Red Team Fundamentals for Active Directory

The Red Team Fundamentals for Active Directory (RTFM4AD) course is a two-day class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests. The goal is to not only cover different attacks, but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity. This combination opens the course to those looking to hone their offensive skills, as well as those who are protecting an enterprise network.

The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques. The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations which are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access.

Students will be provided access to a lab to learn both the attacks and defenses while in class which will contain realistic targets and tools. This environment enables the attendees to understand how the covered techniques are used in the real world.

By the end of the course, students will be able to:

• Perform structured AD enumeration using native and third‑party tools

• Identify high‑value targets and privilege escalation paths

• Understand and weaponize key AD attack primitives (Kerberoasting, DCSync, PtT, RBCD, etc.)

• Analyze and exploit misconfigurations in domains, forests, and trust relationships

• Apply credential harvesting and abuse techniques ethically

• Understand defensive logs and how attacks manifest for blue teams

• Approach enterprise AD environments with a red‑team mindset

While attendees don’t necessarily need any prior security experience to take this course, they will get the most out of it with a basic grasp of the following:

• Windows Operating Systems

• PowerShell