Active Directory Pentesting Course Syllabus

1. Active Directory Basics
	1.1 Active Directory Introduction 
	1.2 Active Directory Components
	1.3 Group Policy Management, GPOs 

2. Active Directory Lab Setup
	2.1. Lab Requirements 
	2.2. Downloading Necessary Files 
	2.3. Installing and setting up Domain Controller (Server) 
	2.4. Creating users, groups and services 
	2.5. Setting up Windows 10 User machines 
	2.6. Joining Users to the domain 

3. Breaching Active Directory
	3.1 Enumerating Configuration Files
	3.2 Microsoft Deployment Toolkit
	3.3 Authentication Relays
	3.4 NetNTLM and LDAP Bind
	3.5 Practice Labs

4. Active Directory Enumeration
	4.1 Modern Approach 
	4.2 Service Principal Names
	4.3 User and Service Enumeration 
	4.4 Microsoft Management Console
	4.5 Enumeration with Powershell
	4.6 Practice Labs 

5. Active Directory Authentication
	5.1 NTLM Authentication
	5.2 Kerberos Authentication
	5.3 Cached Credential Storage and Retrieval 
	5.4 Service Account Attacks/Kerberoasting 
	5.5 Password Guessing 
	5.6 Practice Labs 

6. Active Directory Lateral Movement and Pivoting
	6.1 What is Lateral Movement 
	6.2 Introduction to Pivoting and Port Forwarding
	6.3 Pass The Hash 
	6.4 Overpass the Hash
	6.5 Pass The Ticket 
	4.6 Distributed Component Object Model 
	6.7 Local, Remote, Dynamic Port Forwarding 
	6.8 Lateral Movement with Mimikatz and PsExec
	6.9 Pivoting with chisel and socat 
	6.10 Practice Labs 

7. Active Directory Exploitation

	7.1 User Exploitation
	7.2 Exploiting Automated Relays
	7.3 Abusing GPOs
	7.4 Kerberos Permission Delegation
	7.6 Practice Labs 

8. Active Directory Persistence
	8.1 What is Persistence
	8.2 Golden Tickets 
	8.3 Domain Controller Synchronisation (DCSync)
	8.4 Abusing GPOs
	8.5 Practice Labs 

9. Active Directory Credential Harvesting
	9.1 Extracting Credentials from Common Locations
	9.2 Extracting Credentials from Domain Controller
	9.3 Extracting Local Windows Credentials 
	9.4 Extracting Credentials from LSASS
	9.5 Practice Labs 

10. Assembling the Pieces 
	
	10.1 Test AD Environment for Complete Hands On Pentesting

