As part of VERDESEC ongoing effort to expose students to real-world cybersecurity knowledge, we organized a technical sharing session titled “Introduction and Practical on Attacking Active Directory”.
The session was delivered by Choo, the Malaysian Student Representative of the Global Cybersecurity Camp (GCC) 2022, giving participants the opportunity to learn from someone with both technical experience and international exposure.
Hosted through Discord, the session attracted around 40 students, reflecting strong interest in one of the most important areas of enterprise security. Active Directory remains a critical component in many organizational environments, and understanding how it works, how it is assessed, and how weaknesses may be abused is an important part of building practical cybersecurity knowledge.
The sharing session introduced participants to several key topics commonly encountered in Active Directory security testing. It began with Active Directory enumeration, where attendees were guided through the process of identifying users, groups, services, and other valuable information within a domain environment. This helped set the foundation for understanding how attackers and defenders alike map out an Active Directory network.
From there, the session moved into dumping NTLM hashes, giving participants insight into how credential material may be obtained in certain scenarios and why protecting privileged systems and accounts is important.
The session then explored more advanced concepts, including forging Silver Tickets and Golden Tickets, which are well-known attack techniques involving Kerberos ticket abuse. These topics helped participants appreciate the importance of Active Directory hardening, privilege management, and proper monitoring in enterprise environments.
What made the sharing especially valuable was its practical focus. Rather than staying only at a theoretical level, the session gave students a clearer picture of how these techniques fit into real attack paths and why understanding them matters for both offensive and defensive cybersecurity roles.
Overall, the session was well received and served as another meaningful step in VERDESEC’s mission to make cybersecurity learning more accessible, practical, and relevant to students.
| Activity Details: | |
|---|---|
| Venue: | Online |
| Price: | FREE |
| Participants: | 40 |
| Level: | Advanced |
