MC-04

Windows privilege escalation: AlwaysInstallElevated, UAC bypass, token impersonation, Mimikatz and WinPEAS.

12 lessons3 topicsIntermediatewinPEAS + Mimikatz

Start Learning ← All Courses

PS C:\Users\victim>

PS> .\winPEAS.exe | Select-String "vector"

[*] Запускаю WinPEAS...

[!] AlwaysInstallElevated: 1

[!] SeImpersonatePrivilege enabled

[!] Unquoted: C:\Program Files\Vuln App

PS> █

Why this matters right now

Windows PrivEsc -- the reality of corporate pentesting

68%of corporate networks run Windows

CVE-2021PrintNightmare affected all Windows versions

500+PrivEsc techniques in LOLBAS

40%of services have SeImpersonate for Potato attacks

After the course you will be able to

Not abstract knowledge -- concrete skills you can demonstrate in an interview

WinPEAS: automated Windows system audit

UAC bypass: circumventing User Account Control

Token Impersonation: Potato attacks to gain SYSTEM

DLL Hijacking via incorrect library search order

Mimikatz: extracting credentials from LSASS memory

Pass-the-Hash attacks without knowing the plaintext password

Service exploits: weak permissions and unquoted service paths

Registry PrivEsc via AutoRun and weak key permissions

Real attacks in the course

Every lesson is built on real incidents -- not made-up examples

Real case2021

PrintNightmare (CVE-2021-1675)

A critical Windows Print Spooler vulnerability allowed any domain user to gain SYSTEM privileges on the domain controller. Affected all Windows versions.

Topic 03 · Service exploits

Real case2017

EternalBlue + MS17-010

An NSA exploit for SMBv1 allowed remote code execution with SYSTEM privileges. Became the basis for WannaCry and NotPetya, causing $10B in damages.

Topic 02 · Token Impersonation

Success story2023

Potato Attacks: SYSTEM via SeImpersonatePrivilege

Classic technique: service account with SeImpersonatePrivilege -> JuicyPotato -> SYSTEM. Works on most corporate Windows installations.

Topic 02 · Token Impersonation

Course Program

3 topics · 12 lessons · from WinPEAS to Mimikatz and Pass-the-Hash

System and patch information gathering

User and group enumeration

Searching for saved credentials

Installed software and service analysis

Where this course leads

MC-04 -- a key skill for three career paths in cybersecurity

$2,500 -- $6,000/mo

Windows Pentester

Specialize in testing Windows infrastructure, finding PrivEsc vectors in corporate networks.

WinPEASMimikatzPowerShellLOLBAS

Track:FC-02 -> MC-04 -> MC-05

$3,500 -- $8,000/mo

Red Teamer

Simulate real APT attacks in Windows environments, using advanced techniques to bypass defenses.

OPSECC2 FrameworkPrivEscLateral Movement

Track:MC-04 -> MC-05 -> Red Team

$2,000 -- $5,000/mo

Incident Responder

Investigate PrivEsc incidents in Windows, identify attack traces and restore systems.

DFIRWindows ForensicsEvent LogsThreat Hunting

Track:MC-04 -> MC-10 -> DFIR

Who this course is for

Pentesters

Want to close the gap in Windows PrivEsc and confidently gain SYSTEM in corporate engagements

Red Teamers

Learning advanced post-exploitation techniques in Windows for APT attack simulation

Incident Responders

Want to understand how PrivEsc attacks work to better investigate incidents

Master Windows PrivEsc
and gain SYSTEM
today

12 lessons, WinPEAS, Mimikatz and practice on real Windows lab environments.

Start Learning ← All Courses

MC-04● Available

Windows Privilege Escalation

Level: intermediate

12 lessons

video + practice

3 topics

by topic

Intermediate

difficulty level

winPEAS + Mimikatz

main tools

UAC bypass and Token Impersonation

Mimikatz: credential dumping

Real CVEs: PrintNightmare

Pass-the-Hash techniques