. DPAPI related attacks
8. Other: DCSync, DCShadow, SDAdmin holder

Module 2: Monitoring and Defending AD
1. Auditing AD objects ACL’s
2. Advanced Events monitoring
3. Detection of IoC and IoA
4. Preventing lateral movement:
5. Hardening with GPO
6. Semi-automatic auditing

Module 3: Incident Response in AD
1. Preparation: Toolkits, resources, techniques, skills
2. Detection and analysis
3. Containment in AD environment
4. Eradication:
5. Recovery
6. Lesson learns and processing changes in AD environment

Module 4: Beyond Active Directory Directory Services
1. Beyond Active Directory Directory Services
2. AD Certification Services
3. AD Federation Services
 

• Security architects
• Active Directory administrators
• security administrators
• security auditors
• and other people responsible for implementing secure identity. 

• To attend this training, attendees should have a good hands-on experience with Active Directory Domain Services (AD DS) administration.