Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Active Directory Security · modules

Red-team and blue-team AD. Kerberos, BloodHound, defensive hardening.

22 results · Page 1/3
Filtering: Track: Active Directory Security × Clear all →
Active Directory Security Expert Free

Module 22 · DCShadow — Stealth Domain Replication Abuse

Why this module exists. DCShadow is the textbook example of “stealth persistence”. An attacker with sufficient privileges does not need to keep dropping files, scheduling tasks, or modifying registry keys — they push the change into the directory itself via the replication protocol, and the change is now part of the canonical AD state. Defender […]

May 13, 2026 35 min Open
Active Directory Security Advanced Free

Module 20 · AD Trust Relationships Deep Dive — Forest, External, Shortcut

Why this module exists. AD has six distinct trust types. Each has different transitivity, SID Filtering defaults, Kerberos behaviour, and attacker-reachable abuse pattern. The median Indian-bank AD environment we audit has at least one trust whose properties the owning team cannot explain. This module is the missing reference. The six trust types — at a […]

May 13, 2026 35 min Open
Active Directory Security Intermediate Free

Module 21 · LAPS Bypass & Local Admin Password Strategy

Why this module exists. Before LAPS, the canonical AD post-exploitation move was: dump the local Administrator hash from any workstation, then Pass-the-Hash to every other workstation in the estate. LAPS killed that move by making each machine’s password independent. But LAPS adoption is incomplete in Indian enterprises (typically 60-80% coverage in audits) and the ACLs […]

May 13, 2026 30 min Open
Active Directory Security Expert Free

Module 19 · SID History Abuse & Cross-Forest Trust Attacks

Why this module exists. Forest trusts were Microsoft’s promise that the forest boundary was a hard security boundary. SID Filtering — enabled by default on external trusts since Windows Server 2003 — was the control that made the promise real. But every year, a new variation on SID-History abuse shows it is not as hard […]

May 13, 2026 35 min Open
Active Directory Security Advanced Free

Module 18 · AdminSDHolder & SDProp Persistence

Why this module exists. AdminSDHolder is one of the cleanest persistence primitives in AD because it abuses a feature, not a bug. Microsoft built SDProp to protect privileged accounts from accidental ACL drift. Attackers turned that protection into a self-healing backdoor. If you have ever seen an environment where the IR team cleaned up the […]

May 13, 2026 30 min Open
Active Directory Security Advanced Free

Module 17 · Read-Only Domain Controllers (RODCs) — Attack & Defence

Why this module exists. RODCs were Microsoft’s 2008 answer to “we need a DC at a branch office, but the branch office has no physical security.” The model: cache only specific user passwords; if the RODC is stolen, only those users’ hashes are exposed. The reality: misconfigured RODCs cache more than admins realise, and compromised […]

Apr 27, 2026 30 min Open
Active Directory Security Advanced Free

Module 16 · AD Tier-0 Hardening — The Defender’s Playbook

Why this module exists. Most AD breaches succeed because Domain Admin credentials end up exposed on workstations or member servers. Microsoft’s Tiered Administration Model (originally “Securing Privileged Access” / “Enterprise Access Model”) is the structural fix. It’s well-documented and rarely implemented in full. This module is the practical playbook. The model Three tiers, in increasing […]

Apr 27, 2026 40 min Open
Active Directory Security Advanced Free

Module 9 · Pass-the-Hash & Pass-the-Ticket

Why this module exists. Pass-the-Hash was first published in 1997. Microsoft has shipped 28 years of mitigations and the technique still works on most enterprise networks. Understanding why it persists, and what actually stops it, is foundational to defending AD. NTLM in 30 seconds NTLM authentication doesn’t transmit the password. The client transmits the NT […]

Apr 27, 2026 35 min Open
Active Directory Security Advanced Free

Module 8 · AS-REP Roasting — The Quiet Cousin of Kerberoasting

Why this module exists. Every AD pentester checks Kerberoasting first. Most check AS-REP Roasting second. The astonishing thing is how often it works in 2026 — accounts with DONT_REQ_PREAUTH set, often “temporarily” by an admin in 2014 and never unset. One vulnerable account is enough to crack a domain user’s password offline. The bug, structurally […]

Apr 27, 2026 30 min Open
Active Directory Security Intermediate Free

Module 15 · Password Spraying Against AD in 2026

Why this module exists. Brute force = trying many passwords against one account → triggers lockout. Spraying = trying one password against many accounts → stays under lockout thresholds. The result of spraying every Indian enterprise’s user list with “Password@2026” is, statistically, 2-5% success — sometimes including admins. The math Default AD account lockout: 5 […]

Apr 27, 2026 25 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map