Attacking And Defending Active Directory: AD Pentesting

Overview of lab setup

• Create a virtual environment using tools like VirtualBox or VMware.
• Set up two or three virtual machines (VMs): one as the domain controller and others as client machines.
• Install Windows Server on the domain controller VM and promote it to an Active Directory (AD) Domain Controller (DC).
• Install the necessary roles and features for AD on the server, including DNS and DHCP if required.
• Join client VMs to the domain created by the domain controller.
• Configure user accounts and groups within the domain.

Necessary files for lab setup

• Download and install the Windows Server ISO (e.g., Windows Server 2019 or 2022).
• Obtain a legitimate copy of the operating system.
• Prepare a script or tool to automate the installation if necessary.

Domain controller installation and setup

• Install Windows Server on the VM.
• Promote the server to a domain controller using the dcpromo command or through Server Manager in later versions.
• Configure the domain name, DNS settings, and other AD-related configurations.

Windows client installation

• Install Windows 10 or Windows 11 on client VMs.
• Join these clients to the newly created domain using the Join-ADDomain PowerShell cmdlet or through System Properties in the Control Panel.

Domain Controller configuration

• Ensure that the domain controller is properly replicating with other DCs if you have a multi-DC setup.
• Configure proper security policies and ensure that all updates are applied.

Joining computers with domain controller

• Join additional VMs to the domain as needed for testing purposes.
• Ensure that these clients can authenticate with the domain controller and access resources within the domain.

Client machines configuration

• Configure client machines with necessary user accounts, permissions, and policies.
• Set up a variety of configurations to simulate different environments.

Powershell

• Learn how to use PowerShell for administrative tasks on both Domain Controllers as well as Client Machines.

Active Directory Services

• Explore and learn how to manage Active Directory services such as user account management, group policy management, and computer management within the Windows Server environment.

Windows Event Logs Management

• Learn how to review and manage the system's Windows Event Logs.

WMI (Windows Management Instrumentation) Usage

• Explore and learn how to leverage WMI for managing and configuring both Domain Controllers as well as Client Machines remotely and locally. Vivek Pandit, a well-known penetration tester, has structured the course in a logical sequence that starts with setting up a Windows Active Directory lab environment, and then gradually moves towards more advanced penetration testing techniques within an Active Directory environment. The course concludes with a bonus lecture to cover any additional topics or to provide further insights. Thank you for providing this detailed outline!