Active Directory Attacks

MC-05

BloodHound, Kerberoasting, Pass-the-Ticket, DCSync and full domain takeover. From recon to Domain Admin.

18 lessons4 modulesAdvancedBloodHound + Mimikatz

Start Learning ← All Courses

kali@cyby-lab: ~

$ python3 GetNPUsers.py domain.local/ -usersfile users.txt

[*] Getting TGTs for valid users

[+] [email protected]:a8f...

[*] Cracking with hashcat...

[+] Password: Welcome123!

$ █

+120 XP

Why this matters right now

Active Directory — the #1 target in corporate attacks

95%of Fortune 500 companies use AD

88%of successful attacks use compromised AD credentials

90%of corporations have been targeted via AD

Domain Adminreachable in 16 hours on average

After the course you will be able to

Not abstract knowledge — concrete skills you can demonstrate in an interview

🩸BloodHound: build attack graphs and find paths to DA

🎫Kerberoasting: crack service account hashes

🎭AS-REP Roasting: attack accounts without pre-auth

🔄Pass-the-Hash and Pass-the-Ticket techniques

⚡DCSync: dump the entire domain via replication

🏅Golden Ticket: persistent domain access

📡LDAP recon and SMB enumeration with PowerView

🔑Mimikatz: extract credentials and tickets

Real attacks in the course

Every lesson is built on real incidents — not made-up examples

Real case2020

SolarWinds 2020

An APT group used Golden Ticket to move through the AD infrastructure of 18,000 organizations including Microsoft, FireEye and US Treasury. The compromise lasted 9 months.

Module 04 · Golden Ticket attack

Real case2019

Ryuk Ransomware 2019

Ryuk operators compromised AD in an average of 5 hours after initial access. Kerberoasting → Lateral Movement → DCSync → DA → network encryption.

Module 02 · Kerberoasting

Real case2017

NotPetya 2017

The worm spread through AD via EternalBlue and Mimikatz, automatically taking over domains. $10B in damages, affecting Maersk, Merck, FedEx.

Module 03 · Lateral Movement in AD

Course Program

4 modules · 18 lessons · from AD recon to Golden Ticket and Domain Dominance

Where this course leads

MC-05 — a required course for three top cybersecurity specializations

$4,000 — $9,000/mo

AD/Identity Security Expert

Specialize in Active Directory security: attacks, defense, auditing and monitoring of AD infrastructure.

BloodHoundAD hardeningPingCastlePurple Team

Track:FC-04 → MC-05 → AD Security

$4,000 — $10,000/mo

Red Teamer

Conduct full AD takeover as part of Red Team operations, simulating APT groups.

AD attacksMimikatzC2OPSEC

Track:MC-04 → MC-05 → MC-06

$3,000 — $7,000/mo

Infrastructure Pentester

Test corporate networks and AD infrastructures, find paths to Domain Admin.

AD pentestingBloodHoundKerberoastingOSCP

Track:FC-04 → MC-05 → CRTP

Who this course is for

🏢

Pentesters

You test corporate infrastructures and want to master the full AD takeover cycle

🔴

Red Teamers

You simulate APT attacks and want to master advanced Domain Dominance techniques

🛡️

Blue Team / AD Admin

You want to understand AD attacks to properly configure defense and monitoring

Master AD Attacks
and become Domain Admin
today

18 lessons, BloodHound, Mimikatz and practice on a full AD lab environment.

Start Learning ← All Courses

MC-05● Available

Level: advanced

18 lessons

video + practice

4 modules

by topic

Advanced

difficulty level

BloodHound + Mimikatz

core tools

BloodHound: graph paths to Domain Admin

Kerberoasting and AS-REP Roasting

DCSync and Golden Ticket

Pass-the-Hash and Pass-the-Ticket