Breaking Active Directory

Min. Attendees
Max. Attendees
3 days
Laptop, Installed Hypervisor (VirtualBox/VMware)


Explore the insights of attacking an Active Directory environment, learn common attack paths and dive into the position of an attacker exploiting and laterally moving in a realistic environment. Throughout a 3-day course the participants will be guided from exploring a typical environment to take full control of the network with persistent access.

Targeted Audience

This training is made for IT-Security professionals, who would like to take the seat of an attacker to exploit an Active Directory environment. There are no hard-bound knowledge requirements to take this course, however the following experiences are helpful:

  • Basic experience with typical Windows and Active Directory environments
  • Basic knowledge of core Windows technologies and terms, such as the Kerberos and NTLM authentication protocols
  • Basic knowledge of Unix Systems
  • Experience with common enumeration and exploitation techniques


This training is set up as a 3-day course in which the participants will explore and exploit a realistic Active Directory environment. This course aims to achieve the following learning objectives:

  • Learn and strengthen knowledge about basic Active Directory terminology, components and protocols.
  • Exploring weaknesses and attack paths
  • Analysis and development of exploits and design weaknesses
  • Practical, hands-on experience in exploring, exploiting and movement within an Active Directory environment

Day 1:

  • Welcome round, training course overview and setup
  • Mapping of the target environment
  • Identification of weaknesses and planning of initial access
  • Gaining initial foothold
  • Enumerating the target, shaping of privilege escalation plans
  • Escalating to local admin

Day 2:

  • Wrap-Up of Day 1, Revisiting goals and attack paths
  • Enumerating the network
  • Identification of weaknesses and planning of lateral movement
  • Lateral movement and credential harvesting
  • Unravelling and mapping of the Active Directory environment
  • Enumerating weaknesses in key components
  • Escalating privileges

Day 3:

  • Wrap-Up of Day 2, Revisiting goals and attack paths
  • Chaining attacks and privileges to exploit high value targets
  • Gaining access to core components
  • Becoming Enterprise Admin
  • Review and detailed analysis of key weaknesses
  • Wrap-Up and closing

Contact for Trainings

Talk to Our Experts
Bastian Kanbach
Senior Security Consultant
Bastian is part of our Offensive Security Team delivering tailored security assessments and Red Team exercises that fit the requirements of our clients. He specializes in network and infrastructure security.