Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
HTB Certified Active Directory Pentester Expert (HTB CAPE)
The Active Directory Penetration Tester Job Role Path is designed for individuals who aim to develop skills in pentesting large Active Directory (AD) networks and the components commonly found in such environments. This path equips students with the skills needed to evaluate the security of AD environments, navigate complex Windows networks, and identify elusive attack paths. This path includes advanced hands-on labs where participants will practice techniques such as Kerberos attacks, NTLM relay attacks, and the abuse of services like AD Certificate Services (ADCS), Exchange, WSUS, and MSSQL. Students will also learn how to exploit misconfigurations in Active Directory DACLs and Domain Trusts, perform evasion tactics in Windows environments, and leverage Command and Control (C2) frameworks for post-exploitation activities. By combining theoretical foundations with practical exercises and a structured methodology for identifying AD vulnerabilities, this path enables students to conduct professional security assessments on complex AD infrastructures and effectively report security weaknesses discovered by chaining multiple vulnerabilities.
Course Overview
- Interpreting a letter of engagement
- Advanced knowledge of network penetration testing and Windows security concepts
- Knowledge of Active Directory and its critical components (Kerberos, ADCS, Exchange, MSSQL, WSUS, SCCM, etc.)
- Proficiency in comprehending and effectively navigating complex Active Directory networks
- Understanding Active Directory security inefficiencies and misconfigurations, with the ability to detect and exploit them
- Knowledge of different Command and Control (C2) frameworks for post-exploitation activities
- Knowledge of evasion techniques to circumvent various Windows security measures
- Proficiency in chaining multiple Windows vulnerabilities
- Professional communication and reporting of vulnerabilities
Learning Objectives
- Advanced network penetration testing
- Active Directory security auditing
- Enumerating and navigating complex Active Directory networks
- Identifying security inefficiencies in Active Directory configurations, Group Policies, Discretionary Access Control Lists (DACLs), AD Trusts, etc.
- Privilege escalation
- Lateral movement
- Assessing the security of Active Directory Certificate Services (ADCS), Exchange, MSSQL, Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM), etc.
- Evading Windows security measures
- Chaining multiple network vulnerabilities
- Utilizing Command and Control (C2) frameworks for post-exploitation activities
- Reporting identified vulnerabilities in a professional and comprehensive manner
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.