๐ข Module 1: Active Directory Fundamentals
Build a solid foundation in Active Directory architecture, protocols, and basic enumeration techniques
๐งช Build Your Lab with GOAD
Stand up a vulnerable AD lab to practice fundamentals hands-on.
๐ Learning Objectives
By the end of this module, you will be able to:
- Understand Active Directory architecture and components
- Master LDAP protocol fundamentals and operations
- Comprehend Kerberos authentication flow and security
- Perform basic Active Directory enumeration
- Identify common AD security vulnerabilities
- Set up a lab environment for AD security testing
๐ Module Prerequisites
Required Knowledge
- Basic understanding of Windows operating system
- Familiarity with networking concepts (TCP/IP, DNS)
- Basic knowledge of authentication protocols
- Understanding of client-server architecture
๐ฏ Module Lessons
1
Active Directory Architecture
Understanding the core components and structure of Active Directory
Key Topics:
- Domain Controller Roles and Functions
- Forest, Domain, and Organizational Units
- Global Catalog and Schema
- Trust Relationships
- Active Directory Database (NTDS.dit)
2
LDAP Protocol Deep Dive
Master LDAP operations, queries, and security implications
Key Topics:
- LDAP Protocol Fundamentals
- Distinguished Names (DN) and Attributes
- LDAP Operations (Search, Bind, Modify)
- LDAP Injection Attacks
- Anonymous LDAP Access
๐ Resources:
3
Kerberos Authentication
Understanding Kerberos protocol, tickets, and authentication flow
Key Topics:
- Kerberos Protocol Overview
- Authentication Flow (AS-REQ, TGS-REQ)
- Ticket Granting Service (TGS)
- Service Principal Names (SPN)
- Kerberos Security Considerations
๐ Resources:
4
Basic Enumeration Techniques
Learn fundamental Active Directory enumeration methods and tools
Key Topics:
- Domain Information Gathering
- User and Computer Enumeration
- Group Membership Analysis
- Service and SPN Enumeration
- Trust Relationship Discovery
๐งช Hands-On Labs
Lab 1: Active Directory Environment Setup
Objective: Set up a complete Active Directory lab environment for security testing
Duration: 120 minutes
Intermediate
- Install and configure Domain Controller
- Create organizational units and users
- Set up service accounts and SPNs
- Configure trust relationships
- Install and configure client machines
๐ External Resources:
Lab 2: Basic AD Enumeration
Objective: Practice fundamental Active Directory enumeration techniques
Duration: 90 minutes
Intermediate
- Enumerate domain information using PowerView
- Perform LDAP queries for user and computer data
- Analyze group memberships and privileges
- Discover service principal names (SPNs)
- Document enumeration results
๐ External Resources:
๐ Module Assessment
Final Module Assessment
Test your understanding of Active Directory Fundamentals with our comprehensive assessment.
25 Questions
45 minutes
75% to pass
Topics Covered:
- Active Directory Architecture
- LDAP Protocol Fundamentals
- Kerberos Authentication
- Basic Enumeration Techniques
๐ Related Resources
Official Documentation
Tools & Libraries
- PowerSploit - PowerShell AD tools
- Impacket - Python AD protocols
- ldap3 - Python LDAP library
Research & Learning
- Harmj0y's Blog - AD security research
- SpecterOps Blog - Advanced AD attacks
- MITRE ATT&CK - AD attack techniques
Lab Environments
- TryHackMe - AD security rooms
- Hack The Box - Advanced AD labs
- VulnHub - Vulnerable AD machines