Active Directory Attacks for Red and Blue Teams - Advanced Edition
A deep dive into Red Teaming – Practice attacks with focus on OpSec, Living Off the Land and bypassing security controls like MDI, WDAC and more in a secure multi-forest active directory lab environment. Earn the CRTE certification
Starts: 05 December 2025 Duration: 3 days
Video course included!
What You Will Learn
This 3 days class is designed to help security professionals understand, analyze and practice threats and attacks in a modern, multi-forest Active Directory environment with fully patched Server 2019 machines.
In addition to learning the popular tactics, techniques and procedures (TTPs), you will also see how they change for attacks across forest trusts. You will also learn how to abuse or bypass modern Windows defenses like Advanced Threat Analytics, Local Administrator Password Solution (LAPS), Just Enough Administration (JEA), Resource-Based Constrained Delegation (RBCD), Windows Defender Application Control (WDAC), Application Whitelisting (AWL), Constrained Language Mode (CLM), virtualization and more.
3 Days Class
8 Hrs Per Session
8 Weeks Lab Access
60 Flags To Be Collected
31 Lab Exercises
1 CRTE Attempt
Video course included
Build Your Cybersecurity Credentials
Become a Certified Red Team Expert (CRTE)
A certificate holder has demonstrated the capability of enumerating and understanding an unknown Windows network and can identify misconfigurations, functionality abuse and trusts abuse. She can use, write and modify open source tools and can abuse other built-in tools to perform enumeration, local privileges escalation, impersonation, pivoting, whitelisting bypasses, and antivirus evasion as well as identify sensitive data with minimal chances of detection.
Course Completion Certificate
Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.
Schedule
Daily 8 hours sessions start at 09:00am IST and end at 05:00pm IST.
DATE
TOPICS
05 December 2025
Introduction to Active Directory, Enumeration and Local Privilege Escalation
06 December 2025
Lateral Movement, Domain Privilege Escalation
07 December 2025
Dominance and Escalation to Enterprise Admins, Domain Persistence
Defenses, Monitoring and Bypassing Defenses
Prerequisites
1. A good understanding of Active Directory security.
2. The ability to use command line tools.
Syllabus
The course is split in four modules across three days:
Module I
Introduction to OPSEC followed in the course and focus on stealth
Introduction to Active Directory, attack methodology and tradecraft
Domain Enumeration (Attacks and Defense)
Enumerating information that would be useful in attacks with leaving minimal footprint on the endpoints
Understand and practice what properties and information to look for when preparing attack paths to avoid detection
Enumerate trust relationships within and across forests to map cross trust attack paths
Learn and practice escalating to local administrator privileges in the domain by abusing OU Delegation, Restricted Groups, LAPS, Nested group membership and hunting for privileges using remote access protocols
Credential Replay Attacks
Module II
Understand Microsoft’s EDR – Microsoft Defender for Endpoint (MDE)
Evading application whitelisting (WDAC)
Extract credentials from a machine that has MDE and WDAC configured
Domain Privilege Escalation by abusing Unconstrained Delegation: understand how unconstrained delegation is useful in compromising multiple high privilege servers and users in AD
Abusing Constrained Delegation for Domain Privilege Escalation by impersonating high privilege accounts
Using ACL permissions to abuse Resource-based Constrained Delegation
Domain Persistence Techniques
Module III
Advanced Cross Domain attacks. Learn and practice attacks that allow escalation from Domain Admins to Enterprise Admins by abusing MS Products and delegation issues
Lateral movement from on-prem to Azure AD by attacking Hybrid Identity infrastructure
Advanced Cross Forest attacks. Execute attacks like abuse of Kerberoast, SID Filtering misconfigurations etc. across forest trusts forests and understand the nuances of such attacks
Abusing SQL Server for cross forest attacks
More on advanced Cross Forest attacks like abuse of Foreign Security Principals, ACLs etc.
Abusing PAM trust and shadow security principals to execute attacks against a managed forest
Learn and execute attacks against trust transitivity.
Module IV
Learn about Microsoft Identity Protection (MDI) and its telemetry collection
Understand how MDI relies on anomaly to spot an attack
Bypass various MDI detections throughout the course
Learn about the Elastic stack and Sysmon, and how they help defenders
Bypass various Sysmon logs throughout the course.
Understand about privileges groups, security flags/settings that can be configured on the privilege accounts / groups.
Learn and understand the need to leveraging Privilege Administrative Workstation.
Learn and understand about Time Bound Administrations (JIT & JEA).
Learn about Tier Model & ESAE environment.
Learn about various security features such as Credential Guard, WDAC, MDI, LAPS, Protected Users Group etc.
Purchase Options
Purchase Includes
60 DAYS LAB ACCESS + ONE COURSE COMPLETION CERTIFICATE +
LIFE TIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT
₹39,999 / $444
*
₹35,999 / $400
*
.
.
Altered Security Instructors
MEET THE INSTRUCTORS
This class will be taught by security researchers from Altered Security.
All of our instructors regularly publish research, maintain open source tools, speak at conferences and local meet ups and have trained at conferences like Black Hat, DEF CON and other top hacker conferences.
As an organization Altered Security is an established industry expert in research and training on On Prem and Cloud Red Teaming.
Terms of Service © 2025 by Altered Security Solutions Pvt Ltd. All Rights Reserved Privacy Policy Code of Conduct