Detailed Course Outline
- Review of best practices for installing domain controllers from 20 years of experience as an ADDS senior consultant
- Homegrown security issues in Active Directory
- Understanding Kerberos
- NTLM vs. Kerberos
- SMB
- SMB versions
- Attack scenarios
- Secure use of SMB
- PAC_Validation and the problems with the Microsoft implementation of Kerberos – in detail
- PTH – Pass the Hash – including live attack with all participants
- Silver Ticket
- Golden Ticket
- Skeleton Key
- Kerberos Ticket Service
- Understanding Kerberos
- Change Kerberos passwords: Why and how…
- Changing Kerberos passwords: The silver bullet without failures
- Preventing credential theft – A DeepDive:
- Attack Scenario
- Pass-the-Hash
- Silver ticket
- GoldenTicket
- Skeleton-Key
- Prevent credential theft
- Configure Windows Defender Credential Guard
- Windows Defender Remote Credential Guard Bitlocker
- Deploy Windows Defender Device Guard
- Deploy AppLocker
- Deploy Windows Defender Application Guard
- Attack Scenario
- Understanding concepts:
- Operating Tier.models
- From Red-Forest, Golden-Forest and Bastion Forests
- Highly secure single-domain model
- Clean installation source
- Verify hash values of *.iso files
- Fciv.exe, Powershell, 7zip and IgorHasher
- Set up the first domain controller
- Understanding ms-ds-machineaccountquota
- Use redircmp for new computer systems
- Using redirusr for new users
- Bitlocker
- Bitlocker and TPM 1.2 vs. 2.0
- Bitlocker and PreBoot authentication
- AppLocker
- Monitoring
- AD-Audit-Plus
- CyberArk
- Secure backup and recovery of Bitlocker-protected backup volumes
- Firewalling on domain controllers
- Configuring IPSEC with RDP
- Hardening domain controllers according to
- Center of Internet Security
- gpPack& PaT
- SIM
- LDA
- Microsoft tools
- Setting up additional domain controllers
- Secure deployment of domain controllers, member servers and clients via MDT
- Highly secure installation and configuration of MDT
- Hardening of MDT servers
- Rolling out highly secure member servers and clients
- Operating domain controllers securely via IPSEC
- Configuring and using IPSEC
- IPSEC monitoring via MMC
- Set up PKI server as internal Trusted ROOT CA
- Configure PKI
- Enable automatic certificate deployment via group policies
- Enrolment of non-standard certificates
- Hardening the PKI according to
- Center of Internet Security
- gpPack& PaT
- SIM
- LDA
- Microsoft tools
- Jump Server and Privileged Access Workstation ( PAW ) – Understanding and implementing concepts
- Setting up and configuring jump servers
- RSAT installation
- Install ADMIN Center with valid certificate of a Trusted Root PKI
- Bitlocker
- Bitlocker and TPM 1.2 vs. 2.0
- Bitlocker and PreBoot authentication
- AppLocker
- Configuring IPSEC with RDP
- Backup of Jump servers to bitlocker-protected volumes
- Firewalling on JUMP servers
- Hardening the Jump server according to
- Center of Internet Security
- gpPack& PaT
- SIM
- LDA
- Microsoft tools
- Set up and configure PAW
- Bitlocker
- Bitlocker and TPM 1.2 vs. 2.0
- Bitlocker and PreBoot authentication
- AppLocker
- Configuring IPSEC and RDP
- Backup of PAWs to bitlocker-protected volumes
- Firewalling on PAWs
- Hardening the domain controllers according to
- Center of Internet Security
- gpPack& PaT
- SIM
- LDA
- Microsoft tools
- Setting up and configuring jump servers
- Security in domain networks
- 802.1X with
- MAC addresses
- Certificates
- MAC flooding on switches
- Switch off hubbing mode
- IPSEC with Kerberos and certificates
- 802.1X with
- Windows Defender Advanced Threat Protection ( WDATP )
- Understanding the concept of WDATP
- Roll out and monitor WDATP
- WDATP on domain controllers…
- WDATP on Jump Servers and PAWs
- WDATP on Windows 10 clients