Complete Course Curriculum
25 lessons across 6 sections • 14 hands-on labs • ~6-7 hours of expert training
🎯 MITRE ATT&CK Coverage
- • T1558.001 — Golden Ticket
- • T1558.002 — Silver Ticket
- • T1558.003 — Kerberoasting
- • T1558.004 — AS-REP Roasting
- • T1556.003 — Skeleton Key
- • T1134.005 — SID-History Injection
- • T1003.006 — DCSync
- • T1557.001 — LLMNR/NBT-NS Relay
- • T1187 — Forced Authentication (Printer Bug)
📊 Event IDs for Detection
- • 4624 — Account Logon
- • 4627 — Group Membership Information
- • 4662 — Operation Performed on Object
- • 4668 — Application Attempted to Use Sensitive Privilege
- • 4698 — Scheduled Task Created
- • 4728 — Member Added to Security-Enabled Global Group
- • 4768 — Kerberos TGT Requested
- • 4769 — Kerberos Service Ticket Requested
- • 4770 — Kerberos Service Ticket Renewed
- • 4771 — Kerberos Pre-Authentication Failed
- • 4776 — Attempted to Validate Credentials
- • 5136 — Directory Service Object Modified
- • 5137 — Directory Service Object Created
Tools & Technologies
🔴 Offensive Tools
🔵 Defensive Tools
Course Sections
Section 1: Introduction & Setup
5 lessons • ~1.5 hours • ✓ Available Now
- Lesson 00: Course Introduction
- Lesson 01: Introduction and Lab Setup
- Lesson 02: Introduction to Active Directory
- Lesson 03: Group Policy
- Lesson 04: Enabling Logging and Auditing
Labs: Lab 0A (VMware Setup), Lab 0B (Ansible Configuration), Lab 0C (Azure Alternative)
Section 2: Active Directory Fundamentals
4 lessons • ~1.25 hours • ✓ Available Now
- Lesson 05: Key AD Accounts and Groups
- Lesson 06: Securing Windows Accounts
- Lesson 07: Windows Access Control Model (Comprehensive)
- Lesson 08: DACL Abuse Attacks (Comprehensive)
Labs: Lab 1 (AD Enumeration), Lab 2 (Access Control), Lab 3 (DACL Abuse & DCSync)
Section 3: Windows Authentication
4 lessons • ~45 minutes • ✓ Available Now
- Lesson 09: Windows Authentication
- Lesson 10: NTLM (Comprehensive)
- Lesson 11: Kerberos (Comprehensive)
- Lesson 12: Kerberos Logs Revisited (Comprehensive)
Labs: Lab 4 (NTLM Relay Attacks)
Section 4: Ticket Roasting Attacks
3 lessons • ~45 minutes • ⏳ Coming Q2 2026
- Lesson 13: AS-REQ Roasting
- Lesson 14: AS-REP Roasting
- Lesson 15: Kerberoasting
Labs: Lab 5 (Credential Access), Lab 6 (AS-REP Roasting), Lab 7 (Kerberoasting)
Section 5: Ticket Forging Attacks
4 lessons • ~1 hour • ⏳ Coming Q2 2026
- Lesson 16: Golden Ticket
- Lesson 17: Diamond Ticket
- Lesson 18: Silver Ticket
- Lesson 19: Skeleton Key
Labs: Lab 8 (Golden Ticket), Lab 9 (Diamond Ticket & SID History), Lab 10 (Silver Ticket & Skeleton Key)
Section 6: Kerberos Delegation
4 lessons • ~50 minutes • ⏳ Coming Q2 2026
- Lesson 20: Intro to Kerberos Delegation (Comprehensive)
- Lesson 21: Unconstrained Delegation (Comprehensive)
- Lesson 22: Constrained Delegation (Comprehensive)
- Lesson 23: Resource-Based Constrained Delegation (RBCD)
Labs: Lab 11 (Kerberos Delegation Attacks)
Wrapup
1 lesson • ~12 minutes
- Lesson 24: Course Summary & Next Steps
Lab Architecture
Production-Grade Centralized Logging
The lab uses Windows Event Forwarding (WEF) to centralize logs from all systems to an Elastic SIEM for real-world detection practice:
client1 (WEF client) ──┐
├─> dc1 (WEF collector) ──> dc1 (Winlogbeat) ──> adsecvm (Elasticsearch/Kibana)
db-server (WEF client) ─┘Lab Environment
- • adsecvm: 192.168.100.1
- • dc1: 192.168.100.11
- • client1: 192.168.100.21
- • db-server: 192.168.100.31
- • Domain: talespin.lab
Deployment Options
- • VMware: Local deployment
- • Azure: Cloud alternative
- • Ansible: Automated setup
- • Setup time: ~30-45 min
Requirements
- • RAM: 16GB min (32GB rec.)
- • Storage: 100GB free
- • CPU: x86 with VT-x
- • OS: Windows/Mac/Linux
Ready to Master Active Directory Security?
Join the waitlist and be the first to know when enrollment opens. $699 for 1-year access.
30-Day Money-Back Guarantee • Lifetime Access • All Future Updates Included