Windows Red Teaming Course
Course Overview
- Core Active Directory concepts and enumeration tactics
- Poisoning and Relay based attacks (SMB Relay, LDAP Relay, WebDav Relay, MITM6)
- In-depth explanation of Kerberos authentication and related attack techniques such as AS-REP Roasting, Kerberoasting, delegation abuse, and exploiting domain trust relationships
- Post Compromise and Persistence Techniques (Silver Ticket, Golden Ticket, Diamond Ticket)
- Attacking ADCS (ESC1, ESC4, ESC8, Shadow Credentials, Pass-the-Cert)
- Report Writing and Real-world case studies on compromising Active Directory environments
Prerequisites
- Basic Windows & Linux Knowledge
- Basic Pentesting & Security Concepts
- Basic Command Line & PowerShell Skills
Course Curriculum
Windows Red Teaming Course
81 Learning Materials
Module 1: Introduction
Course Overview
Introduction to Red Teaming
Fundamentals of Active Directory
Module 2: Active Directory Components
Domain and Domain Controller
Organizational Units
Group Policy Objects
Security Groups
Trees and Forests
Authentication Mechanism in Active Directory
Cyber Kill Chain
Module 3: Lab Structure and Access
Lab Structure and Access
Module 4: NTLM Relay Attacks
NTLM Relay Attacks Overview
NTLM Authentication
Name Resolution Process in Windows
LLMNR/NBT-NS/MDNS Poisoning
SMB Relay Attack
Cross Protocol Relay
LDAP Relay Attack
IPv6 DNS Takeover Attack
Module 5: Enumeration Tactics
Enumeration Tactics Overview
Enumeration with Command Prompt
Powershell Basics
Enumeration with PowerView
Share Enumeration
BloodHound
Module 6: Kerberos Authentication
Kerberos Authentication Overview
Understanding Authentication Mechanisms
Kerberos Pre-Requisites
Kerberos Deep Dive
Kerberos Practical
Module 7: Kerberos Based Attacks
Kerberos Based Attacks Overview
User Enumeration
Password Guessing
AS-Rep Roasting
Kerberoasting
Module 8: Kerberos Delegation
Kerberos Delegation Overview
Unconstrained Delegation
Constrained Delegation - Kerberos Only
Constrained Delegation - Any Authentication Protocol
Resource Based Constrained Delegation (RBCD)
Module 9: Abusing ACLs
Abusing Generic All ACL
ACL Fundamentals
Abusing Generic Write ACL (RBCD) from Linux
Abusing Generic Write ACL (RBCD) from Windows
Module 10: Coercion Attacks
Coercion Overview
PrinterBug
Petitpotam
WebDav Relay Attack
WebDav Relay Attack Practical
Module 11: Post Exploitation Analysis
Post Exploitation Analysis Overview
Taking POC
DCSynck Attack
Credential Dumping and Password Analysis
Module 12: Persistence
Persistence Overview
Silver Ticket
Golden Ticket
Diamond Ticket
Module 13: Active Directory Certificate Services (ADCS)
ADCS Overview
Certificate Signing Request
Enumeration
ESC1 - Misconfigured Certificate Template
ESC4 - Misconfigured Certificate Template Access Control
ESC8 - Misconfigured Certificate Authority
Module 14: Pass the Cert
Pass the Cert Overview
Pass the Cert in Action
Module 15: Shadow Credentials
Shadow Credentials Attack Overview
Abusing msDs-KeyCredentialLink
Un-Pac the Hash Attack
WebDav Relay Attack (Shadow Credentials)
Module 16: Abusing Domain Trusts
Overview
Abusing Domain Trusts
Kerberos across Trust Boundaries
Module 17: Case Study & Statistics
Case Study & Statistics from 100 Engagements
Module 18: Report Writing
Writing Information Gathering
Information Gathering
Writing Proof Of Concept
Writing Domain Persistence
Writing Post Exploitation
Reporting
Module 19: CWRT Exam and What Next?
CWRT Exam
What Next?
Module 20: Course Resources
Course Instructor
Shashi Kant Prasad
Senior Security Consultant
Shashi Kant Prasad is a skilled red teamer at Redfox Security with expertise in Web, Cloud, Hardware, DevOps, and Red Teaming. He also trains peers at top security conferences.
Lab Structure
Key Takeaways
- Life time access to course and resources
- 30 days of free lab access
- Private Discord community access for direct support and networking.
- One attempt at the Certified Windows Red Teamer Exam (CWRT)
- Develop strategies for maintaining persistence in compromised environments
- A professionally structured report template is provided for use in real-world engagements
Get Certified (CWRT)
Earn the Certified Windows Red Teamer (CWRT) certification to validate your expertise in Active Directory exploitation, red teaming tactics, and security bypass techniques. This certification proves your ability to conduct real-world attacks on Windows environments, making you a valuable asset in cybersecurity. Gain hands-on experience through labs and instructor-led training, preparing for roles like red team operator or penetration tester. Participants will receive a CWRT certificate upon completing the course and passing the CWRT practical exam.
FAQs
While some prior knowledge of Windows environments is recommended, this course starts with foundational concepts and builds up to advanced topics, making it beginner-friendly.
Yes! Each topic is paired with practical exercises in a lab environment to reinforce your learning.
The course is self-paced. With consistent effort, you can complete it in 4-6 weeks, depending on your prior experience.
Absolutely! The course includes exploitation of real-world Active Directory vulnerabilities and misconfigurations encountered in professional red teaming engagements.
Yes, this course is designed to provide the technical skills and methodologies needed for red teaming, making it an excellent step toward a professional role.
To request a lab extension, an email can be sent to training@redfoxsec.com.
Training Partners
Ready to Master the Art of Pentesting?
Affordable Price
Unlock your potential with affordable upskilling! Our unbeatable course prices are your chance to level up without breaking the bank.
Lifetime Access
Acquire lifetime access to our resources when you buy our courses. Gain knowledge today and unlock a lifetime of learning.
Certificate of Completion
Upon completing our course, you'll receive a certificate of completion to showcase your new skills. Add it to your resume or LinkedIn profile.
Hands-On Experience
Get hands-on experience with real-world scenarios and challenges, giving you practical skills that you can apply immediately in your career.
Expert Instructors
Learn from industry experts with years of experience in pentesting, who are passionate about sharing their knowledge and helping you succeed.
Flexible Learning
Whether you're a beginner or an experienced professional, our courses are designed to meet you where you are and help you reach your goals.
Get in Touch
Have a question, need assistance, or want to collaborate? We’re here to help!
Whether you're looking for cutting-edge cybersecurity solutions or expert training or want to learn more about our services, contact us today.
By clicking on Continue, I accept the Terms & Conditions,
Privacy Policy & Refund Policy