On This Page

Active Directory attacks for Red and Blue Teams

Pentester Academy | July 22-23 & July 24-25


Day1 – PowerShell Essentials and Getting a foothold

  • Introduction to Active Directory and Kerberos
  • Introduction to PowerShell
  • Exploiting MSSQL Servers
  • Client Side Attacks
  • Domain Enumeration and Information Gathering
  • Local Privilege Escalation
  • Credential Replay Attacks
  • Domain Privilege Escalation
  • Dumping System and Domain Secrets

Day 2

  • Kerberos Attacks and Defense (Golden, Silver tickets and more)
  • Abusing Cross Domain Trusts
  • Delegation Issues
  • Persistence Techniques
  • Abusing SQL Server Trusts in an AD Environment
  • Backdoors and Command and Control
  • Other trusts in AD
  • Detecting attack techniques
  • Defending an Active Directory Environment

Who Should Take this Course

Red and Blue Teams, Pentesters, Network and System Administrators, Security Researchers

Student Requirements


  • Basic understanding of how penetration tests are done.
  • Basic understanding of Active Directory.

What Students Should Bring

  • Laptop with at least 4GB RAM
  • 40GB free space for class material
  • Admin/Root access to install/remove software and settings

What Students Will Be Provided With

  • One month access to the online Lab, solutions to exercises, sample source code, Lab manual, Lab machines (VM), updated tools and extra slides explaining things which could not be covered.
  • Students will learn powerful attack techniques which could be applied from day one after the training.
  • Students will understand that it is not always required to use third party executables, non-native code or memory corruption exploits on the targets.


Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 8+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients. He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences. He has spoken/trained at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Shakacon, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, EuSecWest and more. He blogs at http://www.labofapenetrationtester.com/