Windows Red Teaming (Breach Sims)
Windows Red Teaming (Breach Sims)

BY Karan Patel, Shashi Kant, Ganesh Bakare & Shaunak Khosla

Training Overview

The Windows Red Teaming Training (Breach Simulations) is a unique opportunity for cybersecurity professionals to enhance their offensive security skills in Active Directory environments. This course is a deep dive into practical red team engagements through Windows Active Directory enumeration, exploitation, misconfigured scenarios, and much more. We understand the strong need to immerse ourselves in practical scenarios. Thus, we bring you a fine-tuned Windows Red Team Training Program that's a whopping 70% practical and 30% theory, where we reflect on actual cyber threats, enumerating Active Directory environments, misconfigurations, bad practices, and exploitation, all done and taught by seasoned Red Teamers who deal with such environments on a daily basis. We strongly believe in providing value to the world, and this training is not about running scanners or any basic automation but a hands-on experience of real-life Active Directory environments, their misconfigurations, what attackers look for, how they maintain persistence, and, more importantly, how as the good guys we can prevent and mitigate such adversaries. Furthermore, to provide maximum value to our audience, we also provide a week's worth of additional lab time, and a certificate of completion for everyone who completes the training program. Join us as we go through this cyber kill chain filled with excitement, mystery, and, most importantly, knowledge.

Subjects Addressed

  • Enumerating AD Network
  • Relay Attacks
  • ACL Abuse
  • GPO Abuse
  • Kerberos Based Attacks
  • Delegation Attacks
  • AD Certificate Services
  • IPv6 DNS Take Over
  • Persistence
  • Trust Abuse


  • Eagerness to learn with an open mind
  • Familiarity with Windows Operating Systems
  • Basics of Penetration Testing
  • Basics of Active Directory
  • Familiarity with the Windows and Linux CLI

Training Outline

Day 1

    1. Introduction to Active Directory
  • • Overview of Active Directory (AD)
  • • Role and Importance of AD in Enterprise Networks.
  • 2. Understanding and Enumerating Active Directory Components
  • • Exploring AD Structure and Components
  • • Enumeration Techniques and Tools
  • 3. NTLM Relay Attacks (LLMNR Poisoning)
  • • Understanding NTLM Relay Attacks
  • • LLMNR Poisoning: Techniques and Mitigations
  • 4. Access Control Lists (ACLs) Abuse
  • • Overview of Access Control Lists in AD
  • • Exploiting ACLs for Unauthorized Access
  • 5. Kerberos Based Attacks
  • • Kerberoasting and AS-REP Roasting
  • • Deep Dive into Kerberos Delegation
  • • Unconstrained, Constrained, and Resource-Based Constrained Delegation Attacks

Day 2

    1. Active Directory Certificate Services
  • • Understanding Certificate Services
  • • Exploiting misconfigured Certificate Templates and CAs (ESC1, ESC4, ESC8)
  • 2. IPv6 DNS Takeover Attack
  • • Overview of IPv6 in AD Environments
  • • Exploiting DNS Vulnerabilities in IPv6
  • 3. Persistence Strategies
  • • Techniques for Establishing Persistence (Golden Ticket, Silver Ticket)
  • • Detecting and Mitigating Persistent Threats
  • 4. Abusing MSSQL Trust Links
  • • Exploiting Trust Relationships in MS-SQL
  • • Leveraging Trust Links for Unauthorized Access
  • 5. Exploiting Trust Relationships
  • • Understanding Trust Relationships in AD
  • • Practical Exploitation Techniques

Who Should Enroll?

  • Anyone who wants to breakthrough in Offensive Security
  • Future Red Team enthusiasts
  • Cybersecurity professionals
  • Security Analyst
  • System Administrators

System Requirements

  • CPU: 64-bit Intel i5/i7 (7th generation or newer), AMD equivalent A x64 bit, 2.0+ GHz or newer processor is sufficient for this class.
  • 8GB of RAM or more is required.
  • Wireless networking is required.

Key Take Aways

In this two-day training, participants gain mastery in Active Directory (AD) security. Learners leave with a holistic understanding of AD security, equipped with actionable skills for immediate application in real-world scenarios. The training emphasizes not only advanced exploitation but also effective risk mitigation strategies.


Karan Patel

A top-of-the-heap collaborative professional who currently serves as the CEO and Technical Director at Redfox Security. Having immersed himself in the security industry as a consultant for 10+ years, he focuses on application and mobile security, infrastructure security, red teaming, cloud security, threat modeling, and a broad range of penetration testing services. He has helped many Fortune 500 companies and start-ups because of his analytical skills and focus on growth.

Shashi Kant

OSCP certified cyber security professional with 4+ years of experience who currently works as a Security Consultant at Redfox Security. He is experienced in penetration testing across various domains, including Red Teaming, Cloud Security, Web Applications, and DevSecOps. He boasts an impressive track record, having executed numerous high-stakes red-teaming engagements for major industry titans.

Ganesh Bakare

Passionate cybersecurity professional with OSCP, OSEP, and OSWE certifications who currently works as a Security Consultant at Redfox Security. He is dedicated to pushing the boundaries of ethical hacking. Leveraging extensive expertise in offensive security, he thrives on unraveling complex challenges and fortifying the digital landscape.

Shaunak Khosla

A young blood with a highly competent mindset owning not only a multitude of highly regarded certifications in the industry, such as OSCP, OSEP, OSWE, ECEH, and CRTP but also experience in dealing with enormous active directory environments, OPSEC considerations, malware development to bypass modern threat detection/prevention solutions and even phishing and delivery such as word macros, shortcut files and so on. He currently works as a Security Consultant at Redfox Security.


©2024 BSides GOA All rights reserved