Review of Pentester Academy - Attacking and Defending Active Directory

This is my review of Pentester Academy Attacking and Defending Active Directory. This course provides an Active Directory lab that allows you to practice all kinds of attack on Microsoft infrastructure.

High level overview of the lab network

The course

I bought access to 30 days of lab time. That includes PDFs and several hours of videos, which goes through the subjects very thoroughly in the lab. That allowed me to follow and understand every step in every attack. There are 23 learning objectives that follow the subjects, which is great because it enforces learning and understanding. The course is very clearly lined out, and every single lab objective is thoroughly explained in the videos and the PDFs. Some of the subjects include:

• Domain enumeration
• Local privilege escalation
• Domain privilege escalation
• Domain and forest persistence
• Cross trust attacks
• Defenses and bypasses

While I do have some experience with pentesting Active Directory environments, I actually learnt quite a lot, especially the parts about persistence and attacking trusts, which I had never had the chance to practice before. For someone new or semi-experienced to pentesting Active Directory, this course is perfect.

I would also like to emphasize that the course appears very modern. There are attack techniques on Kerberos only developed the last few years that are covered, and lateral movement techniques using native tools such as WinRM, in addition to other Powershell oriented attacks. These are some of the tools and frameworks used in the course

• Nishang
• Powersploit
• Mimikatz
• Kekeo
• PowerUpSQL
• Powercat
• Hashcat
• HeidiSQL

The exam

The exam is 24 hours in a completely dedicated exam lab with a group of hosts and accounts. I was required to apply a good range of what was taught in the course, including enumeration, exploitation, lateral movement and credential abuse. After the exam, there is a period of 48 hours dedicated to writing and submitting the report. It was a very rewarding experience to get domain admin in this lab. I will not reveal anything more about the exam than that.

Certification

After about 24 hours I got an email saying I had passed the certification.

Shortly after, I got a personal email from the course creator Nikhil Mittal thanking me for a well accomplished exam and a good report. I was allowed to provide detailed feedback on what was good and what could be improved in the course and exam. I genuinly feel that my feedback was heard and I hope future students will benefit from that.

Conclusion

I’m very satisfied with the course, the labs and the exam experience. Also, Pentester Academy provided great support during the lab and the exam. Any minor issue was followed up on almost instantly. I will definitely be signing up for the more challenging Red Team Lab soon!

Once again, I can highly recommend this course for anyone looking to improve their skills in Active Directory security. And if you have any questions, please message me on Twitter.

Other Active Directory labs

Many have asked me whether I can compare this lab to any of the other Active Directory labs available. I can’t make any direct comparisons as I haven’t done them all, but here are some I know of

• Pentester Academy Red Team Lab
  • Available at Pentester Academy - Red Team Lab
  • More challenging than the AD lab course
• Hackthebox - Offshore
  • Forests and trust abuse + a lot more
  • Available as a purchased lab on Hackthebox
• Hackthebox - Rastalabs
  • External to internal compromise
  • Available as a purchased lab on Hackthebox
• Hackthebox - Endgame P.O.O.
  • MSSQL, WinRM
  • Free with Guru ranking on Hackthebox
• SparcFLOW labs
  • Alpha + Zeta
  • Similar concepts as those taught in his books
• SpecterOps Red Team Operations
  • https://specterops.io/how-we-help/training-offerings/adversary-tactics-red-team-operations
  • Access only provided as part of on-site training