Here for AD Workshop?
Rudrasec

Active Directory Security Attack and Response

Attacking, Defending and Investigating Active Directory

A comprehensive deep dive into Windows Active Directory from the perspective of both attackers and incident responders. Highly technical and hands-on with extensive lab focus for real-world skills.

View Course DetailsJoin the Waitlist!

Why Choose This Training?

Designed for both offensive and defensive security professionals. Learn attacker tradecraft and build robust detection and response strategies.

For Attackers & Defenders

Execute common Kerberos attacks and domain compromise techniques while building detection strategies for incident responders.

Advanced Attack Techniques

Kerberoasting, AS-REP Roasting, Golden/Silver/Diamond Ticket attacks, and delegation exploitation with specific Event ID monitoring.

Detection & Response Focus

Learn specific Event IDs for monitoring malicious activities, detection strategies, and prevention methods for enterprise security.

Course Curriculum

In-depth technical content from foundational to advanced topics with extensive hands-on labs

Active Directory Fundamentals

  • • Forests, Domains, and Organizational Units (OUs)
  • • SIDs, RIDs, and functional levels
  • • Windows Security Model and Access Control
  • • Security Access Tokens and Security Descriptors

Authentication Mechanisms

  • • Local and domain authentication breakdown
  • • NTLM protocol and security implications
  • • Kerberos protocol fundamentals
  • • NTLM Relay prevention and SMB signing

Attack & Defense Tactics

  • • NTDS.DIT file theft and password guessing
  • • GPO misconfigurations and object permissions
  • • Machine account misuse detection (Event ID 13)
  • • Kerberos ticket monitoring (Event IDs 4768, 4769)

Kerberos Exploitation

  • • Kerberoasting and AS-REP Roasting
  • • Golden, Silver, and Diamond Ticket attacks
  • • Prerequisites, walkthroughs, and detection
  • • GPO creation/modification monitoring

Delegation Attacks

  • • Unconstrained, Constrained, and Resource-Based delegation
  • • Privilege escalation through delegation abuse
  • • Domain compromise techniques
  • • Detection and prevention strategies

Target Audience

  • • Security professionals deepening AD expertise
  • • Penetration testers and red team members
  • • Incident responders and threat hunters
  • • System administrators and security architects

Who Will Learn What

The course is designed with both red teamers and defenders in mind. This course provides specialized learning objectives tailored for both offensive security professionals (Red Teams) and defensive security teams (Blue Teams/Incident Responders).

For Red Teams (Attackers)

Execute Common Kerberos Attacks

Learn to understand and execute common Kerberos attacks within an Active Directory environment.

Achieve Domain Compromise

Gain the necessary technical details to move from initial access to a full domain compromise.

Leverage Active Directory Misconfigurations

Learn how to misuse Group Policy Objects (GPOs) to deploy ransomware, unharden systems, or add backdoor accounts.

Master Credential Theft Techniques

Understand and perform attacks like Pass the Hash, NTLM Relay, Kerberoasting, and ticket forging (Golden, Silver, and Diamond tickets) to steal credentials and escalate privileges.

Abuse Permissions and Delegation

Learn how to exploit DACL abuse, misuse AdminSDHolder, and leverage Kerberos delegation types (Unconstrained, Constrained, and Resource-Based) for privilege escalation and persistence.

For Blue Teams (Incident Responders)

Understand Attacker Tradecraft

Gain a superb understanding of attacker techniques and tradecraft in Active Directory environments.

Build Robust Detection Strategies

By learning attack vectors, you can build a more robust detection and response strategy.

Monitor Key Event IDs

Identify and monitor crucial Windows Event IDs for signs of malicious activity, such as GPO creation (EID 5137), modifications (EID 5136), and suspicious service ticket requests (EID 4769).

Hunt for Malicious GPOs

Learn how to review and analyze GPOs for backdoors, malicious scheduled tasks, and registry changes that unharden systems.

Harden Active Directory

Learn security measures such as the Tiered Admin Model, LAPS (Local Administrator Password Solution), and Protected Users Group to protect privileged accounts and secure remote administration.

Detect and Prevent Lateral Movement

Monitor controls like SMB Signing, LDAP signing, and firewall policies to stop or detect lateral movement within the network.

Course Pricing

Join the waitlist for our comprehensive Active Directory Security training

TBD
One-time payment
1-year full access to all content
Recorded video content & lab materials
PDF slides with personal watermark
Comprehensive lab wiki
Self-paced learning
Join the Waitlist!

Frequently Asked Questions

Common questions about our Active Directory Security training course

Ready to learn Active Directory Security?

Join hundreds of security professionals who have enhanced their skills with our comprehensive training program.

Join the Waitlist!

Contact us to learn more about our training programs:

📧 Email: training@rudrasec.io