Exploring Active Directory (AD): Attack Bootcamp at RootedCON 2025
Celia Catalán
Active Directory (AD) is a key component in the infrastructure of numerous organizations, managing authentication, authorization, and security policies in Windows environments. Due to its relevance, it has become a primary target for attackers seeking to compromise corporate systems. To address this issue, Alex Amorín and Axel Losantos have designed the Active Directory Attack Bootcamp, an intensive training that combines theory and practice to equip professionals in identifying and mitigating vulnerabilities in AD.
About the instructors
Alex Amorín is the head of Pentesting and Red Team at Zerolynx. He holds a degree in Computer Engineering from the University of Burgos and has a Master's in ICT Security from the European University. His professional background is supported by high-prestige certifications in offensive security, including OSCP, OSWP, OSWE, OSEP, OSED, CRTO, CRTL, and OSCE3. Additionally, he has significantly contributed to the field of cybersecurity with over 25 published CVEs (Common Vulnerabilities and Exposures), demonstrating his commitment to the research and dissemination of vulnerabilities.
Axel Losantos, for his part, is a Pentester and Red Team Operator with over five years of experience in cybersecurity. He has participated in international projects in sectors such as banking, pharmaceuticals, insurance, and public administration. He holds a Higher Technician degree in Multiplatform Application Development, has a Bachelor's degree in Computer Engineering, and a Master's degree in Cybersecurity from UNIR. Axel has notable certifications in offensive security, such as OSCP, OSEP, OSWE, CRTO, CRTL, CRTP, CRTE, CARTP, CARTE, ARTE, eCPPTv2, and CHMRTS, reflecting his dedication to continuous learning and specialization in advanced attack and defense techniques.
Bootcamp Content
The Active Directory Attack Bootcamp is structured to provide a deep and practical understanding of how to audit and exploit AD environments. Throughout several sessions, participants will explore everything from basic concepts to advanced attack and defense techniques. Below are the main areas of focus:
1. Introduction and environment setup
- Session 0: Preparation of the laboratory environment, ensuring that all participants have the necessary tools and configurations for the practices.
2. Fundamentals of Active Directory and reconnaissance
- Session 1: The essential concepts of AD are addressed, including its logical and physical structure, and key protocols such as LDAP. Additionally, the "kill chain" is introduced in the context of AD, highlighting the stages that an attacker follows to compromise the system.
3. Active Directory Enumeration
- Session 2: Use of PowerShell and LDAP queries to extract critical information about users, groups, and domain configurations.
- Session 3: Implementation of advanced tools such as BloodHound and SharpHound to map trust relationships and possible privilege escalation paths. It is complemented with manual enumeration techniques and the use of native Windows tools.
4. Exploitation of vulnerabilities in AD
- Session 4: Analysis and exploitation of known vulnerabilities in AD environments, such as Kerberoasting, ASREP-Roasting, ZeroLogon, among others. It emphasizes how these vulnerabilities can be used to gain unauthorized access and escalate privileges.
5. Abuse of insecure configurations
- Session 5: Identification and exploitation of misconfigurations, such as excessive permissions in ACLs, incorrect implementation of LAPS and gMSA, and poorly configured delegations.
6. Advanced Attack and Persistence Techniques
- Session 6: Exploration of advanced attacks, including those targeting certificate infrastructure (ADCS) and persistence techniques such as GPO modification and creation of hidden elevated privilege accounts.
Bootcamp Objectives
At the end of the bootcamp, participants will be equipped to:
- Identify and Explore Vulnerabilities: Recognize insecure configurations and vulnerabilities in AD environments.
- Implement Exploitation Techniques: Apply methods to compromise systems and escalate privileges in a controlled manner.
- Perform Lateral Movements: Move within the network to access additional resources and expand the scope of engagement.
- Establish Persistence: Implement techniques that allow maintaining access to the compromised system over time.
- Strengthen AD Security: Implement countermeasures and best practices to protect the AD environment against potential attacks.
Who is it aimed at?
This bootcamp is designed for:
- Cybersecurity Professionals: Those who seek to deepen their knowledge in specific AD attacks and defenses.
- System Administrators: Personnel responsible for the management and security of Windows environments who wish to understand potential threats and how to mitigate them.
- Security Analysts and Auditors: Professionals responsible for assessing the security of infrastructures and ensuring compliance with security policies.
Prerequisites
To make the most of the bootcamp, it is recommended that participants have:
- Basic Networking Knowledge: Familiarity with protocols such as TCP/IP, SMB, and LDAP.
- Experience in Windows Environments: Practical knowledge of Windows Server and Active Directory.
- Scripting Skills: Basic proficiency in PowerShell and, preferably, in other scripting languages.
Where and when?
📍 Location: Eurostars i-Hotel, Madrid
⏰ Date: March 3-5, from 09:00 to ~19:00
🔗 Link: https://reg.rootedcon.com/payment/activity/230
➕More information: https://rootedcon.com/docs/trainings/2025/R25BC04-AlejandoAmorin_AxelLosantos-BootcampAtaquesalDirectorioActivo.pdf
