#SOCAnalystPrep
- Day 1SOC Analyst Fundamentals
- Passive Information Gathering
- Wireshark Fundamentals
- Windows Active Directory
- Active Information Gathering
- Vulnerability Identification & Analysis
- Common Services, Threats & Attacks
- Day 2IPv6 Overview
- IDS/IPS Tools
- Windows Forensics
- Incident Handling & Response
- Threat Hunting w/ Security Onion (Demo)
- Security Onion
- Intro to Splunk
- Capture the Flag (CTF)
Powered by a Domain Controller and using the Kerberos service (Port 88), Windows Active Directory (AD) serves as the management system for authentication and authorization of Windows based operating systems.
With an AD domain controller, you can control just about any aspect of a client machine. In order to do so, a user will need to have an account on the domain they are logging into. Once authenticated the domain controller “pushes” all the associated software, rules, and privileges to the device.
Keep in mind that there can be multiple domains and/or subdomains as well as multiple domain controllers. Also, users can have different privileges in different domains. (ex. an administrator in one domain can be a low-level user in another). As a network administrator, you can control all aspects of your domain.
Here are some helpful resources to help you get started:
- Understanding Active Directory for Beginners
- Microsoft Active Directory Documentation
- Microsoft Evaluation Center
- Introduction to Active Directory Services Structure in Windows Server 2012 – Eli the Computer Guy
- Active Directory Penetration Testing Checklist
- Learn the Basics of Active Directory
- Top 10 Active Directory Tutorials