On-premises Active Directory continues to serve as the backbone of identity and access management in most
enterprise environments, making it a prime target during internal network compromises. This workshop
introduces the structure of typical corporate internal networks and the role Active Directory plays in
authentication, authorization, and infrastructure management. Building on these fundamentals, the session
explores how attackers approach an internal environment, focusing on Active Directory attack paths and
common misconfigurations.
Participants will set up and interact with a simulated Active Directory environment, where they will
perform initial access, enumeration, and privilege escalation exercises in their own lab. Additional attack
techniques and real-world abuse scenarios will be shown by the instructor with practical examples. By the
end of the workshop, attendees will gain a clear understanding of how Active Directory works, begin their
on-prem AD journey, and understand how attackers navigate and escalate privileges within on-premises Active
Directory environments.
Description: On-premises Active Directory remains a core component of enterprise infrastructure, powering
authentication, authorization, and access control across internal corporate networks. In most organizations,
it forms the foundation of identity management and plays a critical role in how users, systems, and services
interact within the internal environment. This 4-hour hands-on workshop begins by establishing a clear
understanding of how corporate internal networks are typically structured and where Active Directory fits
within that ecosystem. Participants will explore the fundamental components of Active Directory, including
domains, domain controllers, users, groups, and authentication mechanisms, in order to understand how
identity and access management operates inside an organization.
With these fundamentals in place, the workshop shifts to the attacker’s perspective. Through practical
explanations and examples, the session will demonstrate how attackers approach an internal network, focusing
on common attack paths and misconfigurations that exist within Active Directory environments.
Participants will build and interact with their own simulated Active Directory lab environment, where they
will perform initial access, enumeration, and privilege escalation exercises. These hands-on activities
allow attendees to observe how information is gathered from Active Directory, how relationships between
users and systems are mapped, and how privilege escalation can occur in misconfigured environments. By the
end of the workshop, participants will gain a clear understanding of Active Directory fundamentals and
practical exposure to how attackers navigate internal networks and escalate privileges within on-premises AD
environments.
Ideal Audience:
- Penetration Testers
- Security Engineers
- IT professionals interested in understanding Active Directory security
- [Fourth takeaway — optional, if the scope justifies it.]
What Not to Expect:
- Advanced red team or offensive security tradecraft
- Niche or highly specialized Active Directory attack surfaces
- Deep coverage of complex attack chains or advanced persistence techniques
- Complete coverage of all Active Directory attack techniques, as the 4-hour workshop prioritizes key
fundamentals and the most common attack paths within the limited time available.
Speaker
