Pentesting Windows systems


Training about several security concepts for Windows and Active Directory penetration tests. Lectures and workshop about authentication protocoles, authorization schemes and privilege escalation accross the network.


5 days


Day 1

  • Windows security basics

    • Password hashing schemes

    • Authentication protocoles

  • Windows network recon

    • Name resolution protocols

    • Windows network usual services

  • From unauthenticated network access to domain user

Day 2

  • Local privilege escalation

    • UAC Bypass

    • Information gathering on compromised computer

    • Bouncing in the internal network

Day 3

  • Privilege escalation through an Active Directory domain

    • Bouncing

    • Control paths

    • Dump of the domain authentication base

  • Software restriction bypasses

    • AppLocker

    • Restricted contexts evasion (Citrix, RDP Kiosk)

Day 4

  • Privilege escalation accross domains

    • Ticket forge (golden ticket, silver ticket)

    • Unconstrained delegation abuse

  • Software restriction bypass

    • AMSI Bypass

Day 5

  • Persistence in a compromised network

  • Indice of compromise deletion / trace management