Wr3nch0x1
  • $id
  • Field Manual
    • Pentest Cheatsheet
    • Useful Google Dorks
  • 0x0 Recon
    • Monitoring the Environment: Nmap Diffing
    • Scheduling Nmap - LazyNmap
  • 0x1 Code Injection
    • T1038: DLL Hijacking / Injection
    • Backdooring PE Files
  • 0x2 Thick Client Security Testing
    • CWE-316: Sensitive Information Stored in Memory
  • Reviews
    • PentesterAcademy Windows Red Team Labs
  • Cloud Security
    • Exploiting Misconfigured IAM assume-role in AWS
Powered by GitBook
On this page
  • INTRODUCTION TO THE LABS
  • EXPERIENCE BEFORE OPTING FOR LABS
  • OPTING FOR LABS
  • EXAM REVIEW
  • CERTIFICATION
  • CONCLUSION
  1. Reviews

PentesterAcademy Windows Red Team Labs

This is my Review for PentesterAcademy Certified Red Team Expert Certification. If I have missed anything in this blog then please let me know on twitter - @akshayjain_io

PreviousCWE-316: Sensitive Information Stored in MemoryNextExploiting Misconfigured IAM assume-role in AWS

Last updated 5 years ago

INTRODUCTION TO THE LABS

is introduced by It is a Windows based Active Directory Lab focused on abusing server configuration with having very Low amount of any public exploit. The goal of this lab to abuse the misconfiguration of Windows Active Directory. Some of the topic which was covered are:

  • Active Directory Enumeration

  • Kerberoasting

  • Abusing ACLs/ACEs

  • Impersonating Privileges

  • Phishing

  • Abusing MSSQL Server Links

  • AV Bypass

  • Abusing Domain trusts etc

  • Bypassing Applocker, AMSI, Powershell CLM Mode etc.

EXPERIENCE BEFORE OPTING FOR LABS

As these was not my first Red Team Labs. I was already completed Offshore and RastaLabs from Hackthebox. Some of the topic was pretty similar but Windows Red Team Lab is really big and covering most of the Topic that has been missed out. I strongly suggest to practice Topic such as Kerberoas, MSSQL, Powershell Enumeration etc. You can refer to blogs by or . Also try to complete & by Pentester Academy.

OPTING FOR LABS

Once registration is completed, you will receive VPN credentials to connect the Lab Network and RDP Credentials to connect with the windows student Machine. By default, We will start the Lab from hard level. However, It is possible to change the difficulty twice a month. You are free to use any tool or technique to conquer the labs. There any many flags along the way. Generally, there are no common format for flags. Usually flags are a simple sentence indicating the hints for labs.

EXAM REVIEW

This is the 48 hours hands-on practical exam having 8 Systems in Active Directory. Students can submit the Exam report within next 48 hours. The Exam Report should be detailed showing how to reproduce the vulnerability with proper screenshots. Suggesting proper remediation and description about the exploits and tool can be a plus point as the Exam Result is also dependent on the Report Quality.

CERTIFICATION

After submitting the report, I got the confirmation within 24 hours over mail. Certification is recieved in a soft PDF Copy within 1 week of exam competition.

CONCLUSION

I really suggest this labs to anyone who is looking to learn more skill in AD Security and Red Teaming. This is a really good and unique lab covering most of the real world scenario.

Feel Free to contact me on Twitter if you still have any questions related to the labs.

Windows Red Team Lab by Penterster Acadamy
Nikhil Mittal.
ADSecurity
Harmj0y
Powershell for Pentesters
Abusing SQL Server Trusts in a Windows Domain
https://twitter.com/SecurityTube/status/1109373279322542080