Skip to main content
22 min read Intermediate Windows / AD

Basics of Active Directory

Active Directory (AD) - Basics Understanding

Common Terms:

  • Domain: A logical group of network objects (users, computers, devices) that share a common directory database.
  • Forest: A collection of one or more domains that share a common schema and configuration.
  • Tree: A hierarchy of one or more domains that are connected in a contiguous namespace.
  • Organizational Unit (OU): A container within a domain used to organize users, groups, and computers. OUs can be nested.
  • Group Policy: A feature that allows administrators to implement specific configurations for users and computers within the domain.
  • Schema: Defines the objects and attributes that the directory service can contain.
  • Global Catalog: A distributed data repository that contains a searchable, partial representation of every object in every domain in a forest.

Key Components:

  • Active Directory Domain Services (AD DS): The core service that provides the directory and authentication services.
  • Active Directory Lightweight Directory Services (AD LDS): A lighter version of AD DS, used for directory-enabled applications.
  • Active Directory Federation Services (AD FS): Provides single sign-on and identity federation for users accessing applications across different organizations.

Domain Controller (DC)

Common Terms:

  • Primary Domain Controller (PDC): The main domain controller responsible for processing authentication requests and managing changes in a domain.
  • Backup Domain Controller (BDC): An older term (from NT4 days) for a domain controller that provides backup and redundancy for the PDC.
  • Replication: The process of copying changes made on one domain controller to others to ensure consistency.
  • Trust Relationship: A connection between two domains that allows users from one domain to access resources in another.

Key Components:

  • Active Directory Database: The database file (NTDS.dit) that stores the directory data and objects.
  • DNS Integration: Active Directory relies on DNS for domain controller location and service discovery.
  • Authentication Protocols: Protocols like Kerberos and NTLM that handle authentication requests.

Summary

  • Active Directory is the service that organizes and manages network resources.
  • Domain Controllers are servers that implement AD services, handling user authentication and managing directory data.

Summarize the key concepts and components of Active Directory (AD) and Domain Controllers (DC):

ConceptActive Directory (AD)Domain Controller (DC)
DefinitionDirectory service for managing network resourcesServer that runs AD Domain Services
Main FunctionalityManages permissions and access across the networkAuthenticates users and computers
Components- AD DS (Domain Services)- Hosts the AD DS database (NTDS.dit)
- AD LDS (Lightweight Directory Services)- Processes authentication requests
- AD FS (Federation Services)- Handles replication between DCs
Common Terms- Domain- Primary Domain Controller (PDC)
- Forest- Backup Domain Controller (BDC)
- Tree- Trust Relationship
- Organizational Unit (OU)- Replication
- Group Policy- Authentication Protocols (Kerberos, NTLM)
- Schema
- Global Catalog
  • Active Directory is the framework for managing network resources.
  • Domain Controllers are the servers that implement the AD services, facilitating user authentication and data management.

Within Active Directory, there are three built-in groups that comprise the highest privilege groups in the director

Group NameDescription
Enterprise Admins (EA)The highest privilege group in a multi-domain Active Directory forest. Members can manage configuration and administrative tasks across the entire forest.
Domain Admins (DA)A high privilege group with administrative access to a specific domain. Members can manage all objects and settings within that domain.
Built-in Administrators (BA)The default group for managing administrative tasks on local machines and domain controllers within a domain.

Active Directory (AD) Terminology

Users and Accounts

  • Users – Regular accounts with limited privileges, typically used for everyday tasks.
  • Computers – Machine accounts representing devices joined to the domain.
  • Domain Administrators – High-privilege accounts managing domain-wide settings and resources.
  • Enterprise Administrators – Highest-level accounts with control over all domains in a forest.

Active Directory (AD) Terminology

  • Domain Controller (DC) – A server managing authentication and directory services.
  • AMSI (Antimalware Scan Interface) – A Windows security feature that helps applications and services detect malicious content by scanning data in real-time.
  • ETW (Event Tracing for Windows) – A Windows framework for collecting and logging system events and performance data, often used for troubleshooting and monitoring.
  • Global Catalog (GC) – A DC storing a partial replica of all objects in a forest.
  • Kerberos – The default authentication protocol in AD.
  • LDAP (Lightweight Directory Access Protocol) – Used to query and modify AD objects.
  • NTLM (NT LAN Manager) – A legacy authentication protocol still used in some environments.
  • Group Policy Objects (GPOs) – Used to enforce security settings and configurations.
  • SID (Security Identifier) – A unique identifier assigned to AD objects.
  • ACL (Access Control List) – Defines permissions on objects.
  • SPN (Service Principal Name) – Identifies services for Kerberos authentication.
  • Golden Ticket – A forged Kerberos Ticket Granting Ticket (TGT) allowing persistence.
  • Silver Ticket – A forged Kerberos Service Ticket for lateral movement.
  • Pass-the-Hash (PtH) – Using NTLM hash instead of a plaintext password for authentication.
  • Pass-the-Ticket (PtT) – Using stolen Kerberos tickets to access systems.
  • LSASS (Local Security Authority Subsystem Service) – Manages authentication and can be dumped for credentials.
  • DCSync – A technique to extract password hashes by simulating a domain controller.
  • BloodHound – A tool for mapping AD relationships and attack paths.
  • System Block Logging – Refers to recording events or actions at the block level within a system, often for auditing, security, or recovery purposes.
  • System-Wide Transaction – A process that ensures consistency and integrity across multiple system components or services, often used in distributed systems or databases to ensure that all parts of a transaction complete successfully.
  • iex (Invoke-Expression) – Executes a string as a PowerShell expression or command.
  • iwr (Invoke-WebRequest) – Sends HTTP requests to a web server and retrieves the response.
  • Constrained Delegation – Allows a service to impersonate a user only for specific services, enhancing security by limiting access.
  • Unconstrained Delegation – Allows a service to impersonate a user for any service in the domain, which can pose security risks.

Kerberos Overview

  • Kerberos: A network authentication protocol using symmetric key cryptography to authenticate users and services in a distributed environment.

Components:

  • Client: The entity requesting authentication.
  • KDC (Key Distribution Center): Issues tickets for authentication, consisting of:
    • AS (Authentication Service): Issues the Ticket Granting Ticket (TGT).
    • TGS (Ticket Granting Service): Issues service tickets for accessing resources.
  • Service: The resource or application the client is trying to access.
  • Kerberoasting: Attackers request service tickets for service accounts and attempt to crack them offline to obtain passwords.
  • Silver Ticket Attack: Attackers forge a service ticket for specific services using the service account’s password hash.
  • Golden Ticket Attack: Attackers forge a TGT using the KRBTGT account hash (domain admin access).
  • Ticket Renewal Attacks: Attackers renew expired tickets if they have access to the TGT or service ticket and its renewal key.
  • Pass-the-Ticket (PTT): Attackers steal or capture Kerberos tickets (TGTs/service tickets) to impersonate users/services.
  • Pass-the-Hash (PTH): Attackers use stolen password hashes to authenticate instead of Kerberos tickets.

Extended Active Directory (AD) Terminology

  • Forest – The highest logical structure in AD, containing one or more domains.
  • Domain – A logical grouping of users, computers, and resources managed under a single security boundary.
  • Organizational Unit (OU) – A container within a domain used for organizing users, computers, and policies.
  • Trusts – Relationships between domains allowing resource sharing and authentication.
  • RID (Relative Identifier) – A unique value assigned to each object within a domain, forming part of the SID.
  • FSMO Roles (Flexible Single Master Operations) – Specialized roles ensuring AD consistency:
    • Schema Master – Maintains schema updates across the forest.
    • Domain Naming Master – Manages domain additions and removals in the forest.
    • RID Master – Allocates RIDs to domain controllers.
    • PDC Emulator – Handles password changes, replication, and legacy system compatibility.
    • Infrastructure Master – Maintains object references across domains.
  • Replication – Synchronization of AD data across domain controllers.
  • SYSVOL – A shared folder containing Group Policy and logon scripts, replicated across DCs.
  • SAM (Security Account Manager) – A database storing user credentials on local systems.
  • KRBTGT Account – A special account responsible for Kerberos ticket generation.
  • TGT (Ticket Granting Ticket) – A Kerberos ticket used to request service tickets.
  • TGS (Ticket Granting Service) – Issues service tickets based on a valid TGT.
  • Shadow Credentials – Abusing AD Certificate Services (AD CS) to forge authentication.
  • SID History – Stores previous SIDs of migrated objects to maintain access.
  • AdminSDHolder – A security mechanism protecting privileged accounts from unauthorized modifications.
  • DSRM (Directory Services Restore Mode) – A recovery mode for restoring Active Directory.
  • GPP (Group Policy Preferences) – Legacy settings that sometimes expose plaintext credentials.
  • NTDS.dit – The Active Directory database file containing password hashes and directory information.
  • ZeroLogon – A vulnerability allowing privilege escalation by exploiting Netlogon.
  • Kerberoasting – Extracting and cracking Kerberos service tickets to reveal plaintext passwords.
  • AS-REP Roasting – Exploiting users with disabled pre-authentication to retrieve encrypted credentials.
  • LAPS (Local Administrator Password Solution) – A security feature that manages local admin passwords on domain-joined machines.
  • RBCD (Resource-Based Constrained Delegation) – A Kerberos feature often abused for privilege escalation.
  • SDProp (Security Descriptor Propagation) – Ensures inherited permissions are applied correctly in AD.
  • MS14-068 (Forged PAC Attack) – A vulnerability allowing domain admin privilege escalation.

Microsoft Access Terminology

  • MDE: A compiled Microsoft Access database file format that locks down the design.
  • MDI: A user interface style allowing multiple documents within a single window.
  • MDE Security: Provides limited security by preventing users from viewing or editing database design in Access.
  • MDI Security: No direct security feature; it's just a UI style, but security depends on the app's design and user permissions.
  • EDR: A cybersecurity solution that monitors, detects, and responds to threats on endpoints in real time.
  • AV (Antivirus): Software designed to detect, prevent, and remove malicious software (viruses, malware) from a computer or device.

Red Teaming Terminology

  • Initial Access – Gaining entry into a target environment.
  • Lateral Movement – Expanding access by moving between systems.
  • Persistence – Maintaining long-term access to compromised systems.
  • Privilege Escalation – Gaining higher privileges within a system.
  • Credential Dumping – Extracting passwords or hashes from memory.
  • Command and Control (C2) – A channel to control compromised systems.
  • Living Off the Land (LotL) – Using built-in tools (e.g., PowerShell) to evade detection.
  • Enumeration – Gathering information about the target environment.
  • Pivoting – Using a compromised system to attack other internal hosts.
  • OPSEC (Operational Security) – Hiding attack activities from defenders.
  • Blue Team – Defenders focused on security monitoring and incident response.
  • Red Team – Offensive security professionals simulating real-world attacks.
  • Purple Team – A collaboration between Red and Blue teams to improve security.
  • Evasion – Bypassing security controls like AV and EDR.
  • TTPs (Tactics, Techniques, and Procedures) – The methodology used by attackers.
  • MITRE ATT&CK – A framework categorizing adversary techniques and behaviors.

DLL

A DLL (Dynamic Link Library) is a file format used in Microsoft Windows environments to contain code, data, and resources that can be used by multiple programs simultaneously. DLLs help modularize applications, allowing them to share common functions without duplicating code across applications.

Active Directory Pentesting Checklist

Reconnaissance

1. Information Gathering

  • Collect information about the target network, domains, and subdomains.
  • Identify domain controllers (DCs) and their roles.
  • Enumerate domains, trusts, and forests.
  • Gather information about users, groups, and computers.
  • Discover organizational units (OUs) and Group Policy Objects (GPOs).
  • Find service accounts and their permissions.

2. DNS Enumeration

  • Enumerate DNS information for the target domains.
  • Identify DNS zones and records.
  • Check for DNS misconfigurations or vulnerabilities.
  • Gather information about DNSSEC and DNSSecuring.

3. SMB Enumeration

  • Enumerate SMB shares and permissions.
  • Identify accessible shares, including hidden shares.
  • Check for misconfigured shares or exposed sensitive data.

Scanning and Enumeration

4. Port Scanning

  • Perform port scanning to identify open ports and services.
  • Enumerate commonly used ports (e.g., 135, 139, 445, 3389).
  • Check for unusual or custom ports.

5. Service Enumeration

  • Identify services running on target systems.
  • Enumerate service versions and vulnerabilities.
  • Pay attention to RPC, LDAP, SMB, and RDP services.

6. User Enumeration

  • Enumerate users and groups.
  • Gather information about user attributes.
  • Check for locked or disabled accounts.
  • Identify high-privilege users and administrators.

7. Password Policy Assessment

  • Analyze password policies and complexity requirements.
  • Check for password lockout policies and expiration settings.
  • Look for password reuse vulnerabilities.

8. Kerberos Enumeration

  • Enumerate Kerberos tickets and ticket-granting tickets (TGTs).
  • Check for Kerberoasting vulnerabilities.
  • Identify accounts with Kerberos pre-authentication disabled.

Vulnerability Assessment

9. Vulnerability Scanning

  • Perform vulnerability scanning using tools.
  • Identify and categorize vulnerabilities.
  • Prioritize vulnerabilities based on risk and impact.
  • Validate findings to eliminate false positives.

Exploitation

10. Credential Harvesting

  • Attempt to harvest credentials using techniques like SMB relaying.
  • Exploit pass-the-hash (PtH) and pass-the-ticket (PtT) attacks.

11. Pass-the-Hash (PtH) Attacks

  • Exploit pass-the-hash vulnerabilities.
  • Attempt to gain unauthorized access using harvested hashes.

12. Golden Ticket Attack

  • Attempt to forge Kerberos tickets to impersonate domain controllers.
  • Test for domain dominance and persistence.

13. Silver Ticket Attack

  • Forge Kerberos tickets for specific services.
  • Attempt to access target services without detection.

14. DCSync Attack

  • Mimic domain controller synchronization requests.
  • Extract password hashes and secrets from DCs.

15. BloodHound Analysis

  • Use BloodHound for attack path analysis.
  • Identify attack paths, privileges, and weaknesses.

Post-Exploitation

16. Lateral Movement

  • Attempt lateral movement through SMB, WMI, or remote desktop.
  • Escalate privileges on compromised systems.

17. Persistence

  • Establish persistence mechanisms in the target network.
  • Create backdoors or rogue accounts.

18. Data Exfiltration

  • Test for data exfiltration techniques.
  • Attempt to transfer sensitive data to external locations.

Active Directory Enumeration and Exploitation Tools

Active Directory Checklist With Tools and Commands

Reconnaissance

1. Information Gathering

  • Collect information about the target network, domains, and subdomains.

  • Identify domain controllers (DCs) and their roles.

    • Tools: PowerShell, ADRecon
    • Command: Get-NetDomainController -Domain example.com

  • Enumerate domains, trusts, and forests.

    • Tools: ADRecon, PowerView
    • Command: Get-NetForest -Verbose

  • Gather information about users, groups, and computers.

    • Tools: PowerShell, BloodHound
    • Command: Get-NetUser -Verbose

  • Discover organizational units (OUs) and Group Policy Objects (GPOs).

    • Tools: ADRecon, PowerShell
    • Command: Get-NetOU -Verbose

  • Find service accounts and their permissions.

    • Tools: BloodHound, PowerShell
    • Command: Get-NetUser -SPN

2. DNS Enumeration

  • Enumerate DNS information for the target domains.

  • Identify DNS zones and records.

    • Tools: PowerShell, ADRecon
    • Command: Get-DnsServerZone

  • Check for DNS misconfigurations or vulnerabilities.

    • Tools: ADRecon, PowerShell
    • Command: Test-DnsServer

Scanning and Enumeration

3. SMB Enumeration

  • Enumerate SMB shares and permissions.

  • Identify accessible shares, including hidden shares.

    • Tools: enum4linux, smbclient
    • Command: smbclient -L target

  • Check for misconfigured shares or exposed sensitive data.

    • Tools: enum4linux, smbclient
    • Command: smbclient //target/share

4. Port Scanning

  • Perform port scanning to identify open ports and services.

    • Tools: Nmap
    • Command: nmap -p- target

  • Enumerate commonly used ports (e.g., 135, 139, 445, 3389).

    • Tools: Nmap
    • Command: nmap -p 135,139,445,3389 target

  • Check for unusual or custom ports.

    • Tools: Nmap
    • Command: nmap -p <port> target

5. Service Enumeration

  • Identify services running on target systems.

    • Tools: Nmap, PowerShell
    • Command: Get-Service

  • Enumerate service versions and vulnerabilities.

    • Tools: Nmap
    • Command: nmap -sV -p <port> target

  • Pay attention to RPC, LDAP, SMB, and RDP services.

    • Tools: Nmap, enum4linux, smbclient
    • Command: Varies

6. User Enumeration

  • Enumerate users and groups.

    • Tools: enum4linux, smbclient
    • Command: enum4linux -U target

  • Gather information about user attributes.

    • Tools: PowerShell
    • Command: Get-ADUser -Filter *

  • Check for locked or disabled accounts.

    • Tools: PowerShell
    • Command: Get-ADUser -Filter {Enabled -eq $false}

  • Identify high-privilege users and administrators.

    • Tools: PowerShell
    • Command: Get-ADGroupMember "Domain Admins"

7. Password Policy Assessment

  • Analyze password policies and complexity requirements.

    • Tools: PowerShell
    • Command: Get-ADDefaultDomainPasswordPolicy

  • Check for password lockout policies and expiration settings.

    • Tools: PowerShell
    • Command: Get-ADFineGrainedPasswordPolicy

  • Look for password reuse vulnerabilities.

    • Tools: CrackMapExec (CME)
    • Command: cme smb target -u username -p password --pwd-policies

8. Kerberos Enumeration

  • Enumerate Kerberos tickets and ticket-granting tickets (TGTs).

    • Tools: Rubeus, PowerShell
    • Command: Rubeus dump

  • Check for Kerberoasting vulnerabilities.

    • Tools: Rubeus
    • Command: Rubeus asktgt /user:<username> /rc4:<hash>

  • Identify accounts with Kerberos pre-authentication disabled.

    • Tools: Rubeus
    • Command: Rubeus asktgt /user:<username> /rc4:<hash> /encticket:<ticket.kirbi> /service:<SPN>

Vulnerability Assessment

9. Vulnerability Scanning

  • Perform vulnerability scanning using tools.

  • Identify and categorize vulnerabilities.

    • Tools: Vulnerability Scanners
    • Command: Varies based on the tool

  • Prioritize vulnerabilities based on risk and impact.

    • Tools: Vulnerability Scanners
    • Command: Varies based on the tool

  • Validate findings to eliminate false positives.

    • Manual verification

Exploitation

10. Credential Harvesting

  • Attempt to harvest credentials using techniques like SMB relaying.

  • Exploit pass-the-hash (PtH) and pass-the-ticket (PtT) attacks.

11. Pass-the-Hash (PtH) Attacks

  • Exploit pass-the-hash vulnerabilities.

    • Tools: Mimikatz, Pass-the-Ticket Toolkit
    • Command: Varies based on the tool

  • Attempt to gain unauthorized access using harvested hashes.

    • Tools: Mimikatz, Pass-the-Ticket Toolkit
    • Command: Varies based on the tool

12. Golden Ticket Attack

  • Attempt to forge Kerberos tickets to impersonate domain controllers.

    • Tools: Mimikatz
    • Command: kerberos::golden

  • Test for domain dominance and persistence.

    • Tools: Mimikatz
    • Command: kerberos::tgt

13. Silver Ticket Attack

  • Forge Kerberos tickets for specific services.

    • Tools: Mimikatz
    • Command: kerberos::sid

  • Attempt to access target services without detection.

    • Tools: Mimikatz
    • Command: kerberos::tgs

14. DCSync Attack

  • Mimic domain controller synchronization requests.

    • Tools: Mimikatz
    • Command: lsadump::dcsync /user:target

  • Extract password hashes and secrets from DCs.

    • Tools: Mimikatz
    • Command: lsadump::dcsync /user:target

15. BloodHound Analysis

  • Use BloodHound for attack path analysis.

    • Tools: BloodHound
    • Command: Varies based on the query

  • Identify attack paths, privileges, and weaknesses.

    • Tools: BloodHound
    • Command: Varies based on the query

Post-Exploitation

16. Lateral Movement

  • Attempt lateral movement through SMB, WMI, or remote desktop.

  • Escalate privileges on compromised systems.

    • Tools: Various privilege escalation exploits
    • Command: Varies based on the exploit

17. Persistence

  • Establish persistence mechanisms in the target network.

    • Tools: Empire, Custom scripts
    • Command: Varies based on the technique

  • Create backdoors or rogue accounts.

    • Tools: Empire, Custom scripts
    • Command: Varies based on the technique

18. Data Exfiltration

  • Test for data exfiltration techniques.

  • Attempt to transfer sensitive data to external locations.

    • Tools: PowerShell Empire, Custom scripts
    • Command: Varies based on the technique

CRTP Course Content: By alteredsecurity

I. Active Directory Enumeration

  • Use scripts, built-in tools, and the Active Directory module to enumerate the target domain.
  • Understand and practice how useful information like users, groups, group memberships, computers, and user properties from the domain controller is available to even a normal user.
  • Understand and enumerate intra-forest and inter-forest trusts. Practice how to extract information from the trusts.
  • Enumerate Group Policies.
  • Enumerate ACLs (Access Control Lists) and learn to find interesting rights on ACLs in the target domain to carry out attacks.

II. Local Privilege Escalation

  • Learn and practice different local privilege escalation techniques on a Windows machine.
  • Hunt for local admin privileges on machines in the target domain using multiple methods.
  • Abuse enterprise applications to execute complex attack paths that involve bypassing antivirus and pivoting to different machines.

III. Domain Privilege Escalation

  • Learn to find credentials and sessions of high-privileged domain accounts like Domain Administrators, extract their credentials, and use credential replay attacks to escalate privileges using built-in protocols for pivoting.
  • Learn to extract credentials from a restricted environment where application whitelisting is enforced.
  • Abuse derivative local admin privileges and pivot to other machines to escalate privileges to the domain level.
  • Understand the classic Kerberoast attack and its variants to escalate privileges.
  • Enumerate the domain for objects with unconstrained delegation and abuse it to escalate privileges.
  • Find domain objects with constrained delegation enabled. Understand and execute attacks against such objects to escalate privileges to a single service on a machine or the domain administrator using alternate tickets.
  • Learn how to abuse privileges of Protected Groups to escalate privileges.

IV. Domain Persistence and Dominance

  • Abuse Kerberos functionality to persist with Domain Administrator privileges. Forge tickets to execute attacks like Golden Ticket and Silver Ticket for persistence.
  • Subvert domain-level authentication with Skeleton Key and custom Security Support Provider (SSP).
  • Abuse the DC safe mode Administrator for persistence.
  • Abuse protection mechanisms like AdminSDHolder for persistence.
  • Abuse minimal rights required for attacks like DCSync by modifying ACLs of domain objects.
  • Learn to modify the host security descriptors of the domain controller to persist and execute commands without needing Domain Administrator privileges.

V. Cross Trust Attacks

  • Learn to elevate privileges from Domain Admin of a child domain to Enterprise Admin on the forest root by abusing Trust keys and the krbtgt account.
  • Execute intra-forest trust attacks to access resources across the forest.
  • Abuse database links to achieve code execution across the forest by using just the databases.

VI. Forest Persistence and Dominance

  • Understand forest persistence techniques like DCShadow. Execute it to modify objects in the forest root without leaving change logs.
  • Learn minimal permissions required to use DCShadow and avoid change logs for minimal permissions using Shadowception.

VII. Defenses – Monitoring

  • Learn about useful events logged when the discussed attacks are executed.

VIII. Defenses and Bypass – Architecture and Work Culture Changes

  • Learn briefly about architecture and work culture changes required in an organization to avoid the discussed attacks.
  • Understand Temporal Group Membership, ACL Auditing, LAPS (Local Administrator Password Solution), SID Filtering, Selective Authentication, Credential Guard, Device Guard, Protected Users Group, PAW (Privileged Access Workstations), Tiered Administration, and ESAE (Enhanced Security Administrative Environment) or Red Forest.
  • Learn how Microsoft's Advanced Threat Analytics (ATA) and similar tools detect domain attacks and ways to avoid and bypass such tools.

IX. Defenses and Bypass – Deception

  • Understand how deception can be effectively deployed as a defense mechanism in Active Directory.
  • Deploy decoy user objects with interesting properties, which have ACL rights over other users and high-privilege access in the domain along with available protections.
  • Deploy computer objects and group objects to deceive an adversary.
  • Learn how adversaries can identify decoy objects and how defenders can avoid detection.

X. Defenses and Bypass – PowerShell

  • Learn about various improvements in Windows PowerShell v5 and their significance in detecting attacks.
  • Discuss System-Wide Transcription, Enhanced Logging, Constrained Language Mode, AMSI (Antimalware Scan Interface), etc.
  • Learn how JEA (Just Enough Administration) helps in secure administration.
  • Execute bypasses against the discussed defenses and learn about the detection of bypasses.