1
00:00:01,340 --> 00:00:04,670
Welcome to the last video in the Active Directory section.

2
00:00:04,820 --> 00:00:07,490
So we have been through quite the ride.

3
00:00:07,490 --> 00:00:12,380
We have built out a lab and we've attacked it in so many different ways.

4
00:00:12,470 --> 00:00:19,640
We've learned about eleven and poisoning SMB relay attacks man the middle six attacks curb crossing

5
00:00:19,670 --> 00:00:28,730
pass the hash pass the password and token impersonation GBP si password attacks dumping the LSA we've

6
00:00:28,730 --> 00:00:34,700
gone through all kinds of different fun attacks and hopefully you've learned a lot out of this.

7
00:00:34,730 --> 00:00:38,900
This is the bread and butter of pen testing especially on the network side.

8
00:00:38,900 --> 00:00:44,180
So many courses go into the basics and how to enumerate and attack.

9
00:00:44,210 --> 00:00:46,580
And it really just feels like an external.

10
00:00:46,610 --> 00:00:48,010
It feels like a CTF.

11
00:00:48,080 --> 00:00:53,030
This really is where the bread and butter is and it's where the money's made.

12
00:00:53,030 --> 00:00:58,490
So I wanted to provide a few more resources that I think can help you out if you really want to dive

13
00:00:58,550 --> 00:01:05,150
into Active Directory and get more depth if you want to go into some of those attacks I talked about

14
00:01:05,360 --> 00:01:11,570
or just learn you know more things that are out there active directory goes very very deep and can get

15
00:01:11,570 --> 00:01:17,090
very complex not to make it scary but there's just some really intelligent people out there and a lot

16
00:01:17,090 --> 00:01:18,800
of this stuff is way over my head.

17
00:01:18,800 --> 00:01:25,430
By the way but just you know take these articles go out there read about it and just be the best you

18
00:01:25,430 --> 00:01:28,280
that you can be when it comes to Active Directory.

19
00:01:28,280 --> 00:01:37,310
So one of the best sites out there is a D Security dot org here and this is ran by a guy named Sean

20
00:01:37,370 --> 00:01:41,600
Metcalf and you could see there's all different types of blog posts here.

21
00:01:41,600 --> 00:01:48,920
You have 80 resources attack defense and detection Mimi cats all different kinds of information you

22
00:01:48,920 --> 00:01:52,730
can just scroll through here and see what he's posted.

23
00:01:52,730 --> 00:02:00,920
So from January 1st 2016 and just so forth I mean there's so much information here on this page.

24
00:02:00,920 --> 00:02:02,240
It's amazing.

25
00:02:02,270 --> 00:02:06,890
And look they've already got Windows Server 20 19 Active Directory.

26
00:02:07,250 --> 00:02:08,090
It's just amazing.

27
00:02:08,090 --> 00:02:09,680
The site's amazing.

28
00:02:09,770 --> 00:02:14,780
Another guy that should be mentioned is a gentleman named harm Joy.

29
00:02:14,900 --> 00:02:21,890
So his real name is Wil Schroeder and he works for a company called Spectre ops spectre ops is one of

30
00:02:21,890 --> 00:02:25,540
the best pen testing companies in the country.

31
00:02:25,540 --> 00:02:36,440
They are red team gurus and harm makes a lot of tools out there when it comes to active directive pen

32
00:02:36,440 --> 00:02:40,240
testing this guy is one of the top in in the game.

33
00:02:40,270 --> 00:02:41,250
OK.

34
00:02:41,420 --> 00:02:43,100
Worth reading his blog.

35
00:02:43,100 --> 00:02:48,940
Sometimes they take quite a few reads over and over to actually be able to understand.

36
00:02:49,070 --> 00:02:55,400
But if there's somebody that's an expert in actor Active Directory pen testing it's definitely arm Joy.

37
00:02:56,180 --> 00:03:00,960
So on top of this maybe you're a certification person or a course person.

38
00:03:01,010 --> 00:03:03,500
There are some courses out there that do focus on this.

39
00:03:03,530 --> 00:03:05,220
These costs quite a bit of money.

40
00:03:05,250 --> 00:03:08,430
I'm not a representative of any of these places.

41
00:03:08,480 --> 00:03:12,280
I'm just going to tell you about them and let you decide on your own.

42
00:03:12,620 --> 00:03:19,020
So pen test your academy has two courses one is called attacking and defending Active Directory.

43
00:03:19,070 --> 00:03:24,530
It comes with a lot about what you learned here but it also does go above and beyond in the sense that

44
00:03:24,530 --> 00:03:30,100
it has child domains and it has a forest root here that you have to compromise.

45
00:03:30,110 --> 00:03:33,230
So there's kind of a parent child situation going on.

46
00:03:33,380 --> 00:03:40,010
You learn a little bit more about those types of attacks and trust attacks and ways to abuse these different

47
00:03:40,010 --> 00:03:41,030
forests.

48
00:03:41,060 --> 00:03:42,620
So that's a really neat.

49
00:03:42,620 --> 00:03:49,700
And it's just above and beyond where you're at now and the pricing I'm not even sure to forty nine is

50
00:03:49,700 --> 00:03:50,790
what they're doing right now.

51
00:03:50,790 --> 00:03:57,720
So you know this price varies depending on but at least 30 days in the labs is probably a good idea.

52
00:03:57,830 --> 00:04:08,420
Now if you are past that if you want to learn more attacks and you just really love Active Directory.

53
00:04:08,750 --> 00:04:12,230
Well again they have a second course called Red Team labs.

54
00:04:12,230 --> 00:04:18,620
I believe this is a little bit more expensive but it is a fully patched network and kind of like where

55
00:04:18,620 --> 00:04:23,610
we're at you know fully patched network and we just abuse features.

56
00:04:23,720 --> 00:04:27,650
And here it's three thirty nine for a 30 day lab access.

57
00:04:27,650 --> 00:04:34,750
But I again think that these courses will teach you you know above and beyond what you're learning here.

58
00:04:35,000 --> 00:04:38,870
The last one is this P.T. X from e learned security.

59
00:04:38,960 --> 00:04:45,310
Now this course will teach you quite a bit about what you've learned here.

60
00:04:45,320 --> 00:04:50,140
Some more advanced topics as well advanced social engineering is in here.

61
00:04:50,240 --> 00:04:52,330
They've got red teaming exchange.

62
00:04:52,340 --> 00:04:59,420
So talking about e-mails and W. says talking about like Windows Update service there's quite a bit in

63
00:04:59,420 --> 00:05:03,640
here in it's really really good stuff.

64
00:05:03,660 --> 00:05:08,730
I have the certification and the certification exam was probably one of the hardest exams I've ever

65
00:05:08,730 --> 00:05:14,960
taken out of any certification so I really do like this course as well.

66
00:05:14,970 --> 00:05:17,190
But this course is very pricey.

67
00:05:17,190 --> 00:05:21,520
I believe it's it could be upwards of two grand.

68
00:05:21,540 --> 00:05:24,480
So keep that in mind as well.

69
00:05:24,480 --> 00:05:29,790
It looks like there is potentially a new course coming out for this here in the future too.

70
00:05:29,790 --> 00:05:32,760
So there's a lot of options out there.

71
00:05:32,760 --> 00:05:38,370
Again we scratch the surface but we scratch the surface in a way that you will be able to go into a

72
00:05:38,370 --> 00:05:44,310
job interview and if you can talk about all the topics that we we have mentioned in this course you're

73
00:05:44,310 --> 00:05:45,510
going to be OK.

74
00:05:45,510 --> 00:05:46,860
You're going to be more than OK.

75
00:05:46,860 --> 00:05:51,660
You going to be ahead of most people that I interview when it comes to job interviews.

76
00:05:51,660 --> 00:05:55,000
So please do keep that in mind.

77
00:05:55,020 --> 00:05:57,000
So from here this is it.

78
00:05:57,000 --> 00:05:58,410
I'm so happy.

79
00:05:58,410 --> 00:05:59,870
We're going to move on.

80
00:05:59,910 --> 00:06:04,110
We're going to cover a little bit more about the network side in the morning to get into the web app

81
00:06:04,170 --> 00:06:06,520
and wireless pen testing sections.

82
00:06:06,540 --> 00:06:11,560
We've got legal documentation import writing after that some career advice and then we're done.

83
00:06:11,580 --> 00:06:16,320
So it's been it's been a journey and we're getting more than halfway through now.

84
00:06:16,320 --> 00:06:18,390
I would say we're probably close to 75 percent.

85
00:06:18,390 --> 00:06:23,160
So I look forward to seeing you in the next section and continuing to learn with you.