applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Active Directory Attacks for Red and Blue Teams

Register for the March 12-13, 2-day course

Nikhil Mittal


Enterprises are managed using Active Directory (AD), which often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack the ability to tackle the latest threats.

This training is aimed towards attacking the modern AD Environment using built-in tools like PowerShell and other trusted OS resources. The training is based on real world penetration tests and Red Team engagements for highly secured environments.

The course is a mixture of fun, demos, exercises, hands-on, and lectures. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools.

Attendees will get free one-month access to an Active Directory environment comprising of multiple domains and forests, during and after the training. This training aims to change how you test an Active Directory Environment.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Key Learning Objectives:

Some of the techniques used in the course include:

You will receive one-month access to the online Lab, solutions to exercises and the Lab manual. The attendees will learn powerful attack techniques that could be applied from day one, after the training, and understand that it is not always required to use third party executables, non-native code or memory corruption exploits on the targets in AD.


Day 1: AD Essentials, getting a foothold and escalating privileges Day 2: Lateral movement across trusts, persistence, defenses, and bypasses


What you will need to bring:

System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.