For direct assistance contact us! +91-9999508202 [email protected]
Select Page

Active Directory Pentesting and Security 

Active Directory Pentesting and Security is an intermediate training to pentest and defends the on-prem active directory environments.
Active Directory implementations manage most enterprise networks, and security professionals must understand the critical threats to the Active directory infrastructure.
Active Directory Pretesting and Security training is designed to provide security engineers to understand, analyze and practice threats and attacks in an Active Directory environment. The course is based on our extensive research in breaking the Windows and AD environments.

The training will be organised via live instructor-led mode, and it is designed for anyone who understands the network infrastructure.

There is a large gap of knowledge that security professionals and administrators often struggle to fill when it comes to AD security. We often found misconfigured environments because of poor implementations and complex policies. Over the years, we have delivered numerous real-world training’s on AD security to internal engineering teams.
The Active directory pentesting and security simulates real-world attack and defence scenarios. We start with a non-admin user account in the domain and work our way up to enterprise admin. The focus is on exploiting various overlooked domain features, not just software vulnerabilities.
We cover topics like AD enumeration, automated & manual attacks, domain privilege escalation, domain persistence, Kerberos-based attacks (Golden ticket, silver ticket and more), ACL issues, SQL server trusts, and bypassing the defences with malware development and C2 servers.


Active directory pentesting




Active directory pentesting and security 1
module 1 : Active directory Pentesting and security Overview
  • Active Directory Implementation Overview
  • Kerberos and NTLM authentication procedure
  • Domain ACL and Sensitive groups overview
  • Understanding Domain Trusts and boundaries
  • Designing Active Directory Pentesting Lab for Pentesting


Active directory pentesting and security 2
module 2 : MITRE Framework and C2 Server Setup
  • MITRE AT & CT Framework for Pentesters
  • Understanding the C & C for active directory  pentesting
  • Comparison matrix of C2 servers
  • Setting up Cobalt strike and Sliver-c2 framework
  • Designing C2 profiles to avoid detections
Active directory pentesting and security 3
module 3 : Initial Access attacks and Windows API -101 for penetsters
  • Enumerating the organization for initial access overview
  • Common public-facing services insecurities
  • OSINT Primer for AD Pentesting
  • Windows API Overview
  • Process, threads, DLLs, Virtual memory
  • Creating malicious payloads with windows API
  • Understanding the detection engineering and endpoint detections
  • Static and Dynamic analysis to bypass AV engines
  • Offensive VBA for pentesters
  • Developing malicious Documents for initial access
  • Stomping the malicious Documents
  • Crafting malware with JScript
Active directory pentesting and security 4
module 4 : WIndows privilege escalation
  • Automated enumeration of vulnerabilities
  • Windows privilege escalation attacks
      • Services exploitation
      • Credential theft
      • Bypassing LSASS protections
      • UAC bypassing
      • Token impersonation
Active directory pentesting and security 5
module 5 : Powershell & in-memory Executions for pentesters
  • Understanding the basics of PowerShell cmdlets
  • File transfer with PowerShell
  • understanding WMI and Powershell remoting
  • PowerShell Reverse shell and payloads
  • Payload execution on the fly, avoid writing into disk
  • Fileless attacks process and lifecycle
  • Reflective DLL loader with PowerShell
  • Obfuscation with PowerShell
  • Disabling defences and adding exclusions with PowerShell
  • Bypassing Restricted Admin mode
  • Understanding the AMSI service
  • Bypassing AMSI protections
  • Understating In-memory executions
  • Executing executable assemblies in memory



Active directory pentesting and security 6
module 6 : Quick win attacks in active directory
  • Password Spraying attacks
  • Pass the hash attacks
  • RDP access with Pass the hash
  • Accessing LAPS 
  • Misconfigured Sysvol policies 
  • Brute forcing hashes 
Active directory pentesting and security 6
module 7 : Domain enumeration primer
  • Domain users enumeration
  • Domain computer enumeration
  • Domain groups enumerations
  • GPO and OU enumerations
  • Domain ACL enumerations
  • Automating Domain enumeration with the bloodhound
Active directory pentesting and security 8
module 8 : Appplication whitelisting and attacking Applocker polcies
  • Understanding the Application whitelisting 
  • Bypassing the Powershell execution restrictions
  • Restricting executions with Applocker policies 
  • Default policies and Custom policies 
  • Bypassing the app locker policies with common whitelisted locations
  • Bypassing CLM with the living off the lands techniques
Active directory pentesting and security 8
module 9 : Attacking Kerberos and ACL attacks
  • Understanding Delegations
  • Attacking Unconstraint delegations
  • Attacking Constraint delegations
  • Attacking Service Principal Names
  • Attacking service accounts
  • Targeted Kerberosting attacks
  • Kerberos double Hope Issues
  • Distributed COM Model issues
  • Pass the ticket and overpass the hash attacks
  • Domain certificate service attacks
  • NTLM Relay Attacks
  • Attacking via sensitive groups to become domain administrator
  • Exploiting ACLs in AD
Active directory pentesting and security 8
module 10 : Domain pesistence attacks and remidiations
  • Understanding domain persistence
  • Dcsync attack
  • DSRM and DCshadow attacks
  • ADCS attacks
  • Silver ticket attack
  • Golden ticket attack
  • Zerologon attack
  • Defensive primer for system administrators and security engineers
  • The Principle of (Endpoint) Least Privilege implementation
  • Principal of Just Enough Administration
  • Principal of Documenting and monitoring the data.
who should attend this training?

This training is a core foundation training. Anyone who has basic Pentesting knowledge can join this training

why should i take this training?

Organizations want to protect their internal infrastructure from intruders, but there is a massive skill gap in the secure deployment of on-prem environment deployment. To fill the skill gap, we have designed this training for administrators and Pentesters. For Pentesters, it’s a golden opportunity to upgrade the existing knowledge. This course will prepare the overall mindset to execute the plans similar to APT Groups targeting the organisations. 

prerequisite of the training ?

The person should familiar with basic IT operations 

what is the total duration of the training ?

Active directory pentesting and security is an Instructor-led online training.

The total duration of the training is 25 hours.

Active directory pentsting and

security inqurity form

11 + 8 =

Our clients


A milestone in cyber security training and assessment. The trainer is extremely knowledgeable specially Naresh. You can say that he is an encyclopaedia of cyber security and has excellent customer service from Kirti and Richa.Prompt reply from them in management or other queries.Thank you for sharing such precious and valuable knowledge with us.Grateful and thankful
Anuvind Twari

Security enginer

This is the best place of learning for those seeking TRUE learning in cyber security…..there are many many institutes but amount of practical knowledge matters that one can have here….and also very friendly and professional faculty.

Amit goel


We're Here To Help!


3500 , 1st Floor , Raja Park , New Delhi -110034


M-S: 10am - 11pm