Network Infiltration: Pen-Testing Internal Networks & Active Directory: End-to-End Field Manual to Understand how Windows Domains, Active Directory, ... Hat Hackers Handbook : The Series, Band 3) - Softcover

Buch 3 von 3: The Ultimate Black Hat Hackers Handbook : The Series

Revenant, Byte

 
9798264400940: Network Infiltration: Pen-Testing Internal Networks & Active Directory: End-to-End Field Manual to Understand how Windows Domains, Active Directory, ... Hat Hackers Handbook : The Series, Band 3)

Inhaltsangabe

Today, Network Infiltration: Pen-Testing Internal Networks & Active Directory is released—a practical, defense-oriented roadmap to understanding and assessing Windows enterprise networks. Rather than offering tool lists, the book teaches practitioners to think like assessors: define scope, gather the right telemetry, map behaviors to MITRE ATT&CK, and communicate findings leaders can act on.

What’s inside
The book demystifies how authentication and authorization actually work in practice—Kerberos, NTLM, tokens, SIDs, SPNs—and shows how Group Policy, delegations, and trust topology shape exposure. Readers build a small, offline lab to observe identity flows on the wire and in logs, deploy Sysmon alongside Windows Event IDs, and integrate signal into SIEM/EDR/UEBA pipelines. The result is a repeatable way to establish baselines, detect what matters, and harden what counts.

Who it serves
Security engineers, detection analysts, incident responders, red/purple teamers, architects, admins—anyone responsible for the safety and reliability of Windows environments.

Key takeaways

  • Clear mental models for AD, GPOs, trusts, and admin protocols

  • A safe, reproducible offline lab and build scripts

  • Curated Windows Event and Sysmon IDs that surface meaningful behaviors

  • Practical hardening: tiering, LAPS hygiene, Credential Guard, auditing that works

  • Reporting patterns that tie technical signal to business risk

    Chapter 0 — Foundations & Acronyms
    Chapter 1 — Assessment Mindset & Methodology
    Chapter 2 — Building the Safe Lab
    Chapter 3 — Identity 101 in Windows Domains
    Chapter 4 — Kerberos in the Real World
    Chapter 5 — NTLM and Legacy Realities
    Chapter 6 — Directory Objects, Delegations & RBAC
    Chapter 7 — Group Policy Deep Dive
    Chapter 8 — Trusts, Forests, and Boundaries
    Chapter 9 — Name Resolution & Identity Discovery
    Chapter 10 — Admin Protocols I: SMB, RPC/DCOM
    Chapter 11 — Admin Protocols II: WMI & WinRM
    Chapter 12 — Remote Access: RDP & NLA
    Chapter 13 — Secrets & Protections: LSASS, LSA, SSO
    Chapter 14 — Telemetry Architecture
    Chapter 15 — SIEM/EDR/UEBA Integration
    Chapter 16 — Behaviors that Matter (MITRE ATT&CK)
    Chapter 17 — Hardening the Enterprise
    Chapter 18 — Designing for Resilience
    Chapter 19 — Executive Reporting & Risk Communication
    Chapter 20 — Putting It All Together

    Appendices
    A. Checklists & Templates (Scope, ROE, Evidence Logs)
    B. Event ID & Sysmon Quick Reference
    C. Lab Topologies & Build Scripts (Safe, Offline)

Die Inhaltsangabe kann sich auf eine andere Ausgabe dieses Titels beziehen.