2025-04-12 –, Training
Active Directory (AD) is OLD in tech years, but this 25-yr-old identity platform is still deployed all over. This course focuses on understanding AD to build foundational defenses against common attacks and misconfigurations. Through guided lectures, instructor demonstrations, and hands-on labs participants will explore key AD security components and best practices for hardening AD environments.
Even in today’s evolving cybersecurity landscape, identity is still one of the most important pillars. Active Directory (AD) may be 25 years old, but it’s still a workhorse in the identity realm and a critical asset in most organizations that are not cloud-first. Despite its critical nature, AD doesn’t seem to get a lot of love in cybersecurity education. When students at conferences ask us what we do and our reply is “Active Directory Security”, a lot of eyes glaze over. No matter how diligently Microsoft encourages organizations to ditch AD for their paid cloud offerings, there are still plenty of Active Directory forests out there that need to be secured. Active Directory Security 101 is an 8-hour hands-on training course designed for technology practitioners and cybersecurity professionals to understand actionable ways to defend Active Directory.
Students will gain practical knowledge and experience in discovering AD misconfigurations, understanding AD misconfigurations, remediating AD misconfigurations, and configuring AD defenses.
Key Learning Objectives:
• Understand Active Directory architecture and identify security risks associated with common misconfigurations.
• Explore tools like AD Explorer, BloodHound, and PowerShell to identify weaknesses in AD environments.
• Learn about common AD attacks such as Kerberoasting, Pass-the-Hash, and DCSync and apply effective mitigations against them.
• Configure and utilize AD scanning and monitoring tools to proactively detect and address vulnerabilities.
• Leverage built-in Active Directory auditing and event logging to enhance detection and response capabilities.
Jim was doing systems administration & testing security boundaries before Microsoft Windows existed. He enjoys improving environments to create lonely places for adversaries, in-depth research, allowing curiosity to dig deep into security rabbit holes, and the great outdoors. At SpecterOps, Jim does security research with a focus on Microsoft Identity platforms and the ecosystems they support.
Darryl G. Baker is a security consultant at Trimarc Security, where he conducts in-depth security assessments against Active Directory and Entra ID. He is also the Principal Instructor for all Trimarc Attack and Defense courses. He has developed multiple tools and scripts,as well as written whitepapers on Active Directory security. When he is not presenting at conferences, he enjoys radio engineering. Find him on the 12m band!