Name: Attacking And Defending Active Directory: AD Pentesting
Rating: 4.2 (87 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byVivek Kumar Pandit | OSCP+

Last updated 5/2026

English

What you'll learn

Build and configure a fully functional Active Directory Lab for security testing.
Perform real-world Active Directory attacks used by penetration testers, red teamers, and adversaries.
Understand and apply defensive techniques to detect, prevent, and respond to AD exploitation.
Master tools like BloodHound, Mimikatz, Rubeus, CrackMapExec, and PowerView.
Simulate red team vs. blue team exercises with hands-on attack and defense scenarios.
Harden Windows infrastructure against common privilege escalation, credential theft, and lateral movement techniques.
Develop skills for bug bounty, ethical hacking, penetration testing, and SOC analyst roles.
Gain practical knowledge that prepares you for real-world cybersecurity jobs and certifications.

Course content

12 sections • 95 lectures • 8h 21m total length

Introduction6:04

Active Directory authentication overview7:32
Hashing algorithms in windows8:26
Kerberos basics4:11
Components of kerberos8:03
Kerberos explanation with diagram12:40
Difference between NTLM and kerberos authentication3:51
Compare NTLM versions and Kerberos to assess security and performance in authentication. Explain why Kerberos avoids sending passwords over the network.
Group policy in active directory8:31
Task0:31
Quiz

Overview of lab setup4:38
Necessary files for lab setup1:24
Domain controller installation and setup10:58
Windows client installation5:50
Domain Controller configuration7:19
Joining computers with domain controller5:18
Configure dns and ip settings on Windows clients, rename machines, and join them to the cyber.local domain using user credentials, then restart to apply changes.
Client machines configuration3:39
Client machines configurations -24:16

Breaching overview2:24
OSINT and phishing5:55
Initial access using web attacks1:26
LLMNR poisoning overview and mitigations7:19
LLMNR poisoning practical attack using SMB11:27
Demonstrates practical LLMNR poisoning using SMB, including setting up responder, capturing hashes via a fake SMB server, cracking credentials with John, and logging in via RDP.
LLMNR poisoning practical attack using WPAD2:09
SMB relay attack overview and mitigations6:28
SMB relay attack practical5:46
AS-REP Roasting overview1:34
Explore AS-REP roasting in active directory pentesting, showing how attackers exploit users without Kerberos pre-authentication via AS-REQ and AS-REP to obtain data for offline password cracking.
AS-REP Roasting practical attack3:51
PasswordSpray attack overview2:48
PasswordSpray attack practical5:13
More methods of initial access on AD4:18
Breaching mitigations4:52
learn practical mitigations to prevent breaches of active directory, including access control, strong passwords with multi-factor authentication, monitoring, patching, intrusion detection, security training, and regular red/blue team assessments.
Quiz

Enumeration in active directory overview0:24
Enumeration using powershell native commands7:42
PowerView overview1:18
PowerView - 16:32
Lab Update2:38
PowerView - 27:33
PowerView - 35:03
BloodHound overview3:42
BloodHound Practical14:29
Learn to enumerate an Active Directory domain using BloodHound, Neo4j, and SharpHound, configure data collection, upload results, and identify domain admins and shortest paths to them.
AD lab troubleshooting3:15
learn how to troubleshoot windows active directory labs when ip addresses change, using crackmapexec, and adjust dns settings and ipv4 to reconnect to the domain.
Task1:03
Quiz

Lateral movement overview1:45
Pass-the-hash attack overview and mitigations3:06
Pass-the-hash attack practical3:21
Pass-the-ticket overview4:35
Pass-the-ticket attack practical8:19
Overpass-the-hash overview3:37
Overpass-the-hash attack practical5:09
RDP Hijacking overview1:17
Explore how attackers hijack legitimate remote desktop sessions to move laterally across a Windows network via RDP hijacking, with a TryHackMe online lab.
RDP Hijacking attack practical4:39
Task0:35
Quiz

Pivoting intro4:58
Pivoting in Active Directory shows how an attacker moves from a compromised host to machines via a pivot, using port forwarding, routing tables, VPN pivoting, proxy pivoting, and SSH pivoting.
Lab setup overview2:59
Configure the pivoting lab by setting host-only adapters on the DC and clients and removing the bridge on client1; the diagram shows internal and target networks and a user2 pivot.
Chisel intro3:59
Learn to pivot with chisel in a cross-platform setup, configuring a server and client to forward ports and access remote services such as RDP through a local, forwarded port.
Pivoting practical14:52
Quiz

Exploitation overview2:22
Kerberosting overview0:55
kerberosting Practical5:40
Exploiting permission delegation overview #14:39
Exploiting permission delegation practical #115:57
Exploiting permission delegation in active directory, this practical guide shows creating an OU and groups, assigning IT admin rights, and using bloodhound and PowerView to reveal domain admin access.
Exploiting permission delegation overview #22:05
Exploiting permission delegation practical #26:30
Group memebership abuse overview #11:45
Group memebership abuse practical #110:35
Learn how backup operators' group membership abuse in Active Directory enables privilege escalation and security bypass, using powerview, bloodhound, and impacket to access sensitive hashes.
Group memebership abuse overview #214:45
Explore how account operators add members to DNS admins and Hyper-V admins to enable privilege escalation and potentially load a malicious DLL to gain system privileges in Active Directory.
Group memebership abuse practical #23:41
More on group membership abuse3:37
GPO abuse overview2:21
GPO abuse practical10:50
Extracting logged on admins hashes6:06
Printnightmare attack overview1:58
Explore the printnightmare attack overview, including two Microsoft CVEs, and how the Windows print spooler vulnerability enables remote code execution with system privileges on affected Windows machines.
Printnightmare attack practical11:36
Zerologgon attack overview2:12
Explore the zerologon attack, CVE-2021-472, a critical Windows Server vulnerability in the Netlogon process that can compromise a domain controller without credentials, demonstrated in a TryHackMe online lab.
Zerologgon attack practical5:57
Explore zerologon vulnerability in Active Directory to gain domain admin access without credentials, using a TryHackMe lab, Python scripts, NetBIOS discovery, secrets dump, and PsExec.
Keberos delegation overview6:59
Task1:55
Quiz

Requirements

A basic understanding of Windows operating systems and computer networking.
Familiarity with ethical hacking or system administration is helpful, but not required.
A computer that can run virtual machines (VMware, VirtualBox, or Hyper-V).
An eagerness to learn step by step — from setting up an AD lab to launching attacks and defenses.
No prior Active Directory exploitation experience needed — the course is designed to be beginner-friendly but comprehensive.

Description

Embark on a cybersecurity journey with our course, "Attacking and Defending Active Directory." This comprehensive program is tailored for both cybersecurity enthusiasts and professionals seeking to master the complexities of Active Directory security and Active Directory Pentesting.

The course kicks off with fundamental topics such as Active Directory basics, authentication processes, and essential PowerShell and file transfer skills.

Gain an in-depth understanding of Active Directory structure and components.
Explore the intricacies of domains, forests, trust relationships, and organizational units.
Learn to identify and assess vulnerabilities within Active Directory configurations.
Analyze Group Policy settings and other security parameters for weaknesses.
Explore common misconfigurations and security weaknesses in Active Directory.
Develop proficiency in exploiting vulnerabilities to gain unauthorized access.
Develop strategies for securing and hardening Active Directory environments.
Understand best practices for defending against common attack techniques.

In the initial stages, participants will build a solid foundation in understanding the structure of Active Directory, exploring its components, organizational units, and trust relationships. The focus then shifts to authentication mechanisms, ensuring a secure environment for user identities and access controls. The course further hones skills in PowerShell and file transfer techniques, providing essential tools for effective penetration testing in a Windows environment for Active Directory Pentesting.

As the journey progresses, participants will delve into the heart of offensive security, learning to breach, enumerate, and exploit vulnerabilities within Active Directory environments. Engaging lectures, hands-on labs, and real-world simulations offer a dynamic learning experience. The course culminates in a comprehensive understanding of lateral movement, pivoting, persistence strategies, and advanced exploitation techniques. Throughout the program, ethical hacking principles and responsible disclosure practices are emphasized, ensuring participants are well-equipped to navigate, assess, and fortify Active Directory environments confidently.

Active Directory is the backbone of 90% of enterprise networks worldwide. Attackers target AD to escalate privileges, move laterally, and gain full domain dominance. As a defender, learning how these attacks work is the only way to stop them effectively.

In this course, you will:
Set up your own Active Directory Lab using VMware/VirtualBox.
Launch real-world AD attacks including credential dumping, Kerberoasting, Pass-the-Hash, and Golden Ticket attacks.
Defend against adversaries with security monitoring, hardening, and detection strategies.
Gain hands-on experience with popular tools like Mimikatz, BloodHound, PowerView, CrackMapExec, Rubeus, and more.
Practice red team vs. blue team scenarios to understand both attacker and defender perspectives.

By the end of this course, you’ll be able to:

Confidently execute and defend against Active Directory exploitation techniques.
Improve your organization’s AD security posture.
Boost your career prospects in ethical hacking, penetration testing, incident response, or cybersecurity engineering.

This course is perfect for:

Ethical hackers & penetration testers
Bug bounty hunters
SOC & Blue team professionals
Cybersecurity students & enthusiasts
System administrators who want to secure their AD environments

Join us in mastering the art of attacking and defending Active Directory—enroll now to elevate your cybersecurity expertise in Active Directory Pentesting!

Who this course is for:

Ethical hackers & penetration testers who want to simulate real-world AD attacks.
Bug bounty hunters looking to expand into enterprise-level security testing.
SOC analysts & blue teamers who want to detect, prevent, and respond to AD exploitation.
Red team professionals who want to sharpen their lateral movement and privilege escalation skills.
System administrators & IT professionals who want to secure Active Directory against common attack paths.
Cybersecurity students & beginners who want to build a solid foundation in AD security.

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 6min

Active Directory Basics2 lectures • 31min

Active Directory Authentication8 lectures • 54min

Active Directrory Pentesting Lab Setup8 lectures • 43min

Powershell Basics and File Transfer Basics4 lectures • 20min

Breaching In Active Directory14 lectures • 1hr 6min

Enumeration In Active Directory11 lectures • 54min

Lateral Movement In Active Directory10 lectures • 36min

Pivoting4 lectures • 27min

Exploitation In Active Directory21 lectures • 2hr 2min

Requirements

Description

Who this course is for: