Announcement

Collapse
No announcement yet.

Attacking and Defending Active Directory from Pentester Academy - Bootcamp

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Attacking and Defending Active Directory from Pentester Academy - Bootcamp

    Currently taking the Attacking and Defending Active Directory Bootcamp. Man the pace is fast. They say no AD experience is needed.. but I think you would be lost without some basic understanding of AD. Its vary much a living off the land approach. No Kali. Just land on a "student machine" that is not a local admin. Priv esc on the machine, then attack the entire forrest from there. The machine comes pre-loaded with some basic PowerShell scripts to get you going. So far I like it. At the end you can take the test for the Certified Red Team Pro. This cert seem to be gaining some traction in the industry. Its OSCP style where you have 24 hours to take then 48 hours to write the report. The report also requires mitigations for all the attacks adding some additional requirements. This was week 1 so I will try to keep you posted.

    httpx[:]//bootcamps[.]pentesteracademy[.]com/
    Gh0sthax
    Principal Security Engineer

  • #2
    +1 to Gh0stHax's comments. So far I love this training but wouldn't point beginners to it. For a good overview of the course, the test and the pricing for everything, I got this link just today: https://mailchi.mp/pentesteracademy.com/redteamlabs.

    If you don't like links (and I can't blame you!) here's a summary screenshot:

    Click image for larger version

Name:	pentestad.png
Views:	227
Size:	128.9 KB
ID:	330
    Attached Files
    Brian Johnson
    7 Minute Security
    Podcaster | Security Consultant

    Comment


    • #3
      Also our friend k3nundrum might want to participate in this thread and share some (non-spoilery/non-get-you-in-trouble-y) thoughts on this cert path.
      Brian Johnson
      7 Minute Security
      Podcaster | Security Consultant

      Comment


      • #4
        I do find it interesting how much you learn about AD from an attackers perspective. I spent many years on the other side in defense and there is just so much about AD that never comes up unless you have testing like this. I really think that more Blue team folks should take classes like this. Even if they only use it for Defense.
        Gh0sthax
        Principal Security Engineer

        Comment


        • #5
          I can echo Gh0stHax on this one...could be considered beginner friendly if you wanted to get left in the dust....I would recommend beginners take the traditional CRTP course offering vs. the Bootcamp in order to allow for additional time to absorb the materials. If its your first time opening up PowerShell...you are gonna be playing catch up for quite a bit....if its not, and you are comfortable with Windows Administration or at least understand how it works then you should be fine and I would go with the BootCamp. It was fantastic....on all fronts.

          As far as the exam goes,...don't underestimate it..the lab guide and lectures have most of what you need inside them but techniques and such need to be applied in a different manner...e.g.) It won't be over-passing-the-hash from box to box dumping creds along your merry way like it is in the lab. You will have to really understand things and how to think on your feet when things you have grown accustomed to working suddenly do not. harder than the OSCP in my opinion and the advertisements that its a PWK/OSCP-lite are misguided. (Aside from price-point) It serves as a supplement to that type of methodology applied in a specific way to a specific environment...and without any OSCP trials and tribulatory experiences, I believe one would be very lost attempting to tackle the CRTP material and/or exam.

          I never realized how much I personally relied on linux tools (cme...impacket...responder etc...) and how limited my skills were using pure native Windows thingys to exploit AD. Its been an eyeopening and fun experience that I would totally recommend for others.
          OSCP

          Comment


          • #6
            ok my 4 weeks of the bootcamp are up. Lots of great topics covered each week. The 4th week covered mostly mitigations and detections for the issues or misconfigurations that we attacked. I have a about 1 week of lab time left. All of the sessions were recorded so they can be watched again. I hope this helps in preparation for the exam. Topics were explained pretty well but Nikhil does move pretty fast as he covers topics. I have been spending the last few week double checking my notes and trying multiple ways to exploit all that we have learned. For instance if we use PowerView I attempt the same thing with the native tools. I have also tried each of the .NET equivalent tools known as the Sharp version. SharpView.exe for example. The syntax is exactly the same as the PowerView so it makes it pretty easy to transition. Also if you are on Windows only there are .NET version of CrackMapExec as well (SharpMapExec.exe). I get the impression that the native AD tools or perhaps the .NET versions may be necessary for the exam. Not sure when I will schedule my exam attempt but I will post again when I have attempted. I still recommend the Bootcamp as the way to go for CRTP. Especially if you are a procrastinator like me.
            Gh0sthax
            Principal Security Engineer

            Comment


            • #7
              Great info Gh0stHax and k3nundrum. I think my plan at this point is to capture all the flags, rewatch all videos and redo all the exercises in the lab. I renewed my lab time yesterday as well. Gonna be a lot of work but I just didn't make the time I wanted each week to bang around in the labs before each live session, so I sort of need a do-over.

              Oh, and Joe and I talk about our experience (back when we were in week 3 of CRTP) here: https://7ms.us/7ms-448-certified-red...sional-part-3/.
              Brian Johnson
              7 Minute Security
              Podcaster | Security Consultant

              Comment


              • #8
                So I cleared the Exam last week and am official CRTP certified. It is a very challenging exam and took me two college try harders at it to pass. The bootcamp and related course materials prepare you somewhat for it...although figuring out how to apply those techniques in the exam environment as opposed to the course lab is definitely a challenge and most certainly NOT beginner friendly. Overall great course, great lab, great material, hard exam. But I guess becoming a Certified Red Team Professional shouldn't exactly be easy right? I am in the "Advanced" course now pursuing the CRTE(xpert) designation. If CRTP(rofessional) was "Beginner" I am quite terrified at this one....lol Will keep you all posted.
                OSCP

                Comment


                • #9
                  We have not got back to episode 4 yet.. but in the mean time. I can say that the first pass of the test was still way harder than I thought it would be. Meaning that I did not pass!! Even after k3nundrum said that it was hard. And he will still pretty fresh of the OSCP trail. Knowing something is hard and then knowing what to study are two different things. I expected it to be hard based on feedback. I thought I had studied the correct things.. but I was only able to get 3 of the 5 machines. I was so fried that by 11 PM I just called it. I started my test at 8AM that morning. I didn't think I had the brain power left to carry on. I am still not sure when I will attempt again. I am not a huge fan of the 24 hour test method. Try harder still makes me want to throw up a bit.. he he.. Stay tuned.
                  Gh0sthax
                  Principal Security Engineer

                  Comment


                  • #10
                    Yeah based on what you and k3nundrum said, I'm seriously considering just giving the test a go for one try and think of it as a "get the lay of the land" attempt - and NOT stay up 24 hours or anything like that. I'll aim to learn as much as I can, then do some more studying and come back with a second attempt to hopefully knock it out of the park.
                    Brian Johnson
                    7 Minute Security
                    Podcaster | Security Consultant

                    Comment


                    • #11
                      I took my CRTP this past Sunday, and at 1 a.m. this morning I got the good news that I passed! . We'll definitely do a episode 4 recap of everything, but wow...lots of thoughts spinning through my head. The biggest one probably being: I think there's a big gap between who this course is advertised for and the skills you really should bring to the table, and I think there's a big gap between what you master in the lab and what the exam puts you through.

                      Overall LOVED the course and exam, but I want to figure out a way to help people increase their chances of kicking the exam's butt without saying any spoilery or get-myself-in-trouble things.

                      First on the agenda, though? Sleep. LOTS of it this weekend.
                      Brian Johnson
                      7 Minute Security
                      Podcaster | Security Consultant

                      Comment


                      • #12
                        Well I am happy to report that I have passed my CRTP exam on the second attempt as well. I was on the 5th and final machine when I discovered that something was not right with one of the machines. I spent hours troubleshooting it. I was getting pretty bummed. I wanted to finish. I contacted support. And they were helpful but said. "That is fine.. just tell us what you would have done to exploit the last machine". That was not good enough for me. I was finally able to reach the instructor on Discord and he found that the last machine would not boot. He gave it the boot, and then all was happy. I was able to finish the last step in about 30 minutes. I had my report almost done by this time. In fact I had submitted it with 4 machines and what I would have done. I had so much time waiting to fix that issue I had time to write my report. I am partly bummed that I could have finished in like 8 hours or so. But in the end I had time to write my report and submit it before it was very late. But the time I woke up the next morning my report was already reviewed. They said I had PASSED!! YES.. On this attempt I also made good use of my lab time during the cooling off period. I feel like I learned the tools much better and now understand all of them. So I think it was worth it to get more lab time and take it a second time. Especially when I didn't have to stay up for the full 25 hours.
                        Gh0sthax
                        Principal Security Engineer

                        Comment

                        Working...
                        X