Module 10 · Red Team in AD

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 27, 2026
1 min read
Read as

Last updated: April 29, 2026

100% Free

No signup. No paywall. No catch. One of our 10 most-requested practitioner modules — published in full so anyone can learn for free. We earn through consulting, not by gating knowledge.

See all 10 free modules →

The complete red-team AD chain. Modules 8-17 in AD track covered individual techniques; this is operator playbook.

The complete red-team AD chain. Modules 8-17 in AD track covered individual techniques; this is operator playbook.

Path planning

  1. Initial access (phish, web exploit, valid creds)
  2. Local recon (BloodHound from compromised host)
  3. Identify shortest path to DA
  4. Choose technique per step (Kerberoast → DCSync, or RBCD → ticket forge)
  5. Execute with OPSEC (silent EDR-evasive techniques)
  6. Persistence at multiple tiers
  7. Exfiltrate target objectives
Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
← Previous · Module 8
Module 8 · Persistence Techniques
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 1 · Beginner

Red team vs pentest, engagement types, objectives, rules of engagement, and what a good red team…

Apr 22, 2026 · 4 min read
Academy
Module 2 · Intermediate

Phishing infrastructure, HTML smuggling, password spray, OAuth consent, and exposed-service exploitation.

Apr 22, 2026 · 5 min read
Academy
Module 3 · Advanced

Cobalt Strike, Sliver, Havoc, Mythic compared. Beacon anatomy, transports, malleable profiles, redirector architecture.

Apr 22, 2026 · 4 min read