Attacking and Defending Active Directory: Beginner's Edition [May 2025]
Our 4-week beginner bootcamp teaches you how to get started with Red Teaming. It covers AD enumeration, trust mapping, Kerberos based attacks, defense bypasses and more! Earn the Certified Red Team Professional (CRTP) certification.
Starts: 17th May 2025 Duration: 4 weeks
Recordings of live sessions included!
.png)
What You Will Learn
This is a 4-week beginner-friendly bootcamp is designed to get you started with Red Teaming. The course teaches security professionals how to identify and analyze threats in a modern Active Directory environment. The bootcamp will cover topics like Active Directory (AD) enumeration, trust mapping, domain privilege escalation, Kerberos based attacks, SQL server trusts, defenses and bypasses of defenses.
The bootcamp will teach you how to attack and defend Enterprise Active Directory environments and will give you an opportunity to become a Certified Red Team Professional (CRTP).
4 Live Sessions
4 Hrs Per Session
4 Weeks Access
40 Flags To Be Collected
23 Lab Exercises
1 CRTP Attempt
Recordings Of Live Sessions
Build Your Cybersecurity Credentials
Become a Certified Red Team Professional (CRTP)
Get the industry-recognized CRTP certification! A certificate holder has demonstrated the understanding of Red Teaming and AD security. She can enumerate and execute variety of attack techniques like local and domain privilege escalation, persistence, trust abuse and antivirus evasion with minimal chances of detection.
Bootcamp Completion Certificate
Attendees will also get a course completion certificate after completing Learning Objectives covered during the course.
.png)
Live Session Schedule
Weekly 4 hours sessions start at 10:00am ET and end at 02:00pm ET.
DATE
LIVE SESSIONS
17 May 2025
Introduction to Active Directory, Enumeration and Local Privilege Escalation
24 May 2025
Lateral Movement, Domain Privilege Escalation and Persistence
31 May 2025
Domain Persistence, Dominance and Escalation to Enterprise Admins
07 June 2025
Defenses, Monitoring and Bypassing Defenses
Prerequisites
1. A basic understanding of Active Directory
2. The ability to use command line tools on Windows
Bootcamp Syllabus
The course is split in four modules across four weeks:
Module I: Enumeration, Offensive PowerShell and .NET Tradecraft
Enumerate useful information like users, groups, group memberships, computers, user
properties, trusts, ACLs etc. to map attack paths
Learn and practice different local privilege escalation techniques on a Windows machine
Hunt for local admin privileges on machines in the target domain using multiple methods
Abuse enterprise applications to execute complex attack paths that involve bypassing antivirus and pivoting to different machines
Learn how PowerShell tools can still be used for enumeration.
Learn to modify existing tools to bypass Windows Defender.
Bypass PowerShell security controls and enhanced logging like System Wide Transcription, Anti Malware Scan Interface (AMSI), Script Blok
Logging and Constrained Language Mode (CLM).
Learn how to modify and use .NET tools to bypass Windows Defender and Microsoft Defender for Endpoint (MDE).
Learn to use .NET Loaders that can run assemblies in-memory.