Pentesting Active Directory and Windows-based Infrastructure

eBook Details:

• Paperback: 360 pages
• Publisher: WOW! eBook (November 17, 2023)
• Language: English
• ISBN-10: 1804611360
• ISBN-13: 978-1804611364

eBook Description:

Pentesting Active Directory and Windows-based Infrastructure: Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerations

This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities.

You’ll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You’ll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You’ll also learn how to move laterally by blending into the environment’s traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you’ll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM.

• Understand and adopt the Microsoft infrastructure kill chain methodology
• Attack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL Server
• Disappear from the defender’s eyesight by tampering with defensive capabilities
• Upskill yourself in offensive OpSec to stay under the radar
• Find out how to detect adversary activities in your Windows environment
• Get to grips with the steps needed to remediate misconfigurations
• Prepare yourself for real-life scenarios by getting hands-on experience with exercises

By the end of this Pentesting Active Directory and Windows-based Infrastructure book, you’ll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company.