1. What is a Domain Controller, what purpose does it serve in an enterprise environment, what software/hardware combination does it run on, and why would an attacker be interested in compromising a Domain Controller? Additionally, what is the name of the file that stores the user credentials and associations and where is it located on the system? What ways could an attack acquire the file or its content and what dependencies, tools, and techniques would be required?
  2. Kerberos is the primary system used for authorization and authentication in Windows Domains. Explain how Kerberos works, which information security services does it provide, and any limitations/security considerations/vulnerabilitiesassociated with Kerberos, the way it issues tickets, or the tickets themselves that an attacker could exploit? Provide the names of the different types of attacks and a short explanation of how they work and what the attacker achieves by performing them
  3. Explain what a hash value is, why it is considered to be a highly unique, and at least three examples of how it is used in information security with a short explanation for each.
  4. What is an indicator of compromise (IOC)? Provide at least four examples of different kinds of actionable indicators of compromise and explain how they are implemented by enterprise cyber security teams. Note: Much like in the discussion board posting, I am not looking for behavioral indicators
  5. Explain the role of Group Policy, how it works, what purpose it serves in an enterprise environment, and why we would want to use it. Assuming we wanted to push an update to the client machines on a network immediately, explain the process for doing so using Group Policy on both the server and client machines.
  6. Explain the purpose of Active Directory (AD), the name of the server active directory resides on, its naming schema and organizational structure, how it is implemented by organizations, and the relationship between AD and LDAP.
  7. Explain how a user’s password is stored on a local Windows system, how it is stored on a domain, the location for both, and then the authentication process for each to log a user onto the system. If an attacker is able to acquire the stored passwords, identify what an attacker would need to do to use them to move laterally in the network. Provide the specific name for each of the two attacks