Active Directory Labs Journey

Hello All,

It been long time since I wrote my last blog. Hopefully I will again get back on track and write some more blogs post soon which are in my to-do list. So without wasting more time lets focus on the Active Directory Lab Journey.


The purpose of this post is to write a review of Active Directory Lab course which is hosted by Pentester Academy & designed by Nikhil Mittal. As mentioned on their website the course is indeed "... designed to provide a platform for security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The lab is beginner friendly and comes with a complete video course and lab manual. "
The course comes with options of 30, 60 or 90 days of lab access. I choose the 30 days options as I was familiar with Windows AD environment and some attack vectors. My aim was to learn and fill the gaps which I may not have known.

They also provide a challenge lab with their Windows Red team Labs course, you can find a detailed review of the course here: -

Course Material and Labs

The course is packed with videos and manual along with the solutions to solve lab objectives.

Getting Started

You can choose to start  your lab access immediately or anytime within the next 90 days based on lab availability.
On the day you choose to start the lab, you will be provided with an VPN and a Windows VM. You can connect the student machine via RDP. All details will be provided in the email.

Lab Network
Lab Network. Image Credits:
Lab Review

Students will be provided access to the student machine (Windows 10) with low privilege user in the Active Directory. The machine is connected to the Active Directory and has antivirus running. Students are tasked to escalate the privilege on the student machine to gain admin privilege and disable the antivirus to load the tools which will help them to progress through the course and lab. It is not possible to connect to the student machine apart from RDP.

The course video allows students to go through the videos and then solve the tasks mentioned in the end of the video and get hands on understanding in the lab.

The course helped me learn many new concepts and cleared lot of my concepts regarding windows AD environment. The lab is designed to make student aware of the windows misconfigurations and finding ways in which an enterprise network can be compromised. The lab does not make use of any known exploits and does not encourage use of exploitation techniques to progress through the course.

The course has 23 learning objectives as we progress through the course, including multiple tasks in each objective.

The course is very informative and the best place to start for any beginner or a red teamer, to get a good understanding of various attack vectors which can be leverage to compromise an enterprise.

I really liked the course content and the lab which is really fantastic.

My Approach

After clearing the exam a lot of my friends asked me how I approached the lab (as few have enrolled), or how can they do it once they enroll.
So my approach was to go through the course video one by one and understand it.
I also made notes along the course and then tried to solve the learning objectives as they come at end of each topic. In place where I was stuck, I referred the lab walkthrough manual or gone through the lab walktrough video.

The topics covered in the course are to the point, and hence based on your understanding you may need to read more on few topics before proceeding.

Exam Review

The exam is completely an practical exam. There are 5 systems in the exam with forest environment. Students are given 24 hrs to complete the exam, and next 48 hours to write a detail report & submit the report. The report should contain the step by step walk through to compromise the system. It should also contain the practical recommendation for all the vulnerabilities which student has exploited to gain access on the system. The goal of the exam is to gain command execution on the system with any privilege.

To clear the exam minimum of three boxes need to be compromised, and the report quality should be good. The focus is not just on compromising all the boxes but on writing good reports as well.

I was able to compromise 4 machines and on the last one I got partial execution.

Tip: Make notes of commands you practice in the labs along with short description about the command. This comes really handy at the time of exam.


The course is very informative and recommended for everyone. Special thanks to Nikhil Mittal for this course.

Note: All opinions on the blog are mine, reading of any or all information on is of your own free will.

No comments:

Post a Comment