Contact US : +919999508202 [email protected]

active directory pentesting and security

Active Directory Pentesting and Security is an intermediate training to pentest and defends the on-prem active directory environments.
Active Directory implementations manage most enterprise networks, and security professionals must understand the critical threats to the Active directory infrastructure.
Active Directory Prntesting and Security training is designed to provide security engineers to understand, analyze and practice threats and attacks in an Active Directory environment. The course is based on our extensive research in breaking the Windows and AD environments.

The training will be organised via live instructor-led mode, and it is designed for anyone who understands the network infrastructure.

There is a large gap of knowledge that security professionals and administrators often struggle to fill when it comes to AD security. We often found misconfigured environments because of poor implementations and complex policies. Over the years, we have delivered numerous real-world training’s on AD security to internal engineering teams.
The Active directory pentesting and security simulates real-world attack and defence scenarios. We start with a non-admin user account in the domain and work our way up to enterprise admin. The focus is on exploiting various overlooked domain features, not just software vulnerabilities.
We cover topics like AD enumeration, automated & manual attacks, domain privilege escalation, domain persistence, Kerberos-based attacks (Golden ticket, silver ticket and more), ACL issues, SQL server trusts, and bypassing the defences with malware development and C2 servers.


Active directory pentesting

detailed syllabus

active directory pentesting foundations

  • Active Directory Implementation Overview
  • Kerberos and NTLM authentication procedure
  • Domain ACL and Sensitive groups overview
  • Understanding Domain Trusts and boundaries
  • Designing Active Directory Pentesting Lab for Pentesting
  • MITRE AT & CT Framework for Pentesters
  • Understanding the C & C for active directory pentesting
  • Comparison matrix of C2 servers
  • Cobalt strike and Sliver-c2 framework
  • Designing C2 profiles to avoid detections

initial access and windows api based attacks

  • Enumerating the organisation for initial access overview
  • Common public services insecurities
  • OSINT Primer for AD Pentesting
  • Windows API Overview
  • Process, threads, DLLs, Virtual memory
  • Creating payloads with windows API
  • Understanding the detection engineering and endpoint detections
  • Static and Dynamic analysis to bypass AV
  • Understanding the EDR and detections
  • Offensive VBA for pentesters
  • Developing malicious Doc for initial access
  • Stomping the malicious Documents
  • Crafting malware with JScript

privilege escalation and hunting common issues

  • Automated enumeration of vulnerabilities
  • Windows privilege escalation attacks
      • Services exploitation
      • Credential theft
      • Bypassing LSASS protections
      • UAC bypassing
      • Token impersonation
    • Password Spraying attacks
    • Pass the hash attacks
    • RDP access with Pass the hash
    • Accessing LAPS
    • Misconfigured Sysvol policies
    • Brute forcing hashes

in-memory executions and powershell primer

  • Basics of PowerShell cmdlets
  • File transfer with PowerShell
  • WMI and Powershell remoting
  • PowerShell Reverse shell and payloads
  • Payload execution on the fly 
  • Fileless attacks process and lifecycle
  • Reflective DLL loader with PowerShell
  • Obfuscation with PowerShell
  • Disabling defences and adding exclusions with PowerShell
  • Bypassing Restricted Admin mode
  • Understanding the AMSI service
  • Bypassing AMSI protections
  • Understating In-memory executions
  • Executing executable assemblies in memory
  • Enumerating users ,computer and groups
  • GPO , OU and ACL enumerations
  • Automating Domain enumeration with the bloodhound

attacking active directory


  • Understanding the Application whitelisting 
  • Bypassing the Powershell execution restrictions
  • Restricting executions with Applocker policies 
  • Default policies and Custom policies 
  • Bypassing the app locker policies with common whitelisted locations
  • Bypassing CLM with the living off the lands techniques
  • Understanding Delegations
  • Attacking Unconstraint delegations
  • Attacking Constraint delegations
  • Attacking Service Principal Names
  • Attacking service accounts
  • Targeted Kerberosting attacks
  • Kerberos double Hope Issues
  • Attacking certificate services
  • Persistence via certificate services

advanced active directory attacks

  • Distributed COM Model issues
  • Pass the ticket and overpass the hash attacks
  • Domain certificate service attacks
  • NTLM Relay Attacks
  • Attacking via sensitive groups to become domain administrator
  • Exploiting ACLs in AD
  • Understanding domain persistence
  • Dcsync attack
  • DSRM and DCshadow attacks
  • ADCS attacks
  • Silver ticket attack
  • Golden ticket attack
  • Zerologon attack
  • Defensive primer for security engineers
  • The Principle of (Endpoint) Least Privilege and Just Enough Administration
  • Principal of Documenting and monitoring the data.
who should attend this training?

This training is a core foundation training. Anyone who has basic Pentesting knowledge can join this training

why should i take this training?

Organizations want to protect their internal infrastructure from intruders, but there is a massive skill gap in the secure deployment of on-prem environment deployment. To fill the skill gap, we have designed this training for administrators and Pentesters. For Pentesters, it’s a golden opportunity to upgrade the existing knowledge. This course will prepare the overall mindset to execute the plans similar to APT Groups targeting the organisations. 

prerequisite of the training ?

The person should familiar with basic IT operations 

what is the total duration of the training ?

Active directory pentesting and security is an Instructor-led online training.

The total duration of the training is 25 hours.


A milestone in cyber security training and assessment. The trainer is extremely knowledgeable specially Naresh. You can say that he is an encyclopaedia of cyber security and has excellent customer service from Kirti and Richa.Prompt reply from them in management or other queries.Thank you for sharing such precious and valuable knowledge with us.Grateful and thankful
Anuvind Twari

Security enginer

This is the best place of learning for those seeking TRUE learning in cyber security…..there are many many institutes but amount of practical knowledge matters that one can have here….and also very friendly and professional faculty.

Amit goel


We're Here To Help!

head Office

3500 , 1st Floor , Raja Park , New Delhi -110034 , India

WORKING Hours - isT

M-S : 10 AM - 7 PM