• Post category:StudyBullet-16
  • Reading time:8 mins read

Learn How to Build And Attack Advanced Active Directory Red Team Penetration Testing Lab

What you will learn

Student will learn how to build active directory lab create forests and trust between forests

Learn how to enumerate information from Active Directory, including users, groups, computers, and trust relationships. Understand the importance of information

Learn how to abuse some active directory intended functionality to established foothold and escalate privilege

Identify common attack vectors in Active Directory, such as misconfigurations, weak passwords, and insecure group memberships. Understand how attackers exploit

Understand the importance of reconnaissance in penetration testing. Learn to use tools for AD reconnaissance, such as BloodHound and PowerView.

Explore common vulnerabilities in Active Directory, such as pass-the-hash attacks, Kerberoasting, and DCSync attacks.

Understand post-exploitation activities, including lateral movement and privilege escalation.

Understand the concept of trusts in Active Directory and how they can be exploited

Learn about common trust-based attacks, such as Golden Ticket attacks.


Understanding Windows Active Directory is an invaluable skill for security professionals for several compelling reasons

1 Critical Infrastructure: Active Directory is a critical component in most Windows-based networks, serving as the backbone for authentication, authorization, and resource management. Penetrating Active Directory can lead to unauthorized access to sensitive information, making it a prime target for attackers. Understanding how to test and secure it is essential for protecting overall network security.

2  Common Attack Vector: Active Directory is a common target for attackers attempting to compromise an organization’s network. Knowing how to conduct penetration testing allows security professionals to identify and address vulnerabilities before malicious actors can exploit them.

3 Risk Mitigation: By proactively testing Active Directory, security professionals can identify and mitigate potential risks and vulnerabilities. This proactive approach is essential for preventing security incidents and data breaches.

Get Instant Notification of New Courses on our Telegram channel.

4 Career Advancement: For individuals pursuing a career in cybersecurity, having expertise in Active Directory penetration testing is a valuable skill. Employers often seek professionals who can assess and enhance the security of critical infrastructure components like Active Directory.

Red Team Operations: Active Directory penetration testing is a fundamental skill for red team operations. Red teams simulate real-world attacks to test an organization’s defenses, and a strong understanding of Active Directory is essential for effective red teaming.

In summary, learning Active Directory penetration testing is important for enhancing cybersecurity, preventing unauthorized access, meeting compliance requirements, and staying ahead of evolving cyber threats. It equips security professionals with the skills needed to protect critical IT infrastructure and respond effectively to security challenges.




Introduction to Active Directory
Lab Setup Overview

Lab Setup

Creating VMs and Downloading Evaluation Copies of Windows Servers and Clients
Installing Windows Server 2019 as root Domain
Installing AD-DS on ROOT-DC01
Installing and Configuring Sql Server on ROOT-DC01
Installing and Configuring the Child Domain
Installing TRUSTED-DC03 for Forest Trust
Installing and Configuring Sql Server on TRUSTED-DC03
Installing and Configuring WIndows 10 Client Machine
Building Metasploitable3 on Windows Server 2008
Configuring Trust Relationship between Forests
Creating Domain Users
Creating Groups and GPO
Foreign Group Membership Configuration
Creating Mssql Server logins, Databases and login Impersonation

Tools Installation

Installing Remote Server management Tool (RSAT)

Enumeration Using RSAT

DC Enumeration with RSAT
Domain Users Enumeration with RSAT
Domain Groups Enumeration with RSAT
Domain Computers Enumeration with RSAT
Trusts Enumeration with RSAT

Enumeration Using PowerView

Getting PowerView
DC Enumeration with PowerView
Domain Users Enumeration with PowerView
Domain Groups Enumeration with PowerView
Domain Computers Enumeration with PowerView
Trusts Enumeration with PowerView


Enumerating Users, Groups, ACLs, Computers with BloodHound

Local Privilege Escalation

Hunting for User’s local admin right
Exploiting mssql server impersonation to Escalate local Privilege

Domain Privilege Escalation

Kerberoasting with Rubeus
Kerberos Unconstrained Delegation – Rubeus
Kerberos Unconstrained Delegation – PrinterBug
Kerberos Constrained Delegation
Resource-Based Constrained Delegation Part 1
Resource-Based Constrained Delegation Part 2
Domain Privilege Escalation with Inveigh
Domain Privilege Escalation – Bruteforcing Mssql Server
Domain Privilege Escalation – Trustworthy Databases Part 1
Domain Privilege Escalation – Trustworthy Databases Part 2

Cross-Forest Trust Attack

Enumerating Cross-Forest Users and Groups
Cross-Forest ASRepRoasting
Cross-Forest Kerberoasting
ACL Attack Chain
Foreign Group Membership Attack

Domain Trusts – Child -> Parent Trusts

Password Spray Admin Password reuse case
DA to EA ExtraSIDs Attack

Active Directory Persistence

Golden Ticket
Silver Ticket
AdminSDHolder OverView
AdminSDHolder and ACL Attack