Sign up for our free Threat Hunting Summit June 17 Register Here

Red Team Fundamentals for Active Directory

Course Authored by .

Red Team Fundamentals for Active Directory with Eric Kuehn

The Red Team Fundamentals for Active Directory (RTFM4AD) course is a two-day class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests.

Course Length: 16 Hours

Includes a Certificate of Completion



Description

The Red Team Fundamentals for Active Directory (RTFM4AD) course is a two-day class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests. The goal is to not only cover different attacks, but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity. This combination opens the course to those looking to hone their offensive skills, as well as those who are protecting an enterprise network.

The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques. The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations which are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access.

Students will be provided access to a lab to learn both the attacks and defenses while in class which will contain realistic targets and tools. This environment enables the attendees to understand how the covered techniques are used in the real world.

By the end of the course, students will be able to:

  • Perform structured AD enumeration using native and third‑party tools

  • Identify high‑value targets and privilege escalation paths

  • Understand and weaponize key AD attack primitives (Kerberoasting, DCSync, PtT, RBCD, etc.)

  • Analyze and exploit misconfigurations in domains, forests, and trust relationships

  • Apply credential harvesting and abuse techniques ethically

  • Understand defensive logs and how attacks manifest for blue teams

  • Approach enterprise AD environments with a red‑team mindset

While attendees don’t necessarily need any prior security experience to take this course, they will get the most out of it with a basic grasp of the following:

  • Windows Operating Systems

  • PowerShell

  • System Requirements
    • Windows or MacOS system that can run the Amazon Workspaces Client (https://clients.amazonworkspaces.com/ ) and Remote Desktop / Windows App
  • Lab Information
    • Access to the AWS hosted lab will be provided on the first day of the class.

Syllabus

Syllabus

  1. Active Directory Fundamentals

    1. AD terminology & architecture
    2. Forests, domains, domain controllers
    3. Objects, attributes, ACLs
    4. Authentication & authorization flow
    5. Critical AD services and ports

  1. PowerShell Basics

    1. General usage and security considerations
    2. Using PowerShell for Enumeration

  1. Discovering Active Directory Information

    1. Domain Discovery Techniques
    2. Enumerating AD structure
    3. Finding attack targets and attack paths

  1. Credential Management & Abuse

    1. Credential Concepts
    2. Understanding Credential Storage
    3. Harvesting Credentials

  1. Attacking AD Authentication

    1. TLM fundamentals
    2. NTLM exploitation
    3. Kerberos Fundamentals
    4. Common Kerberos Attacks
    5. Kerberos Delegation Attacks

  1. Exploiting AD Replication

    1. Replication Overview
    2. Identifying Misconfigurations
    3. Directory Replication Attacks

  1. Active Directory Trusts & Attacks

    1. Trusts Overview
    2. Attacking Trust Relationships

  1. AD Persistence Techniques & Defensive Visibility

    1. How to Maintain Access
    2. Monitoring & Detection

  1. Building Your Own Testing Lab

FAQ

Audience Skill Level

Beginner/Intermediate

This course is suitable for students who are new to using PowerShell and/or testing Windows networks, but it helps to have some general networking and Windows experience.

Who Should Take this Course

  • Blue team

  • Penetration testers

  • Security professionals

About the Instructor

Pixel splash background
Bio

Eric Kuehn is a principal security consultant at Secure Ideas, as well as an IANS faculty member. He leverages his extensive experience with Microsoft infrastructures and Active Directory to perform penetration tests and offer guidance on system security and architecture. He also is the author of the “Red Team Fundamentals for Active Directory” course, where he explains the concepts, techniques, and best practices for exploiting and defending AD environments. Eric has been working with Active Directory since its release and was the technical leader and architect of one of the largest and most complex AD implementations out there. He holds the CISSP certification and is passionate about sharing his knowledge and skills with others. Eric has delivered talks on Active Directory security and other topics at various conferences, events, and webcasts, and via Antisyphon Training.

Related products

Shopping Cart

No products in the cart.