Currently corporate networks consist of Active Directory environments. However, most renown network pentesting courses don’t learn much about how to pentest and abuse AD. This was the reason for me to start looking for courses where I could get knowledge on this topic. After googling and reading some of the reviews I knew next course I would pick was from pentesteracademy.com. Read below why…
About the course
PentesterAcademy.com currently offers three courses related to attacking AD networks. This courses are very hands-on, where most important part is the lab where you can practice the skills learned from the course content. I decided to take first and easiest one from the three offered, named Active Directory Attack and Defense. Pricing model of each course depends on how long you wish to get access to labs. For me I picked 30 days for this course as I already had some knowledge in this topic and paid for it from my own pocket.
What are you paying for
- course PDF
- materials in the form of recorded videos, following the mentioned above PDF
- learning objectives – the exercises you perform in the lab (you should follow them up if you think about passing exam)
- one certification attempt to obtain Certified Red Team Professional (CRTP)
- excellent support team who can help not only during exam but also when you are practice in the labs
- and of course access to the labs that you connect through VPN
Few words about curse content
What you will be learning can be found on this course page. The key focus of this course is not different type of attacks or exploit use, but rather use of build in tools to abuse misconfigurations in AD. So you will not have to download or execute any external executables with few exceptions. Everything you learn in the course can be done with help of PowerShell scripts which is great for OPSEC and staying under the radar.
What I found most interesting was the great part about domain enumeration, for instance tools like PowerView and Bloodhound, which I have never used before until I took the course. Now I have a feeling that I learned how to use them. Good enumeration I a key to success on any pentest or red team operation and was also the key to succeed during my certification exam.
Moreover I learned how to move laterally with help of PowerShell Remoting and over Pass the Hash technique with help of Mimikatz tool. Big chunk of course content are domain persistence techniques. So once you will get through the material and practice in the labs you will have knowledge how to perform many of possibile techniques. To name a few most known techniques: Golden and Silver Tickets, Skeleton Key, DCSync and few more… Additionally you learn how to defend, so this course is not exclusively useful to offense specialists/red teamers.
After finishing several courses and having obtained few certifications I learned how important it is to keep and write notes while you learn and do exercises. For the purpose of keeping notes during this course I used cherrytree. Having good and structured notes helps you go back everytime you need to refresh what you learned.
The exam is very hands-on and similar to OSCP style. You are getting access to AD environment through VPN. You have to obtain code execution on each of the servers connected to AD. Your timeframe is 24 hours to finish the exam and 48 hours to submit a valid report describing your steps. I myself had completed all the objectives within 14 hours and used the next day to write a professional report. I wouldn’t get that exam done without good notes and completing all of the learning objectives from the course. Next day I received an email confirmation and an online badge.
If you are interested in getting fundamental knowledge on how to attack/abuse/pentest Active Directory networks I think there is currently no better place to learn from than from PentesterAcademy courses. I will definitely go up on to the next “harder” ones. I highly recommend Active the Directory Attack and Defense course and most important labs where you can practice what you learned.