Overview
This course aims to teach learners how to identify and defend against security threats related to Microsoft's Active Directory Certificate Services (AD CS). The course covers topics such as requesting certificates, client authentication, malicious certificate enrollments, escalation scenarios, certificate templates, NTLM relay, defense strategies, auditing, incident response, and more. The intended audience for this course includes cybersecurity professionals, IT administrators, and anyone interested in securing Active Directory environments. The teaching method involves a presentation by industry experts, providing insights, strategies, and practical guidance on securing AD CS.
Syllabus
Introduction
Agenda
Background
Request a Certificate
Certificate Template
Client Authentication
Subject Alternative Name
Authentication to Active Directory
malicious certificate enrollments
Certify
Defenses
Escalation scenarios
Certificate templates
NTLM relay
How to protect
How to audit
Audit the NT auth certificates object
Golden certificates
Hunting techniques
Highlevel architecture guidance
Incident response
Taught by
Black Hat