Active Directory Attacks
Course Description
Active Directory is the backbone of enterprise networks. This course teaches advanced techniques to enumerate, exploit, and take over AD environments.
Learning Objectives
By the end of this course, you will be able to:
- Enumerate Active Directory comprehensively
- Exploit Kerberos vulnerabilities
- Perform credential attacks at scale
- Achieve domain dominance
- Maintain persistent access
- Evade detection in AD environments
Course Structure
Modules
Module 1: AD Fundamentals (6h)
- AD architecture
- LDAP and Kerberos
- Group Policy basics
- Trust relationships
- Forest and domain structure
Module 2: AD Enumeration (8h)
- BloodHound deployment
- LDAP queries
- PowerView usage
- AD Explorer
- Attack path identification
Module 3: Kerberos Attacks (10h)
- Kerberoasting
- ASREPRoasting
- Pass-the-Ticket
- Golden tickets
- Silver tickets
- Diamond tickets
Module 4: Credential Attacks (8h)
- Password spraying
- DCSync attacks
- NTDS.dit extraction
- LSASS dumping
- Credential relay attacks
Module 5: Lateral Movement (6h)
- Pass-the-Hash
- Over-pass-the-Hash
- WMI/WinRM abuse
- SMB relay
- DCOM abuse
Module 6: Privilege Escalation (6h)
- ACL abuse
- GPO abuse
- Certificate attacks
- Delegation attacks
- Resource-based constrained delegation
Module 7: Domain Persistence (6h)
- Skeleton key
- DSRM abuse
- AdminSDHolder
- SID history injection
- Domain controller persistence
Module 8: Forest Attacks (4h)
- Cross-forest attacks
- Trust abuse
- SID filtering bypass
- Forest compromise
Tools
| Tool | Purpose |
|---|---|
| BloodHound | AD visualization |
| Mimikatz | Credential extraction |
| Rubeus | Kerberos attacks |
| Impacket | Python AD tools |
| CrackMapExec | Network attacks |
| PowerView | AD enumeration |
Quick Navigation
📄️ Overview
Advanced AD exploitation: Kerberos attacks, domain persistence, and enterprise takeover