Announcement

Collapse
No announcement yet.

Attacking and Defending Active Directory from Pentester Academy - Bootcamp

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Attacking and Defending Active Directory from Pentester Academy - Bootcamp

    Currently taking the Attacking and Defending Active Directory Bootcamp. Man the pace is fast. They say no AD experience is needed.. but I think you would be lost without some basic understanding of AD. Its vary much a living off the land approach. No Kali. Just land on a "student machine" that is not a local admin. Priv esc on the machine, then attack the entire forrest from there. The machine comes pre-loaded with some basic PowerShell scripts to get you going. So far I like it. At the end you can take the test for the Certified Red Team Pro. This cert seem to be gaining some traction in the industry. Its OSCP style where you have 24 hours to take then 48 hours to write the report. The report also requires mitigations for all the attacks adding some additional requirements. This was week 1 so I will try to keep you posted.

    httpx[:]//bootcamps[.]pentesteracademy[.]com/
    Gh0sthax
    Principal Security Engineer

  • #2
    +1 to Gh0stHax's comments. So far I love this training but wouldn't point beginners to it. For a good overview of the course, the test and the pricing for everything, I got this link just today: https://mailchi.mp/pentesteracademy.com/redteamlabs.

    If you don't like links (and I can't blame you!) here's a summary screenshot:

    Click image for larger version

Name:	pentestad.png
Views:	68
Size:	128.9 KB
ID:	330
    Attached Files
    Brian Johnson
    7 Minute Security
    Podcaster | Security Consultant

    Comment


    • #3
      Also our friend k3nundrum might want to participate in this thread and share some (non-spoilery/non-get-you-in-trouble-y) thoughts on this cert path.
      Brian Johnson
      7 Minute Security
      Podcaster | Security Consultant

      Comment


      • #4
        I do find it interesting how much you learn about AD from an attackers perspective. I spent many years on the other side in defense and there is just so much about AD that never comes up unless you have testing like this. I really think that more Blue team folks should take classes like this. Even if they only use it for Defense.
        Gh0sthax
        Principal Security Engineer

        Comment


        • #5
          I can echo Gh0stHax on this one...could be considered beginner friendly if you wanted to get left in the dust....I would recommend beginners take the traditional CRTP course offering vs. the Bootcamp in order to allow for additional time to absorb the materials. If its your first time opening up PowerShell...you are gonna be playing catch up for quite a bit....if its not, and you are comfortable with Windows Administration or at least understand how it works then you should be fine and I would go with the BootCamp. It was fantastic....on all fronts.

          As far as the exam goes,...don't underestimate it..the lab guide and lectures have most of what you need inside them but techniques and such need to be applied in a different manner...e.g.) It won't be over-passing-the-hash from box to box dumping creds along your merry way like it is in the lab. You will have to really understand things and how to think on your feet when things you have grown accustomed to working suddenly do not. harder than the OSCP in my opinion and the advertisements that its a PWK/OSCP-lite are misguided. (Aside from price-point) It serves as a supplement to that type of methodology applied in a specific way to a specific environment...and without any OSCP trials and tribulatory experiences, I believe one would be very lost attempting to tackle the CRTP material and/or exam.

          I never realized how much I personally relied on linux tools (cme...impacket...responder etc...) and how limited my skills were using pure native Windows thingys to exploit AD. Its been an eyeopening and fun experience that I would totally recommend for others.
          OSCP

          Comment


          • #6
            ok my 4 weeks of the bootcamp are up. Lots of great topics covered each week. The 4th week covered mostly mitigations and detections for the issues or misconfigurations that we attacked. I have a about 1 week of lab time left. All of the sessions were recorded so they can be watched again. I hope this helps in preparation for the exam. Topics were explained pretty well but Nikhil does move pretty fast as he covers topics. I have been spending the last few week double checking my notes and trying multiple ways to exploit all that we have learned. For instance if we use PowerView I attempt the same thing with the native tools. I have also tried each of the .NET equivalent tools known as the Sharp version. SharpView.exe for example. The syntax is exactly the same as the PowerView so it makes it pretty easy to transition. Also if you are on Windows only there are .NET version of CrackMapExec as well (SharpMapExec.exe). I get the impression that the native AD tools or perhaps the .NET versions may be necessary for the exam. Not sure when I will schedule my exam attempt but I will post again when I have attempted. I still recommend the Bootcamp as the way to go for CRTP. Especially if you are a procrastinator like me.
            Gh0sthax
            Principal Security Engineer

            Comment


            • #7
              Great info Gh0stHax and k3nundrum. I think my plan at this point is to capture all the flags, rewatch all videos and redo all the exercises in the lab. I renewed my lab time yesterday as well. Gonna be a lot of work but I just didn't make the time I wanted each week to bang around in the labs before each live session, so I sort of need a do-over.

              Oh, and Joe and I talk about our experience (back when we were in week 3 of CRTP) here: https://7ms.us/7ms-448-certified-red...sional-part-3/.
              Brian Johnson
              7 Minute Security
              Podcaster | Security Consultant

              Comment


              • #8
                So I cleared the Exam last week and am official CRTP certified. It is a very challenging exam and took me two college try harders at it to pass. The bootcamp and related course materials prepare you somewhat for it...although figuring out how to apply those techniques in the exam environment as opposed to the course lab is definitely a challenge and most certainly NOT beginner friendly. Overall great course, great lab, great material, hard exam. But I guess becoming a Certified Red Team Professional shouldn't exactly be easy right? I am in the "Advanced" course now pursuing the CRTE(xpert) designation. If CRTP(rofessional) was "Beginner" I am quite terrified at this one....lol Will keep you all posted.
                OSCP

                Comment


                • #9
                  We have not got back to episode 4 yet.. but in the mean time. I can say that the first pass of the test was still way harder than I thought it would be. Meaning that I did not pass!! Even after k3nundrum said that it was hard. And he will still pretty fresh of the OSCP trail. Knowing something is hard and then knowing what to study are two different things. I expected it to be hard based on feedback. I thought I had studied the correct things.. but I was only able to get 3 of the 5 machines. I was so fried that by 11 PM I just called it. I started my test at 8AM that morning. I didn't think I had the brain power left to carry on. I am still not sure when I will attempt again. I am not a huge fan of the 24 hour test method. Try harder still makes me want to throw up a bit.. he he.. Stay tuned.
                  Gh0sthax
                  Principal Security Engineer

                  Comment


                  • #10
                    Yeah based on what you and k3nundrum said, I'm seriously considering just giving the test a go for one try and think of it as a "get the lay of the land" attempt - and NOT stay up 24 hours or anything like that. I'll aim to learn as much as I can, then do some more studying and come back with a second attempt to hopefully knock it out of the park.
                    Brian Johnson
                    7 Minute Security
                    Podcaster | Security Consultant

                    Comment

                    Working...
                    X