Pentesting Active Directory and Windows-based Infrastructure: A comprehensive practical guide to penetration testing Microsoft infrastructure

Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerations

Key Features

• Find out how to attack real-life Microsoft infrastructure
• Discover how to detect adversary activities and remediate your environment
• Apply the knowledge you've gained by working on hands-on exercises
• Purchase of the print or Kindle book includes a free PDF eBook

Book Description

This book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities.

You'll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You'll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You'll also learn how to move laterally by blending into the environment's traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you'll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM.

By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company.

What you will learn

• Understand and adopt the Microsoft infrastructure kill chain methodology
• Attack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL Server
• Disappear from the defender's eyesight by tampering with defensive capabilities
• Upskill yourself in offensive OpSec to stay under the radar
• Find out how to detect adversary activities in your Windows environment
• Get to grips with the steps needed to remediate misconfigurations
• Prepare yourself for real-life scenarios by getting hands-on experience with exercises

Who this book is for

This book is for pentesters and red teamers, security and IT engineers, as well as blue teamers and incident responders interested in Windows infrastructure security. The book is packed with practical examples, tooling, and attack-defense guidelines to help you assess and improve the security of your real-life environments. To get the most out of this book, you should have basic knowledge of Windows services and Active Directory.

Table of Contents

1. Getting the Lab Ready and Attacking Exchange Server
2. Defense Evasion
3. Domain Reconnaissance and Discovery
4. Credential Access in Domain
5. Lateral Movement in Domain and Across Forests
6. Domain Privilege Escalation
7. Persistence on Domain Level
8. Abusing Active Directory Certificate Services
9. Compromising Microsoft SQL Server
10. Taking over WSUS and SCCM

增強您的技能，以便進行針對真實世界的微軟基礎架構的測試，通過實踐攻擊/檢測指南並考慮操作安全性來進行。主要特點：
- 了解如何攻擊真實的微軟基礎架構
- 發現如何檢測對手的活動並修復您的環境
- 通過實踐操作來應用您所學到的知識
- 購買印刷版或Kindle電子書將包括免費的PDF電子書

書籍描述：
本書教授您攻擊基於Windows的環境的策略和技巧，並向您展示如何檢測惡意活動並修復配置錯誤和漏洞。

您將首先部署您的實驗室，以便可以複製每個技術。各章節將幫助您掌握攻擊殺伤链的每一步，並將新知識付諸實踐。您將了解如何規避常見內建安全機制（如AMSI、AppLocker和Sysmon）的防禦，使用常見協議和工具在域環境中進行偵察和發現活動，以及收集整個域的憑據。您還將學習如何通過融入環境流量來在環境中移動，以保持低調，提升域內和跨域的特權，並在域級別和域控制器上實現持久性。每個章節都討論了每個技術的操作安全性考慮，並且您將應用此殺伤链來執行對其他微軟產品和服務（如Exchange、SQL Server和SCCM）的安全評估。

通過閱讀本書，您將能夠對微軟環境進行全面的安全評估，檢測網絡中的惡意活動，並指導IT工程師進行改善公司的安全姿態的修復步驟。

您將學到：
- 理解並採用微軟基礎架構殺伤链方法論
- 攻擊Windows服務，如Active Directory、Exchange、WSUS、SCCM、AD CS和SQL Server
- 通過干擾防禦能力來消失在防守者的視線中
- 提升攻擊操作安全性以保持低調
- 發現如何檢測Windows環境中的對手活動
- 掌握修復配置錯誤所需的步驟
- 通過實踐練習來為真實情境做好準備

本書適合：
本書適合測試人員和紅隊成員、安全和IT工程師，以及藍隊成員和事件應對人員對Windows基礎架構安全感興趣的讀者。本書充滿了實用示例、工具和攻擊防禦指南，可幫助您評估和改善真實環境的安全性。為了充分利用本書，您應該具備Windows服務和Active Directory的基本知識。

目錄：
1. 準備實驗室並攻擊Exchange Server
2. 防禦逃避
3. 域偵察和發現
4. 獲取域中的憑據
5. 在域和跨域中進行橫向移動
6. 域特權升級
7. 域級別的持久性
8. 濫用Active Directory Certificate Services
9. 入侵Microsoft SQL Server
10. 掌控WSUS和SCCM