Hack3: Attacks on Windows-based Networks

A directory service is normally used for the technical organization of computers, users, groups and other object classes in company networks. Active Directory domain services based on the domain principle of trust are widespread in Windows-based networks. If an attacker initially manages to penetrate an internal network from the outside, they can in most cases extend their privileges within the utilized directory service at reasonable expense. The objective of this training course is to provide a deeper insight into attackers' methods and show countermeasures. Theoretical concepts will be explained and learned attack vectors will be tested by means of practical "hands-on" exercises.


Windows-based networks

  • Active Directory, Domain Controller
  • Structure and trust determination of an Active Directory environment
  • Privilege and authentication concepts
  • Hash types in the Microsoft world
  • Windows login process

Attacks on individual systems and network protocols 

  • Exploitation of vulnerabilities
  • Attacks on authentication mechanisms
  • Exploitation of weak service configurations
  • Attacks on Kerberos (e.g. Golden Ticket)
  • Traffic-based attacks (NBNS, MitM)

Privilege escalation/extension

  • Inadequate password protection
  • Exploitation of "features", "traces"
  • Access tokens and "cached" passwords
  • Pass-the-hash attacks
  • Security support provider
  • Group policy objects/preferences

Use of suitable tools

  • Metasploit Framework
  • Port scanners, e.g. Nmap
  • Powershell tools, e.g. Empire
  • Cracking tools
  • Tools for special utilization purposes

"Best practice" protection measures

  • Detection methods
  • IT security principles
  • Configuration recommendations

Technical requirements

Basic knowledge of Linux- and Windows-based systems and networks


Three days