About the seminar

In this workshop the topic Active-Directory-Security will be examined very carefully. By now we know various attack scenarios (e.g. mimikatz) that aim for Credential-Thefting or Ransomware-Implementation. The goal of this workshop is to understand these kind of scenarios in order to be able to prevent them and to conduct an Active-Directory-Implementation that is resistant to these kinds of attacks on the one hand and hardened against future attacks on the other hand. Consider Active Directory as your „crown jewels“ – without Active Directory most company´s environments are productively paralyzed.
That is why it is wise to understand, to harden and to monitor so you can get a better night´s sleep.

Requirements

Participants should have an experience of at least five years with Active Directory and client systems.

Target group

The workshop is addressed to network administrators and security experts.

Training environment

The training is completely virtualized. Every participant has a computer with 128 GB RAM, two NVME-SSDs (throughput reading up to 3.500 MB/s, writing up to 2.300 MB/s) as well as an overall bandwith to the internet of 1 Gbit/s.

Every participant „builds“ his own environment with his trainer. Using the relevant hardware new systems are set up within seconds.

Agenda

  • Introduction and Best Practices for installation of domaine controllers
  • Homemade security issues in Active Directory
    • Understanding Kerberos
    • NTLM vs. Kerberos
    • SMB (versions, attack scenarios, secure application)
    • PAC-Validation and issues with the Microsoft-Implementation of Kerberos
    • PTH – Pass the Hash/Silver Ticket/Golden Ticket/Skeleton Key
  • Kerberos ticket service
    • Changing of Kerberos passwords
  • Prevention of Credential-Thefting
    • Attack secenarios (PTH – Pass the Hash/Silver Ticket/Golden Ticket/Skeleton Key)
    • Windows Defender Credential Guard, Windows Defender Remote Credential Guard BitLocker, Windows Defender Device Guard, AppLocker, Windows Defender Application Guard
  • Understanding concepts
    • Operating Tier-Modells
    • Red Forest/Golden Forest/Bastion Forests
    • Single-Domain-Modell highly secure
  • Clean-Installation-Source
    • Verification of Hash-Values of *.iso-files
    • Fciv.exe
    • PowerShell
    • 7zip und IgorHasher
  • Set up of the first domain controller
    • Understanding ms-ds-machineaccountquota
    • Application of redircmp for new computer systems
    • Application of redirusr for new users
    • BitLocker and TPM 1.2 vs. 2.0
    • BitLocker and Pre-Boot-Authentication
    • AppLocker
    • Monitoring (AD-Audit-Plus, CyberArk)
    • Secure Backup and Recovery von BitLocker-secured Backup-Volumes
    • Firewalling on domain controllers
    • Configurating IPSec with RDP
    • Hardening of domain controllers after Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft-Tools
  • Setup of more domain controllers
  • Securely operating domain controllers via IPSec
    • IPSec-Monitoring via MMC
  • Setup of PKI-Server as an intern Trusted-ROOT-CA
    • Activating automatic certificate deployment via group guidelines
    • Enrollement of non-standard-certificates
    • Hardening of PKI after Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft-Tools
  • Jump-Server and Priviliged Acccess Workstation (PAW) – understanding and implementing concepts
    • Setting up and configurating Jump-Server (RSAT-Installation, installing ADMIN-Center with a valid certificate of a Trusted-Root-PKI, BitLocker and TPM 1.2 vs. 2.0, BitLocker and Pre-Boot-Authentication, AppLocker, configurating IPSec with RDP, backup of Jump-Servers on BitLocker-secured Volumes, Firewalling on Jump-Servers)
    • Hardening of Jump-Servers after Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft-Tools
    • Setup and configuration of PAW (BitLocker and TPM 1.2 vs. 2.0, BitLocker and Pre-Boot- Authentication, AppLocker, configuration of IPSec and RDP, backup of PAWs on BitLocker-secured Volumes, Firewalling on PAWs)
    • Hardening of domain controllers after Center of Internet Security/gpPack& PaT/SIM/LDA/Microsoft-Tools
  • Security in domain networks
    • 802.1X with MAC-adresses/certificates
    • MAC-Flooding on Switch and turning off Hubbing-Modus
    • IPSec with Kerberos and certificates
  • Windows Defender Advanced Threat Protection (WDATP)
    • Understanding the concept of WDATP
    • Roll-out and monitoring of WDATP
    • WDATP on domain controllers/Jump-Servers and PAWs/Windows-10-Clients.