Web Banner
Back to Pre-Conference Training Page

Back to Conference Home Page

Active Directory Security

One-Day Interactive (Classroom) Training - OWASP New Zealand Day 2024


Explore the vulnerabilities lurking in common misconfigurations and default settings within Active Directory. Deep dive into offensive security techniques commonly used to compromise a domain.

Target Audience

Course Details

Dates: Wednesday, 4 September 2024

Time: 8:45 a.m. to 5:30 p.m. (NZST)

Instructors: Claudio Contin and Eito Tamura (Tier Zero Security)

Course Fee: NZ $500.00 (plus GST and ticketing fees)

Registration Site: https://events.humanitix.com/owaspnz2024-training

Maximum Enrolment: 36 attendees

Prerequisites - What Students Should Bring

Completing the hands-on lab is not compulsory. Attendees can decide to join the training and just follow along. The lab parts will be also demonstrated by the presenters. A cheat sheet of commands to be used in the lab will be provided.

Course Description

Embark on a comprehensive journey through Active Directory security in this one-day training.

Gain a foundational understanding of Active Directory domains and authentication methods. Delve into the nuances of NTLM and Kerberos authentication methods.

Explore domain enumeration techniques utilising various tools and grasp the intricacies of NTLM relay attacks and Kerberoasting. Learn effective lateral movement strategies and the basics of Windows privilege escalation techniques.

Expand your knowledge to compromise domain forests and gain insights into domain trusts attacks. Discover the fundamentals of Certificate Services and Configuration Manager (formerly SCCM), exploring potential abuse scenarios.

A hands-on lab will also be provided, where you’ll apply the knowledge to compromise a fully patched AD environment.

Course Outline

Your Instructors

Claudio Contin is a seasoned cybersecurity professional with a background as developer and programmer. With a strong foundation in penetration testing, Claudio’s journey in cybersecurity includes holding the esteemed position of Director of Penetration Test at a leading New Zealand company. Claudio has presented to several international conferences, including Defcon, Black Hat, Kiwicon, BSides San Francisco, and OWASP. Beyond his role as a practitioner, Claudio is a dedicated knowledge-sharer, offering training in Secure Development and Active Directory attacks and defences. Claudio possesses not only strong technical knowledge but also a proven track record of running successful red team engagements.

Eito Tamura started his career as a networking engineer and programmer, mastering the intricacies of technology. His unique journey took an unexpected turn when he secured a professional rugby contract in Japan, where he not only showcased leadership skills, but also led a team of 50 players to success on the field. Upon returning to New Zealand, Eito seamlessly transitioned into the realm of cybersecurity, drawing on his experience as a Lead Security Consultant at a leading NZ cybersecurity company. Specialising in various penetration testing and red teaming engagement, Eito has extended his expertise to encompass Purple/Blue team strategies. His commitment to excellence and diverse skill set make Eito an invaluable asset in ensuring the security and resilience of your organisation.