CyberGen

Contact Us

Bootcamp: Active Directory Penetration Testing

Our 6-week bootcamp on Active Directory Penetration Testing is designed to equip you with the essential skills for executing effective Active Directory penetration tests. Dive deeper into techniques for achieving Initial Foothold on an internal network, Active Directory Enumerations, Privilege Escalation/Lateral Movement, Domain Dominance, Trust Mapping, Kerberos-based attacks, and more. This hands-on training will prepare you to tackle real-world AD security challenges.

  • 8 Live Sessions
  • 4 Hours Per Session
  • Dedicated Lab Environments
  • Access to Recorded Sessions
  • Certificated of Completion

$998

Date:  TBD  

Duration: 4 weeks

Mode: Virtual

Enroll Now
What You Will Learn
Who Should Take This Course
Course Prerequisites
What Attendees Receive
Module I: Introduction To Penetration Testing
  • Understanding Penetration Testing: Gain a clear insight into what penetration testing is and its purpose.
  • The Importance of Penetration Testing: Learn why penetration testing is critical for identifying vulnerabilities, attack vectors and strengthening an enterprise’s security posture.
  • Penetration Testing Limitations: Understand the boundaries and constraints of penetration testing, including time, scope, and resource limitations.
  • Penetration Testing Logistics: Explore the practical aspects of planning and executing a penetration test, from engagement to reporting.
  • Active Directory Penetration Testing Kill Chain: Walkthrough the phases of the Active Directory Kill Chain in the context of conducting a Windows Active Directory penetration test, understanding the unique challenges and techniques involved in targeting AD environments.
Module II: Active Directory Overview
  • Understanding Domains, Forests, Organizational Units (OUs), and Domain Trusts: Learn how these core components form the foundation of Active Directory (AD) and how they are used to manage and structure enterprise networks efficiently.
  • User Account and Group Management: Master the process of creating, managing, and securing user accounts, groups, and permissions to enforce access control and security policies within an Active Directory environment.
  • Active Directory Authentication Protocols: Gain in-depth knowledge of Kerberos authentication, its role in securing identity verification, and how attackers exploit weaknesses in AD authentication mechanisms.
Module III: Gaining Initial Foothold
  • External OSINT for Usernames Harvesting: Learn how to leverage Open-Source Intelligence (OSINT) to gather usernames and other critical information as part of an internal Active Directory penetration test.
  • Internal Network Mapping & Resource Discovery: Use network services such as DNS, LDAP, and NetBIOS to identify Domain Controllers, DNS servers, LDAP servers, and other network assets. Master tools such as dig, nslookup, and nmap for efficient reconnaissance activities.
  • Password Spray Attacks: Execute password spraying attacks against protocols such as Kerberos and SMB using tools such as Kerbrute and NetExec to harvest weak credentials.
  • Abusing NBNS/LLMNR for Credential Harvesting: Exploit weaknesses in NBNS (NetBIOS Name Service) and LLMNR (Link-Local Multicast Name Resolution) to capture and crack NTLM password hashes, allowing unauthorized access to critical systems.
  • NTLM Relay Attacks: Learn to execute NTLM Relay attacks to gain an initial foothold within an Active Directory environment.
  • Exploiting Active Directory Misconfigurations – AS-REP Roasting: Discover how to abuse misconfigured user accounts that do not require pre-authentication (AS-REP Roasting) to extract and crack encrypted Kerberos Ticket Granting Service (TGS) hashes for domain credentials.
Module IV: Network Propagation
  • Situational Awareness
    • Learn both manual and automated techniques for Active Directory enumerations using tools such as NetExec and BloodHound, ensuring effective target discovery and attack planning.
    • Master BloodHound to visualize and analyze Active Directory attack paths, understanding its role in Penetration Testing operations.
    • Explore how to enumerate ACLs (Access Control Lists) to uncover misconfigured permissions and privilege assignments that can be used to exploit the target domain.
    • Understand how enumerate users, groups, group memberships, computers, and user properties, even with minimal privileges.
    • Learn how to enumerate and analyze trust relationships within and between Active Directory forests, and extract critical security details.
  • Privilege Escalation and Lateral Movement
    • Master Kerberos protocol abuses, including Kerberoasting, Kerberos Delegation attacks, to escalate privileges and move laterally within the domain.
    • Learn how to enumerate and exploit domain objects with unconstrained delegation enabled, allowing privilege escalation to high-value targets.
    • Discover how to identify and exploit objects with constrained delegation enabled, escalating privileges to access specific services on machines.
    • Enumerate computer objects and service accounts that have Resource-Based Constrained Delegation enabled, allowing attackers to impersonate privileged accounts.
    • Identify and exploit misconfigured Access Control Lists (ACLs) to gain unauthorized access and escalate privileges within Active Directory.
    • Leverage common Active Directory misconfigurations, weak security policies, and poor user habits to escalate privileges and maintain persistence within the network.
  • Domain Dominance
    • Learn how to abuse Active Directory Certificate Service (AD CS) misconfigurations to escalate privileges and establish long-term domain dominance.
    • Master domain persistence techniques by forging Golden, Silver, Diamond, and Sapphire Tickets, allowing attackers to maintain persistent access with Domain Admin privileges.
  • Domain Trust Abuse
    • Learn how to execute attacks across Domain Trust relationships to escalate privileges from one domain to another, ultimately achieving Enterprise Admin access and full control over multi-domain environments.
    • Learn how Active Directory trust relationships between domains and forests can be abused for privilege escalation and lateral movement across on enterprise environment.
    • Explore how SID Filtering, a security mechanism designed to prevent privilege escalation across domain trusts, can be bypassed to gain unauthorized access to trusted domains and forests.
Module V: Penetration Testing Closure
  • Generating a Comprehensive Penetration Test Report: Learn how to document findings, exploited vulnerabilities, attack paths, and recommendations in a clear and professional penetration test report that provides actionable insights for remediation.
  • Conducting a Readout Meeting with Stakeholders: Gain the skills to effectively communicate penetration test results to technical teams, security leadership, and executives, ensuring that vulnerabilities and their potential impact are well understood.
  • Planning the Remediation Process & Retesting Strategies: Develop structured remediation plans to address identified vulnerabilities and misconfigurations, and establish retesting strategies to validate security improvements and ensure that risk mitigation measures are effectively implemented.
  • Attendees should be comfortable with penetration testing concepts and tools.
  • Attendees should be should have basic understanding of Active Directory concepts.
  • Attendees should be familiar with Microsoft Windows environments.
  • Access to high speed internet.
  • Basic understanding of Active Directory.
  • Comfortable navigating Windows Operating System command line.
  • Comfortable navigating Linux Distribution terminal.
  • Access to dedicated lab environment.
  • Access to recorded sessions.
  • Access to course slides.
  • Penetration Test Report Template.
  • Certificate of completion.
Meet The Instructor

Stephen Kofi Asamoah

Stephen Kofi Asamoah is an Offensive Security professional, Researcher, Speaker, and a Cybersecurity Teacher with a deep passion for Active Directory security, attack researches, and defense strategies. With over 15 years of experience in Offensive Security, he has worked with Fortune 100 companies, executing various Offensive Security exercises, developing specialized tooling, and delivering high-impact security trainings.

Stephen specializes in assessing enterprise environments through innovative attack techniques, advanced adversary simulations, and defense bypass strategies. He has worked extensively on Active Directory environments, focusing on attack methodologies, privilege escalation, lateral movement, and domain dominance.

Stephen has been a presenter at leading Cybersecurity conferences such as DEF CON, ISACA and more, sharing his expertise on Offensive Security tactics, enterprise security challenges, and cutting-edge attack techniques.