Sliver Mastery: Dominating Active Directory Through Advanced Trust Exploitation
Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.
Mastering the art of adversarial emulation with the most cutting-edge and advanced techniques is one of the keys to success for penetration testers. A definitive hallmark of an experienced ethical hacker is a meticulously crafted toolkit. But with an overwhelming array of tools at your disposal, how do you determine where to focus your efforts?
In this advanced technical demonstration, Bishop Fox Senior Security Consultant John Guylde showcases a complete domain compromise workflow using the Sliver command and control framework. Building on previous training sessions, Guylde demonstrates how to escalate from initial access to full enterprise dominance by exploiting often-overlooked Active Directory misconfigurations.
Session Summary
The session focuses on two critical attack phases: first leveraging Kerberos Relay and Resource-Based Constrained Delegation (RBCD) to gain domain admin access, then exploiting bidirectional trust relationships and SID history to pivot from the compromised "Marine" domain controller to the "King's Landing" enterprise domain. Throughout the demonstration, Guylde explains the underlying mechanics of each technique—from creating rogue computer accounts and manipulating delegation settings to crafting golden tickets with extra SIDs to bypass trust boundaries.
What makes this session particularly valuable is its emphasis on practical tradecraft rather than just theoretical concepts. Guylde demonstrates real-world challenges like character limits in command execution, troubleshooting ticket delegation issues, and proper operational security considerations when choosing between RC4 and AES256 encryption for Kerberos tickets. The demonstration concludes with proper cleanup procedures to remove evidence of the attack, reinforcing the importance of responsible testing methodology. By integrating tools like Bloodhound for visualization, LDAP queries for reconnaissance, and Rubeus for Kerberos manipulation, the session provides a comprehensive framework for understanding and executing sophisticated Active Directory attacks within a controlled testing environment.
Who Should Watch
This advanced technical session is ideal for penetration testers seeking to enhance their Active Directory attack capabilities, red team operators developing multi-stage attack campaigns, security engineers responsible for hardening domain environments, and security architects designing trust relationships between domains. Viewers should have foundational knowledge of Active Directory concepts and basic familiarity with offensive security tooling.