• Kerberos Abuse: This section is dedicated to the abuse of the Kerberos authentication system, including techniques such as pass-the-ticket, Kerberoasting and AS-REP roasting. These advanced methods allow attackers to compromise otherwise well-secured networks.
• Active Directory Enumeration and Exploitation: Here participants learn how to search and exploit Active Directory structures. This includes LDAP enumeration, DCSync attacks that allow user credentials to be replicated and delegation abuse to gain unauthorized access to the network.
• Privilege Escalation: Participants will learn how to escalate privileges within a system or network to gain higher access rights. This is particularly necessary if initial access to a system is successful, but extended authorizations are required for further action. This includes techniques such as path interception, token manipulation and bypassing user account control (UAC).
• Lateral Movement: This teaches how attackers move within a network by exploiting or extending existing access rights. The focus is on methods such as pass-the-hash, the use of remote services and credential dumping.
• Evading Endpoint Protections: Finally, participants learn how attackers can circumvent common endpoint protection mechanisms. These include obfuscation (code obfuscation), living off the land (exploiting legitimate tools for malicious purposes) and fileless malware, which works without traditional files and is therefore harder to detect.

Training environment

The training is completely virtualized.

Each participant receives their own hardware server (!) with at least two NVME SSDs and at least 256 (!) GB RAM.

Each participant sets up their own environment with the trainer. New systems are set up in seconds (!) using the appropriate hardware.