navigation

AD4Noobs

So you want to learn the in and outs of getting started with Active Directory? Well then you came to the right place! If you don’t care about this preface stuff just click on the arrow on the right or use the navigation on the top left if you are on mobile. This will take you to the first needed steps to get started.

It's not that complicated, not at all. Trust me!

Why I created this

Young Peeps

Over the last couple of years, I came into contact with young people who want to enter the InfoSec field, most of which who don’t have an background in IT.

Whenever I or someone else brought up something about Active Directory almost no one knew what it was or what it was used for. The fact that most of the time a general explication like 'Active Directory is like a database for users and computers' was given wasn't helping that.

Old Peeps

After starting a job as an Ethical Hacker, I came into contact with a lot of internal networks. Pretty much on all these internal assessments Active Directory (and everything that comes with it) was the weakest link or was heavily part of me gaining administrative access in the network. This leads me to believe that there is a general lack of (basic and security) Active Directory knowledge or it is missing from where it matters the most. I think this is perfectly backed up if you look at the current state of malware, and more specifically cryptoware/ransomware.

Just google 'ransomware active directory'

The why and the goal

So when I got the chance to give a 2 day workshop on Active Directory I decided to create this, for lack of better words, guide. I personally think that the best way to learn this stuff is by doing it, though at some points some explication can help with the learning process and avoid common pitfalls. The main goal of this guide is to get someone without any Active Directory knowledge up and running with the basics needed knowledge and try to prevent them from making these mistakes I see over and over again. Starting of lighthearted and easy to understand (i.e. meme’s and probally outdated refrences to keep people’s attention) and during the process of the guide gradually becoming more technical. If possible, I’d like to extend this to include Offensive/Defense points outside of the general IT administrator way of thinking. This to potentially help prevent the current state of things from continuing in the future.

If you work in the IT/InfoSec field and feel inclined to help with this endeavour you can submit a PR on github or get in contact with me on Twitter.