Social Media Icons

Windows Red Teaming Course

Master one of the most in-demand skills in cybersecurity- Windows Red Teaming. This course will take you deep into Active Directory exploitation, Kerberos-based attacks, NTLM relays, and ADCS misconfigurations. Learn how to bypass security defenses, escalate privileges, and conduct real-world red teaming operations. Earn the Certified Windows Red Teamer (CWRT) certification to validate your expertise.

Duration: 24 hrs

$399.00 $499.00 20% OFF

View Syllabus

Course Overview

Welcome to the Windows Red Teaming course! This comprehensive course is designed to provide in-depth knowledge and hands-on skills for simulating adversarial behavior in a Windows Active Directory (AD) environment.

Whether you're preparing for a career in red teaming, penetration testing, or advanced threat emulation, this course equips you with the techniques and methodologies to effectively attack and exploit Windows environments.
The course covers topics such as:
  • Core Active Directory concepts and enumeration tactics
  • Poisoning and Relay based attacks (SMB Relay, LDAP Relay, WebDav Relay, MITM6)
  • In-depth explanation of Kerberos authentication and related attack techniques such as AS-REP Roasting, Kerberoasting, delegation abuse, and exploiting domain trust relationships
  • Post Compromise and Persistence Techniques (Silver Ticket, Golden Ticket, Diamond Ticket)
  • Attacking ADCS (ESC1, ESC4, ESC8, Shadow Credentials, Pass-the-Cert)
  • Report Writing and Real-world case studies on compromising Active Directory environments

By combining theory with practical demonstrations in a lab setup, this course ensures you gain hands-on experience and build a solid red teaming skill set.

Prerequisites

  • Basic Windows & Linux Knowledge
  • Basic Pentesting & Security Concepts
  • Basic Command Line & PowerShell Skills

Course Curriculum

Windows Red Teaming Course

81 Learning Materials

Module 1: Introduction

Course Overview

Video
00:04:59

Introduction to Red Teaming

Video
00:12:57

Fundamentals of Active Directory

Video
00:33:35

Module 2: Active Directory Components

Domain and Domain Controller

Video
00:10:29

Organizational Units

Video
00:05:19

Group Policy Objects

Video
00:15:41

Security Groups

Video
00:13:55

Trees and Forests

Video
00:09:57

Authentication Mechanism in Active Directory

Video
00:02:43

Cyber Kill Chain

Video
00:02:00

Module 3: Lab Structure and Access

Lab Structure and Access

Video
00:14:47

Module 4: NTLM Relay Attacks

NTLM Relay Attacks Overview

Video
00:02:42

NTLM Authentication

Video
00:11:25

Name Resolution Process in Windows

Video
00:10:00

LLMNR/NBT-NS/MDNS Poisoning

Video
00:25:49

SMB Relay Attack

Video
00:42:40

Cross Protocol Relay

Video
00:05:58

LDAP Relay Attack

Video
00:29:10

IPv6 DNS Takeover Attack

Video
00:48:07

Module 5: Enumeration Tactics

Enumeration Tactics Overview

Video
00:01:43

Enumeration with Command Prompt

Video
00:09:24

Powershell Basics

Video
00:09:26

Enumeration with PowerView

Video
00:20:28

Share Enumeration

Video
00:06:11

BloodHound

Video
00:18:35

Module 6: Kerberos Authentication

Kerberos Authentication Overview

Video
00:01:15

Understanding Authentication Mechanisms

Video
00:23:59

Kerberos Pre-Requisites

Video
00:20:45

Kerberos Deep Dive

Video
00:37:59

Kerberos Practical

Video
00:09:42

Module 7: Kerberos Based Attacks

Kerberos Based Attacks Overview

Video
00:00:24

User Enumeration

Video
00:09:34

Password Guessing

Video
00:04:02

AS-Rep Roasting

Video
00:16:29

Kerberoasting

Video
00:14:52

Module 8: Kerberos Delegation

Kerberos Delegation Overview

Video
00:07:23

Unconstrained Delegation

Video
00:46:25

Constrained Delegation - Kerberos Only

Video
00:18:29

Constrained Delegation - Any Authentication Protocol

Video
00:34:41

Resource Based Constrained Delegation (RBCD)

Video
00:39:14

Module 9: Abusing ACLs

Abusing Generic All ACL

Video
00:08:58

ACL Fundamentals

Video
00:36:31

Abusing Generic Write ACL (RBCD) from Linux

Video
00:46:31

Abusing Generic Write ACL (RBCD) from Windows

Video
00:22:23

Module 10: Coercion Attacks

Coercion Overview

Video
00:04:02

PrinterBug

Video
00:20:12

Petitpotam

Video
00:06:06

WebDav Relay Attack

Video
00:16:38

WebDav Relay Attack Practical

Video
00:23:45

Module 11: Post Exploitation Analysis

Post Exploitation Analysis Overview

Video
00:03:36

Taking POC

Video
00:06:56

DCSynck Attack

Video
00:14:36

Credential Dumping and Password Analysis

Video
00:08:17

Module 12: Persistence

Persistence Overview

Video
00:03:15

Silver Ticket

Video
00:22:38

Golden Ticket

Video
00:20:46

Diamond Ticket

Video
00:14:31

Module 13: Active Directory Certificate Services (ADCS)

ADCS Overview

Video
00:20:11

Certificate Signing Request

Video
00:26:06

Enumeration

Video
00:12:30

ESC1 - Misconfigured Certificate Template

Video
00:21:46

ESC4 - Misconfigured Certificate Template Access Control

Video
00:30:12

ESC8 - Misconfigured Certificate Authority

Video
00:29:13

Module 14: Pass the Cert

Pass the Cert Overview

Video
00:12:27

Pass the Cert in Action

Video
00:38:15

Module 15: Shadow Credentials

Shadow Credentials Attack Overview

Video
00:21:12

Abusing msDs-KeyCredentialLink

Video
00:35:09

Un-Pac the Hash Attack

Video
00:19:27

WebDav Relay Attack (Shadow Credentials)

Video
00:31:25

Module 16: Abusing Domain Trusts

Overview

Video
00:09:59

Abusing Domain Trusts

Video
00:33:33

Kerberos across Trust Boundaries

Video
00:11:30

Module 17: Case Study & Statistics

Case Study & Statistics from 100 Engagements

Video
00:15:19

Module 18: Report Writing

Writing Information Gathering

Video
00:29:35

Information Gathering

Video
00:29:56

Writing Proof Of Concept

Video
00:06:56

Writing Domain Persistence

Video
00:09:13

Writing Post Exploitation

Video
00:08:26

Reporting

Video
00:38:43

Module 19: CWRT Exam and What Next?

CWRT Exam

Video
00:02:24

What Next?

Video
00:03:41

Module 20: Course Resources

Course Instructor

Shashi Kant Prasad

Senior Security Consultant
Shashi Kant Prasad is a skilled red teamer at Redfox Security with expertise in Web, Cloud, Hardware, DevOps, and Red Teaming. He also trains peers at top security conferences.

Lab Structure


Key Takeaways

  • Life time access to course and resources
  • 30 days of free lab access
  • Private Discord community access for direct support and networking.
  • One attempt at the Certified Windows Red Teamer Exam (CWRT)
  • Develop strategies for maintaining persistence in compromised environments
  • A professionally structured report template is provided for use in real-world engagements

Get Certified (CWRT)

Earn the Certified Windows Red Teamer (CWRT) certification to validate your expertise in Active Directory exploitation, red teaming tactics, and security bypass techniques. This certification proves your ability to conduct real-world attacks on Windows environments, making you a valuable asset in cybersecurity. Gain hands-on experience through labs and instructor-led training, preparing for roles like red team operator or penetration tester. Participants will receive a CWRT certificate upon completing the course and passing the CWRT practical exam.

FAQs

Is this course suitable for beginners?

While some prior knowledge of Windows environments is recommended, this course starts with foundational concepts and builds up to advanced topics, making it beginner-friendly.

Will I get hands-on experience?

Yes! Each topic is paired with practical exercises in a lab environment to reinforce your learning.

How long does it take to complete this course?

The course is self-paced. With consistent effort, you can complete it in 4-6 weeks, depending on your prior experience.

Does this course cover real-world scenarios?

Absolutely! The course includes exploitation of real-world Active Directory vulnerabilities and misconfigurations encountered in professional red teaming engagements.

Can this course help me prepare for a red teaming role?

Yes, this course is designed to provide the technical skills and methodologies needed for red teaming, making it an excellent step toward a professional role.

How can the lab  access be extended?

To request a lab extension, an email can be sent to training@redfoxsec.com.

Training Partners

Ready to Master the Art of Pentesting?

Choose our pentesting courses for:

Affordable Price

Unlock your potential with affordable upskilling! Our unbeatable course prices are your chance to level up without breaking the bank. 

Lifetime Access

Acquire lifetime access to our resources when you buy our courses. Gain knowledge today and unlock a lifetime of learning. 

Certificate of Completion

Upon completing our course, you'll receive a certificate of completion to showcase your new skills. Add it to your resume or LinkedIn profile.

Hands-On Experience

Get hands-on experience with real-world scenarios and challenges, giving you practical skills that you can apply immediately in your career. 

Expert Instructors

Learn from industry experts with years of experience in pentesting, who are passionate about sharing their knowledge and helping you succeed. 

Flexible Learning

Whether you're a beginner or an experienced professional, our courses are designed to meet you where you are and help you reach your goals. 

Get in Touch

Have a question, need assistance, or want to collaborate? We’re here to help!

Whether you're looking for cutting-edge cybersecurity solutions or expert training or want to learn more about our services, contact us today.

+91