← Home
Home  /  Course
AD Pentesting Course

Active Directory Pentesting

Nine progressive modules covering the full Active Directory attack chain — from foundational theory through enumeration, network and Kerberos attacks, ACL abuse, lateral movement, privilege escalation, persistence, and professional reporting. Modules 01–06 are live; 07–09 are in development.

All modules
Module 01
AD Fundamentals
Kerberos authentication flow, LDAP basics, DNS in AD, trust relationships, the AD object model, and ACL overview. The theoretical foundation before any attacks.
Kerberos LDAP DNS ACLs Trusts
Live
Module 02
Enumeration
BloodHound, ldapdomaindump, CrackMapExec, and PowerView. What to enumerate: users, groups, computers, ACLs, SMB shares, and GPOs. Building an attack map.
BloodHound CrackMapExec PowerView LDAP
Live
Module 03
Network Attacks
LLMNR/NBT-NS poisoning explained. Responder setup and NTLMv2 hash capture. SMB relay theory and execution. Cracking captured hashes with Hashcat.
LLMNR Responder SMB Relay NTLMv2
Live
Module 04
Kerberos Attacks
AS-REP Roasting and Kerberoasting — theory, tooling, and hash cracking. Pass the Ticket. Silver Ticket and Golden Ticket overview and impact.
Kerberoasting AS-REP Pass the Ticket Golden Ticket
Live
Module 05
ACL Abuse
GenericWrite, WriteDACL, ForceChangePassword, AddMember. Targeted Kerberoasting via ACL. Reading and exploiting ACL chains in BloodHound.
GenericWrite WriteDACL BloodHound Targeted Kerberoasting
Live
Module 06
Lateral Movement
Pass the Hash. Execution via WMI, PSExec, WinRM, and DCOM. RDP hijacking. Using CrackMapExec to move through the network systematically.
Pass the Hash WMI PSExec CrackMapExec
Live
Module 07
Privilege Escalation
Local privilege escalation paths on Windows. Token impersonation, service misconfigurations, DLL hijacking, and unquoted service paths in a domain context.
Token Impersonation Service Abuse DLL Hijacking
Coming Soon
Module 08
Persistence
Golden Ticket persistence, DCSync, scheduled tasks, registry run keys, WMI subscriptions, and skeleton key attacks for maintaining domain access.
DCSync Golden Ticket Skeleton Key
Coming Soon
Module 09
Reporting
Writing professional pentest reports. Finding severity ratings, executive summaries, technical evidence, remediation steps, and report templates.
Report Writing CVSS Remediation
Coming Soon