CybyAI
MC-04

Windows privilege escalation: AlwaysInstallElevated, UAC bypass, token impersonation, Mimikatz and WinPEAS.

12 lessons3 modulesIntermediatewinPEAS + Mimikatz
Start Learning← All Courses

Why this matters right now

Windows PrivEsc -- the reality of corporate pentesting

68%of corporate networks run Windows
PrintNightmarevulnerability affected all Windows versions
500+PrivEsc techniques in LOLBAS
SeImpersonatePrivilegepresent in 40% of service accounts

After the course you will be able to

Not abstract knowledge -- concrete skills you can demonstrate in an interview

πŸ”WinPEAS: automated Windows system audit
πŸš—UAC bypass: circumventing User Account Control
πŸ₯”Token Impersonation: Potato attacks to gain SYSTEM
πŸ“¦DLL Hijacking via incorrect library search order
πŸ”‘Mimikatz: extracting credentials from LSASS memory
πŸ”„Pass-the-Hash attacks without knowing the plaintext password
βš™οΈService exploits: weak permissions and unquoted service paths
πŸ—οΈRegistry PrivEsc via AutoRun and weak key permissions

Real attacks in the course

Every lesson is built on real incidents -- not made-up examples

Real case2021

PrintNightmare (CVE-2021-1675)

A critical Windows Print Spooler vulnerability allowed any domain user to gain SYSTEM privileges on the domain controller. Affected all Windows versions.

Module 03 Β· Service exploits
Real case2017

EternalBlue + MS17-010

An NSA exploit for SMBv1 allowed remote code execution with SYSTEM privileges. Became the basis for WannaCry and NotPetya, causing $10B in damages.

Module 02 Β· Token Impersonation
Success story2023

Potato Attacks: SYSTEM via SeImpersonatePrivilege

Classic technique: service account with SeImpersonatePrivilege -> JuicyPotato -> SYSTEM. Works on most corporate Windows installations.

Module 02 Β· Token Impersonation

Course Program

3 modules Β· 12 lessons Β· from WinPEAS to Mimikatz and Pass-the-Hash

Where this course leads

MC-04 -- a key skill for three career paths in cybersecurity

$2,500 -- $6,000/mo

Windows Pentester

Specialize in testing Windows infrastructure, finding PrivEsc vectors in corporate networks.

WinPEASMimikatzPowerShellLOLBAS
Track:FC-02 -> MC-04 -> MC-05
$3,500 -- $8,000/mo

Red Teamer

Simulate real APT attacks in Windows environments, using advanced techniques to bypass defenses.

OPSECC2 FrameworkPrivEscLateral Movement
Track:MC-04 -> MC-05 -> Red Team
$2,000 -- $5,000/mo

Incident Responder

Investigate PrivEsc incidents in Windows, identify attack traces and restore systems.

DFIRWindows ForensicsEvent LogsThreat Hunting
Track:MC-04 -> MC-10 -> DFIR

Who this course is for

πŸͺŸ

Pentesters

Want to close the gap in Windows PrivEsc and confidently gain SYSTEM in corporate engagements

πŸ”΄

Red Teamers

Learning advanced post-exploitation techniques in Windows for APT attack simulation

πŸ”

Incident Responders

Want to understand how PrivEsc attacks work to better investigate incidents

Master Windows PrivEsc
and gain SYSTEM
today

12 lessons, WinPEAS, Mimikatz and practice on real Windows lab environments.

Start Learning← All Courses
MC-04● Available

Windows Privilege Escalation

Level: intermediate

12 lessons
video + practice
3 modules
by topic
Intermediate
difficulty level
winPEAS + Mimikatz
main tools
UAC bypass and Token Impersonation
Mimikatz: credential dumping
Real CVEs: PrintNightmare
Pass-the-Hash techniques