PentesterAcademy Windows Red Team Labs

This is my Review for PentesterAcademy Certified Red Team Expert Certification. If I have missed anything in this blog then please let me know on twitter - @akshayjain_io

INTRODUCTION TO THE LABS

Windows Red Team Lab by Penterster Acadamy is introduced by Nikhil Mittal. It is a Windows based Active Directory Lab focused on abusing server configuration with having very Low amount of any public exploit. The goal of this lab to abuse the misconfiguration of Windows Active Directory. Some of the topic which was covered are:

  • Active Directory Enumeration

  • Kerberoasting

  • Abusing ACLs/ACEs

  • Impersonating Privileges

  • Phishing

  • Abusing MSSQL Server Links

  • AV Bypass

  • Abusing Domain trusts etc

  • Bypassing Applocker, AMSI, Powershell CLM Mode etc.

EXPERIENCE BEFORE OPTING FOR LABS

As these was not my first Red Team Labs. I was already completed Offshore and RastaLabs from Hackthebox. Some of the topic was pretty similar but Windows Red Team Lab is really big and covering most of the Topic that has been missed out. I strongly suggest to practice Topic such as Kerberoas, MSSQL, Powershell Enumeration etc. You can refer to blogs by ADSecurity or Harmj0y. Also try to complete Powershell for Pentesters & Abusing SQL Server Trusts in a Windows Domain by Pentester Academy.

OPTING FOR LABS

Once registration is completed, you will receive VPN credentials to connect the Lab Network and RDP Credentials to connect with the windows student Machine. By default, We will start the Lab from hard level. However, It is possible to change the difficulty twice a month. You are free to use any tool or technique to conquer the labs. There any many flags along the way. Generally, there are no common format for flags. Usually flags are a simple sentence indicating the hints for labs.

EXAM REVIEW

This is the 48 hours hands-on practical exam having 8 Systems in Active Directory. Students can submit the Exam report within next 48 hours. The Exam Report should be detailed showing how to reproduce the vulnerability with proper screenshots. Suggesting proper remediation and description about the exploits and tool can be a plus point as the Exam Result is also dependent on the Report Quality.

CERTIFICATION

After submitting the report, I got the confirmation within 24 hours over mail. Certification is recieved in a soft PDF Copy within 1 week of exam competition.

CONCLUSION

I really suggest this labs to anyone who is looking to learn more skill in AD Security and Red Teaming. This is a really good and unique lab covering most of the real world scenario.

Feel Free to contact me on Twitter if you still have any questions related to the labs.

PreviousCWE-316: Sensitive Information Stored in MemoryNextExploiting Misconfigured IAM assume-role in AWS

Last updated