Course Overview
Active Directory (AD) is the backbone of nearly every enterprise Windows environment β and the most targeted component in modern cyber attacks. This course provides an in-depth, hands-on journey through attacking and compromising AD environments using techniques seen in real red team engagements and advanced persistent threat (APT) operations.
From initial domain exploitation and post-compromise enumeration through Kerberos abuse, credential dumping, lateral movement, and persistence, this course covers the full attacker lifecycle inside a Windows domain. You will use tools like BloodHound, Mimikatz, Impacket, and CrackMapExec in a dedicated lab environment.
Prerequisites
Students should have a solid understanding of Windows networking, basic Active Directory concepts (users, groups, GPOs), and experience with the Linux command line. Completion of the Network Penetration Testing or Ethical Hacking course is recommended.
Training Modules
- BloodHound
- Kerberos Username Bruteforce
- BloodyAD
- Ldeep
- Net RPC
- PowerView
- Pywerview
- RPC Client
- Shadow Credentials Attack
- ASReproasting
- Kerbroasting
- AD User Comment
- GMSA
- LAPS
- Pre2k
- Reversible Encryption
- Constrained Delegation
- Unconstrained Delegation
- DMSA
- Petitpotam
- DACL
- ADCS Attack
- RBCD
- AdminSDHolder
- Computer Accounts
- DC Shadow Attack
- DSRM
- Golden Certificate Attack
- Skeleton Key
- Pass The Hash Attack
- Pass The Ticket Attack
- Pass The Certificate
- Pass The Ccache
- Over Pass The Hash
- NTDS
- Diamond Ticket Attack
- Sapphire Ticket Attack
- Golden Ticket Attack
- DCSync Attack