A review of the Attacking and Defending Active Directory Lab course by Pentester Academy and the accompanying CRTP exam.
More information here https://www.pentesteracademy.com/activedirectorylab
The Attacking and Defending Active Directory Lab course by Pentester Academy is a beginner friendly course focussed on the concepts of Active Directory. The course introduces students to the various Active Directory elements and their behaviours. Students are introduced to a number of Active Directory enumeration strategies, attacks, persistence and attack-detection methodologies.
One feature that makes this course special is that throughout the course, there is no external exploit used. No metasploit, or rotten potatoes of any kind. The course revolves around solely and purely on enumeration only. The course uses open source tools and a good amount of attention is given to native active directory module of PowerShell also.
The course contains detailed videos on topics such as, but not limited to Active Directory enumeration, a hint of local privilege escalation, ACL abuses, enumerating and abusing trusts, GPO enumeration, Kerberos and Kerberos based attacks, persistence techniques, detection and defence techniques. Nikhil has done an excellent job of explaining each topic in a very simple and easy to understand way. Most of the topics have practical challenges at their end so that the students can have an on-hands experience of how the attacks work. What’s even better is the support these guys provide. I was stuck in a challenge and the team cleared my doubts through detailed conversations over email. The course material also has extra reading materials as references.
The practice lab is a fully patched windows server 2016 environment and emulates the real world scenario very well. As the lab is fully patched there is no possibility of running any open source exploit from the internet
The exam is a 24 hour exam with another 48 hours for report submission. I cannot provide much details about the exam but I'll not stop myself from saying that it's a very well designed, interesting exam. You need to keep your mind open and enumerate and enumerate and then enumerate some more.
There are 5 machines and you need to get code execution with any privilege on them. Easy.
My exam experience didn't start well due to things like my laptop crashing, slow internet speed and a few of my favourite scripts not working. I spent a lot of time in getting those to work (despite being told by support not to worry about them) which in turn costed me exam hours. That being said, once you start pwning machines, there is no better feeling. With each machine the confidence grows and you start enjoying the exam. Once you are done I guarantee you will feel very content with yourself.
Reporting is a task here. The report has to be detailed with references and everything. Think of it as your normal penetration testing report.
Once you submit the report, you get an acknowledgement mail saying that you'll get the results in 48 hours. A successful attempt's mail will look something like this
And a few days later, I got this twitter shout-out as well
In the end, I'll definitley recommend this course to all my fellow security enthusiasts. I am sure there is something to learn for all of us in this course.