Attacking and Defending Active Directory Lab Journey

Hello All,


The purpose of this post is to write the review about Attacking and Defending Active Directory Lab course which is hosted by Pentester Academy & designed by Nikhil Mittal. This course is all about performing Red Teaming assessment with assume breach mentality and completing the objectives which are like exercise after each topic. There are 3 options to opt for the labs 30 Days, 60 Days, 90 Days. You can choose any option depending on the time you will spend in the labs and watching the video tutorials. I opted for 30 Days lab as I had already completed the Windows Red Team Lab & knew most of the concepts about the active directory attacks. I have also wrote the review about Windows Red Team Lab course you can click here to read. The reason I opted for this course was to clear & improve my conceptual knowledge about the topics covered in the course. The best part of the course is that it covers the defensive approach which can help in creating detection rules & securing the active directory environment by implementing the security features & solutions provided by Microsoft.

What is Red Team ?

Red team is a independent group which challenges an organization to improve its effectiveness by adopting an adversarial approach. More or less the objective of red team is to evaluate detection, prevention & response capabilities of the organization.

What does Assume Breach means ?

Assume Breach is a mindset which limits the trust placed for application, services, identities and networks by treating them all (both internal & external) as not secure and probably already compromised. It means the organization accepts the fact that an attacker will succeed at any cost and then build the defenses accordingly.

LAB Network

Course Review

The course provides complete video tutorial about various active directory attack vectors. The course also covers the approach to detect and prevent the active directory attacks by monitoring for specific event logs and by implementing various security features / solutions provided by Microsoft to secure the enterprise environments. There are 23 objectives with multiple task after almost each video tutorial about the topic. The concept which I really liked about the course is that you can follow the videos and complete the objectives to gain good understanding about the topic. Lab guide is provided with the course content which has the complete solution for all the objectives so that you can refer the lab guide if you are stuck while trying to complete the objective. Students will be provided with VPN access to the student machine (Windows Server 2016) with low privilege user in the Active Directory. The machine is connected to the Active Directory and has antivirus running. Student machine can be connected only via RDP after connecting the VPN.

Topics Covered in the Course

Note - The topic mentioned below are not in sequential order
  1. Local privilege escalation
  2. Domain privilege escalation
  3. Domain enumeration
  4. Forest enumeration
  5. Domain & Forest trust enumeration
  6. Command execution using MSSQL
  7. Lateral movement using MSSQL
  8. Pass-the-hash
  9. Over-pass-the-hash
  10. Pass-the-ticket
  11. Lateral movement
  12. Brute forcing login
  13. Bypassing powershell constrained language mode
  14. Overcoming powershell remoting double hop issue
  15. Bypassing AMSI / Antivirus
  16. Kerberoasting
  17. Constrained delegation
  18. Unconstrained delegation
  19. Escalating privileges to enterprise admin
  20. Cross forest privilege escalation
  21. Approach to detect attacks
  22. Approach to defend the active directory environment
Exam Review

The exam is completely an practical exam. There are 5 systems in the exam with forest environment. Students are given 24 hrs to complete the exam & 48 hrs to write the detail report & submit the report. The report should contain the step by step walk through of the compromised system. It should also contain the practical recommendation for all the misconfiguration which student has exploited to gain access on the system. The goal of the exam is to gain command execution on the system with any privilege.
I was able to compromise 5/5 systems in exam. I would like to say if you have completed the objectives in the lab then the exam is very easy.

Worth for Money

I would like to say yes the course is worth the money what you spend and what you learn. This is the cheapest course available to learn about active directory attacks & defense. Even if you are experience in Red Teaming and want to learn about active directory attacks in depth then you can opt for this course. The course is completely beginner friendly.

Note - This is my perspective about the course & the value for which it is being sold. You can agree or disagree on my views. 

List of Tools / Frameworks Used
  1. Nishang
  2. Powersploit
  3. Mimikatz
  4. Kekeo
  5. PowerUpSQL
  6. Powercat
  7. Hashcat
  8. JohnTheRipper
  9. HeidiSQL
  10. BloodHound
All the tools are present on the student machine. There are few more tools which you will come across in the course. 


Finally on the next day after submitting the report I got the confirmation from Pentester Academy that I have cleared the exam. They also acknowledge over twitter.

I will suggest this course to everyone who want to learn about active directory/ red teaming & grow their knowledge from basic to intermediate level.

Thanks for reading the post.

Thanks to Nikhil Mittal for creating such a great Lab & Pentester Academy for hosting.

Special Thanks to all my friends who help / supported / motivated me for writing blogs. 🙏


Post a Comment

Popular posts from this blog

GadgetToJScript, Covenant, Donut

Introduction to Callidus

Process Injection - Part V