๐งช Active Directory Security Lab
Comprehensive hands-on exercises covering AD enumeration, exploitation, and defense techniques
Build/Run This Lab with GOAD
GOAD provides a ready-to-use, vulnerable AD environment ideal for these exercises.
๐ Lab Overview
This comprehensive lab environment provides hands-on experience with Active Directory security assessment, exploitation techniques, and defense implementation. You'll work through real-world scenarios that security professionals encounter daily.
6
Hands-on Exercises
25+
Attack Techniques
30+
Defense Strategies
15+
Security Tools
๐ฏ Learning Objectives
By completing this lab, you will be able to:
- Master Active Directory enumeration and reconnaissance techniques
- Execute advanced Kerberos authentication attacks
- Implement Golden and Silver ticket attack methodologies
- Perform Kerberoasting and AS-REP roasting attacks
- Exploit delegation vulnerabilities and S4U attacks
- Deploy comprehensive Active Directory defense mechanisms
- Analyze attack artifacts and implement detection strategies
- Conduct thorough Active Directory security assessments
๐ง Lab Environment Requirements
๐ป System Requirements
Minimum Specifications:
- RAM: 16GB (32GB recommended)
- Storage: 200GB free space
- CPU: 8 cores (16 cores recommended)
- Network: Stable internet connection
- OS: Windows 10/11 or Linux with virtualization support
๐ง Software Requirements
Required Software:
- Virtualization: VMware Workstation Pro or VirtualBox
- Windows VMs: Windows Server 2019/2022, Windows 10/11
- Attack Tools: Mimikatz, Rubeus, BloodHound, Impacket
- Analysis Tools: Wireshark, Process Monitor, Sysinternals
- Defense Tools: Windows Defender ATP, Sysmon, PowerShell
๐ Network Configuration
Network Setup:
- Domain Controller: Windows Server 2019/2022
- Workstations: Windows 10/11 clients
- Services: SQL Server, IIS, File Server
- Network: Isolated lab network (192.168.100.0/24)
- DNS: Internal DNS resolution
๐งช Lab Exercises
๐ Exercise 1: Active Directory Enumeration
90 minutes IntermediateObjective:
Master comprehensive Active Directory enumeration techniques and identify potential attack vectors.
Tasks:
- Domain enumeration and information gathering
- User and group enumeration
- Computer and service account discovery
- Group Policy enumeration and analysis
- SPN enumeration and service discovery
- Trust relationship analysis
Tools Used:
- PowerShell Active Directory cmdlets
- BloodHound for graph analysis
- LDAP enumeration tools
- Network scanning utilities
Deliverables:
- Domain enumeration report
- High-value target identification
- Attack path analysis
- Vulnerability assessment
๐ Exercise 2: Kerberos Authentication Attacks
120 minutes AdvancedObjective:
Execute advanced Kerberos authentication attacks including Golden and Silver ticket exploitation.
Tasks:
- KRBTGT account compromise simulation
- Golden ticket creation and usage
- Silver ticket attack implementation
- Service account exploitation
- Ticket persistence mechanisms
- Attack detection and analysis
Tools Used:
- Mimikatz for ticket manipulation
- Rubeus for modern Kerberos attacks
- Impacket for cross-platform attacks
- Wireshark for traffic analysis
Deliverables:
- Golden ticket attack demonstration
- Silver ticket attack demonstration
- Traffic analysis report
- Detection mechanism implementation
๐ฅ Exercise 3: Kerberoasting & AS-REP Roasting
105 minutes AdvancedObjective:
Master credential harvesting techniques through Kerberoasting and AS-REP roasting attacks.
Tasks:
- Service account enumeration and targeting
- Kerberoasting attack execution
- AS-REP roasting against vulnerable accounts
- Hash extraction and formatting
- Password cracking strategies
- Credential reuse and lateral movement
Tools Used:
- Rubeus for Kerberoasting
- Impacket GetUserSPNs
- Hashcat for password cracking
- John the Ripper for hash analysis
Deliverables:
- Kerberoasting attack report
- AS-REP roasting demonstration
- Cracked password analysis
- Lateral movement documentation
๐ Exercise 4: Delegation Abuse & S4U Attacks
135 minutes ExpertObjective:
Exploit Kerberos delegation vulnerabilities and implement S4U attack techniques.
Tasks:
- Delegation configuration enumeration
- Unconstrained delegation exploitation
- Constrained delegation abuse
- S4U2Self and S4U2Proxy attacks
- Resource-based constrained delegation abuse
- Delegation attack detection
Tools Used:
- Rubeus for S4U attacks
- BloodHound for delegation analysis
- PowerShell for delegation enumeration
- Mimikatz for advanced techniques
Deliverables:
- Delegation enumeration report
- S4U attack demonstrations
- RBCD abuse documentation
- Detection mechanism implementation
๐ก๏ธ Exercise 5: Active Directory Defense Implementation
150 minutes AdvancedObjective:
Implement comprehensive Active Directory security controls and monitoring mechanisms.
Tasks:
- Authentication hardening implementation
- Kerberos security configuration
- Delegation security controls
- Monitoring and alerting setup
- Incident response procedures
- Security assessment validation
Tools Used:
- Windows Defender ATP
- Sysmon for system monitoring
- PowerShell for automation
- Group Policy for configuration
Deliverables:
- Security control implementation
- Monitoring configuration
- Incident response plan
- Security assessment report
๐ฌ Exercise 6: Advanced Attack Simulation
180 minutes ExpertObjective:
Execute comprehensive attack simulation combining multiple techniques for complete domain compromise.
Tasks:
- Multi-stage attack chain execution
- Lateral movement techniques
- Privilege escalation strategies
- Persistence mechanism deployment
- Data exfiltration simulation
- Attack detection and response
Tools Used:
- Complete attack toolkit
- BloodHound for path analysis
- CrackMapExec for lateral movement
- Custom attack scripts
Deliverables:
- Complete attack simulation
- Domain compromise documentation
- Detection evasion techniques
- Comprehensive security report
๐ Validation Framework
Built-in Assessment System
Each exercise includes comprehensive validation mechanisms to ensure proper understanding and skill development.
โ Technical Validation
Automated Checks:
- Command execution verification
- Output analysis and validation
- Tool usage confirmation
- Result accuracy assessment
๐ Skill Assessment
Competency Evaluation:
- Technical proficiency measurement
- Problem-solving capability
- Tool mastery assessment
- Security understanding evaluation
๐ฏ Progress Tracking
Learning Analytics:
- Exercise completion tracking
- Time-to-completion analysis
- Error pattern identification
- Skill development monitoring
๐ Certification Path
Achievement Recognition:
- Exercise completion certificates
- Skill badge awards
- Progress milestone recognition
- Expertise level advancement
๐ ๏ธ Essential Tools & Resources
๐ฏ Attack Tools
- Mimikatz - Credential extraction and Kerberos attacks
- Rubeus - C# Kerberos attack toolkit
- BloodHound - Active Directory attack path analysis
- Impacket - Python network protocols
- CrackMapExec - Post-exploitation framework
๐ Analysis Tools
- Wireshark - Network protocol analyzer
- Sysinternals - Windows system utilities
- Impacket - Network protocol analysis
- PowerSploit - PowerShell attack toolkit
- Kerbrute - Kerberos brute force tool
๐ก๏ธ Defense Tools
- Sysmon - System activity monitoring
- Windows Defender ATP - Advanced threat protection
- Attack Surface Analyzer - Security configuration analysis
- Azure Sentinel - SIEM and security analytics
- Defender ATP Hunting - Threat hunting queries