Master Class: Securing Active Directory Deep Dive

Master Class: Securing Active Directory Deep DiveSADDD-L1MTMaster ClassMT-SADDD-L11.0In this master class course, the topic of Active Directory security is taken centrally into focus - in the meantime, various attack scenarios are known, which were used, for example, in the Bundestag hack ( mimikatz et.al. ). These valid attack scenarios are aimed at credential theft or ransomware implementation (e.g. at the logistics company Maersk with an estimated damage of 300 million euros). The goal of this workshop is to understand these scenarios so that you can prevent them and implement an Active Directory implementation that resists these attacks and is hardened against future attacks. The Active Directory are your "crown jewels" - without Active Directory, most corporate environments are completely crippled productively. That's why: Understand, harden and monitor so you can sleep better.At least 5 years of experience with Active Directory and client systems.This course is designed for experienced system administrators, consultants and Active Directory designers. After this seminar, you will be able to design, implement and consult on highly secure Active Directory.In this DeepDive workshop, you will learn how to implement, configure and operate Active Directory environments in a highly secure manner. The Active Directory is "getting on in years". Especially from a security point of view, an Active Directory should NEVER be operated in the standard. Attack scenarios such as Pass-the-Hash, Silver-Ticket, Golden-Ticket or even Skeleton-Key are common ways of attackers who can attack the Active Directory and thus the users and administrators and take over the identities. Last but not least, the hack of the Bundestag with the help of mimikatz and others has shown the vulnerability of the Active Directory. In this Master Class course, the attack scenarios on the Active Directory are first deeply examined and also carried out. With the knowledge gained from this, the Active Directory is now fundamentally hardened. This applies to existing installations, which should first be analyzed in depth, as well as new implementations, which are then completely hardened in order to be considered attack-proof in the future. The knowledge for this course was acquired in over 20 years of Active Directory experience, as well as in years of training by Paula Januszkiewicz and Sami Laiho, both world leaders in the field of security. This course further incorporates the experience of over 50+ Active Directory concepts written by the instructor over his last 15 years - from SMB to enterprise level with 375,000 users. The topic of security is also being looked at in the direction of the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. We promise: Our best know-how for you and your daily work from our most experienced trainers and consultants. <h4>Training Environment:</h4> In the training environment, we work entirely with Hyper-V. For the proactive setup of the training environment, we use a Powershell script with which you can create new virtual machines in seconds. The script was developed by your trainer himself and enables the training setup according to the customer's wishes in extreme speed with little effort. <h4>Hardware:</h4> Each participant has a dedicated server in a data center with a total of 1 Gbit connection to the Internet. Each participant server is equipped as follows: <ul> <li>128 GB RAM</li><li>at least 20 vCores</li><li>2 NVME-SSDs with at least 3,000 MB/s writing and at least 2,000 MB/s reading</li><li>1 Gbit to the Internet Total bandwidth</li></ul><h4>Your trainer</h4>The Advanced Master Class was developed by Andy Wendel and is delivered by himself and his experienced team. Andy Wendel is a Senior Data Center and Cloud Architect and Certified Security Master Specialization Advanced Windows Security. He was and is trained by the internationally renowned security experts <a class="cms-href-ext" href="http://cqure.pl/paula-januszkiewicz/" data-cms-evt-click="Outbound Links;click;http://cqure.pl/paula-januszkiewicz/">Paula Januszkiewicz</a> and <a class="cms-href-ext" href="https://www.samilaiho.com/?/" data-cms-evt-click="Outbound Links;click;https://www.samilaiho.com/?/">Sami Laiho</a>. This certification is renewed every year. Andy Wendel has been working as an IT trainer and consultant since the late 1990s and is also a Certified Microsoft Learning Consultant (MCLC). Worldwide, Microsoft has only awarded 56 Certified Learning Consultants.<ul> <li>Review of best practices for installing domain controllers from 20 years of experience as an ADDS senior consultant</li><li>Homegrown security issues in Active Directory <ul> <li>Understanding Kerberos</li><li>NTLM vs. Kerberos</li></ul></li><li>SMB <ul> <li>SMB versions</li><li>Attack scenarios</li><li>Secure use of SMB</li></ul></li><li>PAC_Validation and the problems with the Microsoft implementation of Kerberos – in detail</li><li>PTH – Pass the Hash – including live attack with all participants</li><li>Silver Ticket</li><li>Golden Ticket</li><li>Skeleton Key</li><li>Kerberos Ticket Service <ul> <li>Understanding Kerberos</li><li>Change Kerberos passwords: Why and how…</li><li>Changing Kerberos passwords: The silver bullet without failures</li></ul></li><li>Preventing credential theft – A DeepDive: <ul> <li>Attack Scenario <ul> <li>Pass-the-Hash</li><li>Silver ticket</li><li>GoldenTicket</li><li>Skeleton-Key</li></ul></li><li>Prevent credential theft <ul> <li>Configure Windows Defender Credential Guard</li><li>Windows Defender Remote Credential Guard Bitlocker</li><li>Deploy Windows Defender Device Guard</li><li>Deploy AppLocker</li><li>Deploy Windows Defender Application Guard</li></ul></li></ul></li><li>Understanding concepts: <ul> <li>Operating Tier.models</li><li>From Red-Forest, Golden-Forest and Bastion Forests</li><li>Highly secure single-domain model</li></ul></li><li>Clean installation source <ul> <li>Verify hash values of *.iso files</li><li>Fciv.exe, Powershell, 7zip and IgorHasher</li></ul></li><li>Set up the first domain controller <ul> <li>Understanding ms-ds-machineaccountquota</li><li>Use redircmp for new computer systems</li><li>Using redirusr for new users</li><li>Bitlocker</li><li>Bitlocker and TPM 1.2 vs. 2.0</li><li>Bitlocker and PreBoot authentication</li><li>AppLocker</li><li>Monitoring <ul> <li>AD-Audit-Plus</li><li>CyberArk</li></ul></li><li>Secure backup and recovery of Bitlocker-protected backup volumes</li><li>Firewalling on domain controllers</li><li>Configuring IPSEC with RDP</li><li>Hardening domain controllers according to <ul> <li>Center of Internet Security</li><li>gpPack& PaT</li><li>SIM</li><li>LDA</li><li>Microsoft tools</li></ul></li></ul></li><li>Setting up additional domain controllers</li><li>Secure deployment of domain controllers, member servers and clients via MDT <ul> <li>Highly secure installation and configuration of MDT</li><li>Hardening of MDT servers</li><li>Rolling out highly secure member servers and clients</li></ul></li><li>Operating domain controllers securely via IPSEC <ul> <li>Configuring and using IPSEC</li><li>IPSEC monitoring via MMC</li></ul></li><li>Set up PKI server as internal Trusted ROOT CA <ul> <li>Configure PKI</li><li>Enable automatic certificate deployment via group policies</li><li>Enrolment of non-standard certificates</li><li>Hardening the PKI according to <ul> <li>Center of Internet Security</li><li>gpPack& PaT</li><li>SIM</li><li>LDA</li><li>Microsoft tools</li></ul></li></ul></li><li>Jump Server and Privileged Access Workstation ( PAW ) – Understanding and implementing concepts <ul> <li>Setting up and configuring jump servers <ul> <li>RSAT installation</li><li>Install ADMIN Center with valid certificate of a Trusted Root PKI</li><li>Bitlocker</li><li>Bitlocker and TPM 1.2 vs. 2.0</li><li>Bitlocker and PreBoot authentication</li><li>AppLocker</li><li>Configuring IPSEC with RDP</li><li>Backup of Jump servers to bitlocker-protected volumes</li><li>Firewalling on JUMP servers</li></ul></li><li>Hardening the Jump server according to <ul> <li>Center of Internet Security</li><li>gpPack& PaT</li><li>SIM</li><li>LDA</li><li>Microsoft tools</li></ul></li><li>Set up and configure PAW <ul> <li>Bitlocker</li><li>Bitlocker and TPM 1.2 vs. 2.0</li><li>Bitlocker and PreBoot authentication</li><li>AppLocker</li><li>Configuring IPSEC and RDP</li><li>Backup of PAWs to bitlocker-protected volumes</li><li>Firewalling on PAWs</li></ul></li><li>Hardening the domain controllers according to <ul> <li>Center of Internet Security</li><li>gpPack& PaT</li><li>SIM</li><li>LDA</li><li>Microsoft tools</li></ul></li></ul></li><li>Security in domain networks <ul> <li>802.1X with <ul> <li>MAC addresses</li><li>Certificates</li></ul></li><li>MAC flooding on switches <ul> <li>Switch off hubbing mode</li></ul></li><li>IPSEC with Kerberos and certificates</li></ul></li><li>Windows Defender Advanced Threat Protection ( WDATP ) <ul> <li>Understanding the concept of WDATP</li><li>Roll out and monitor WDATP</li><li>WDATP on domain controllers…</li><li>WDATP on Jump Servers and PAWs</li><li>WDATP on Windows 10 clients</li></ul></li></ul>In this master class course, the topic of Active Directory security is taken centrally into focus - in the meantime, various attack scenarios are known, which were used, for example, in the Bundestag hack ( mimikatz et.al. ). These valid attack scenarios are aimed at credential theft or ransomware implementation (e.g. at the logistics company Maersk with an estimated damage of 300 million euros). The goal of this workshop is to understand these scenarios so that you can prevent them and implement an Active Directory implementation that resists these attacks and is hardened against future attacks. The Active Directory are your "crown jewels" - without Active Directory, most corporate environments are completely crippled productively. That's why: Understand, harden and monitor so you can sleep better.At least 5 years of experience with Active Directory and client systems.This course is designed for experienced system administrators, consultants and Active Directory designers. After this seminar, you will be able to design, implement and consult on highly secure Active Directory.In this DeepDive workshop, you will learn how to implement, configure and operate Active Directory environments in a highly secure manner. The Active Directory is "getting on in years". Especially from a security point of view, an Active Directory should NEVER be operated in the standard. Attack scenarios such as Pass-the-Hash, Silver-Ticket, Golden-Ticket or even Skeleton-Key are common ways of attackers who can attack the Active Directory and thus the users and administrators and take over the identities. Last but not least, the hack of the Bundestag with the help of mimikatz and others has shown the vulnerability of the Active Directory. In this Master Class course, the attack scenarios on the Active Directory are first deeply examined and also carried out. With the knowledge gained from this, the Active Directory is now fundamentally hardened. This applies to existing installations, which should first be analyzed in depth, as well as new implementations, which are then completely hardened in order to be considered attack-proof in the future. The knowledge for this course was acquired in over 20 years of Active Directory experience, as well as in years of training by Paula Januszkiewicz and Sami Laiho, both world leaders in the field of security. This course further incorporates the experience of over 50+ Active Directory concepts written by the instructor over his last 15 years - from SMB to enterprise level with 375,000 users. The topic of security is also being looked at in the direction of the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. We promise: Our best know-how for you and your daily work from our most experienced trainers and consultants. Training Environment: In the training environment, we work entirely with Hyper-V. For the proactive setup of the training environment, we use a Powershell script with which you can create new virtual machines in seconds. The script was developed by your trainer himself and enables the training setup according to the customer's wishes in extreme speed with little effort. Hardware: Each participant has a dedicated server in a data center with a total of 1 Gbit connection to the Internet. Each participant server is equipped as follows: - 128 GB RAM - at least 20 vCores - 2 NVME-SSDs with at least 3,000 MB/s writing and at least 2,000 MB/s reading - 1 Gbit to the Internet Total bandwidth Your trainer The Advanced Master Class was developed by Andy Wendel and is delivered by himself and his experienced team. Andy Wendel is a Senior Data Center and Cloud Architect and Certified Security Master Specialization Advanced Windows Security. He was and is trained by the internationally renowned security experts Paula Januszkiewicz (http://cqure.pl/paula-januszkiewicz/) and Sami Laiho (https://www.samilaiho.com/?/). This certification is renewed every year. Andy Wendel has been working as an IT trainer and consultant since the late 1990s and is also a Certified Microsoft Learning Consultant (MCLC). Worldwide, Microsoft has only awarded 56 Certified Learning Consultants.- Review of best practices for installing domain controllers from 20 years of experience as an ADDS senior consultant - Homegrown security issues in Active Directory - Understanding Kerberos - NTLM vs. Kerberos - SMB - SMB versions - Attack scenarios - Secure use of SMB - PAC_Validation and the problems with the Microsoft implementation of Kerberos – in detail - PTH – Pass the Hash – including live attack with all participants - Silver Ticket - Golden Ticket - Skeleton Key - Kerberos Ticket Service - Understanding Kerberos - Change Kerberos passwords: Why and how… - Changing Kerberos passwords: The silver bullet without failures - Preventing credential theft – A DeepDive: - Attack Scenario - Pass-the-Hash - Silver ticket - GoldenTicket - Skeleton-Key - Prevent credential theft - Configure Windows Defender Credential Guard - Windows Defender Remote Credential Guard Bitlocker - Deploy Windows Defender Device Guard - Deploy AppLocker - Deploy Windows Defender Application Guard - Understanding concepts: - Operating Tier.models - From Red-Forest, Golden-Forest and Bastion Forests - Highly secure single-domain model - Clean installation source - Verify hash values of *.iso files - Fciv.exe, Powershell, 7zip and IgorHasher - Set up the first domain controller - Understanding ms-ds-machineaccountquota - Use redircmp for new computer systems - Using redirusr for new users - Bitlocker - Bitlocker and TPM 1.2 vs. 2.0 - Bitlocker and PreBoot authentication - AppLocker - Monitoring - AD-Audit-Plus - CyberArk - Secure backup and recovery of Bitlocker-protected backup volumes - Firewalling on domain controllers - Configuring IPSEC with RDP - Hardening domain controllers according to - Center of Internet Security - gpPack& PaT - SIM - LDA - Microsoft tools - Setting up additional domain controllers - Secure deployment of domain controllers, member servers and clients via MDT - Highly secure installation and configuration of MDT - Hardening of MDT servers - Rolling out highly secure member servers and clients - Operating domain controllers securely via IPSEC - Configuring and using IPSEC - IPSEC monitoring via MMC - Set up PKI server as internal Trusted ROOT CA - Configure PKI - Enable automatic certificate deployment via group policies - Enrolment of non-standard certificates - Hardening the PKI according to - Center of Internet Security - gpPack& PaT - SIM - LDA - Microsoft tools - Jump Server and Privileged Access Workstation ( PAW ) – Understanding and implementing concepts - Setting up and configuring jump servers - RSAT installation - Install ADMIN Center with valid certificate of a Trusted Root PKI - Bitlocker - Bitlocker and TPM 1.2 vs. 2.0 - Bitlocker and PreBoot authentication - AppLocker - Configuring IPSEC with RDP - Backup of Jump servers to bitlocker-protected volumes - Firewalling on JUMP servers - Hardening the Jump server according to - Center of Internet Security - gpPack& PaT - SIM - LDA - Microsoft tools - Set up and configure PAW - Bitlocker - Bitlocker and TPM 1.2 vs. 2.0 - Bitlocker and PreBoot authentication - AppLocker - Configuring IPSEC and RDP - Backup of PAWs to bitlocker-protected volumes - Firewalling on PAWs - Hardening the domain controllers according to - Center of Internet Security - gpPack& PaT - SIM - LDA - Microsoft tools - Security in domain networks - 802.1X with - MAC addresses - Certificates - MAC flooding on switches - Switch off hubbing mode - IPSEC with Kerberos and certificates - Windows Defender Advanced Threat Protection ( WDATP ) - Understanding the concept of WDATP - Roll out and monitor WDATP - WDATP on domain controllers… - WDATP on Jump Servers and PAWs - WDATP on Windows 10 clients5 jours5800.005800.005800.006310.006429.844830.008710.005900.005900.005900.005900.005900.00