Active Directory Attacks for Red and Blue Teams – Advanced Edition (Online)
Training Overview
Advanced Active Directory Attacks & Red Team Operations is a deep, hands-on training at CSA XCON 2026, Dehradun, focused on attacking modern, fully defended Active Directory environments using real-world red team methodologies.
Active Directory remains the backbone of enterprise identity and access management across the globe. While organizations invest heavily in security tooling, many AD environments still remain vulnerable to stealthy abuse, misconfigurations, and feature-level attacks. This training helps participants understand how modern adversaries operate inside hardened enterprise networks and how those attacks can be detected and defended against.
The course is built on real red team engagements, emphasizing OPSEC, stealth, and methodology over noisy or outdated attack techniques.
About the Training at CSA XCON 2026
This training delivers a full attack lifecycle experience, starting from an initial user compromise and progressing toward multi-domain and multi-forest dominance in a realistic enterprise environment.
Key highlights include:
This training delivers a full attack lifecycle experience, starting from an initial user compromise and progressing toward multi-domain and multi-forest dominance in a realistic enterprise environment.
Key highlights include:
- Focus on attacking modern, fully patched AD environments
- Realistic enterprise labs with active defenses enabled
- Deep coverage of stealth, OPSEC, and detection-aware tradecraft
- Emphasis on abusing AD features, not patchable vulnerabilities
- Balanced perspective for both offensive and defensive professionals
This session strongly aligns with CSA XCON’s goal of enabling practical, real-world cybersecurity expertise across red, blue, and purple teams.
What You Will Learn
Participants will gain hands-on experience with:
- OPSEC and stealth fundamentals for enterprise attacks
- Offensive PowerShell and .NET tradecraft
- Deep Active Directory enumeration techniques
- Trust mapping and trust abuse
- Privilege escalation techniques including:
- Delegation abuse
- LAPS and gMSA abuse
- SPN hijacking and shadow credentials
- Advanced Kerberos attacks and defenses
- Golden, Silver, and Diamond tickets
- Kerberoasting and related attacks
- Cross-forest and cross-domain lateral movement
- Credential replay techniques
- Pass-the-Hash, Token replay, certificate replay
- Attacking hybrid identity and Entra ID integrations
- Abuse of AD-integrated Microsoft services (AD CS, SQL Server, etc.)
- Persistence mechanisms in enterprise environments
- Monitoring and defending Active Directory
- Bypassing modern defenses such as EDR and identity protection tools
Training Experience & Expectations
- Strongly hands-on and lab-driven training
- Realistic enterprise environment with multiple domains and forests
- Defenses enabled, including modern EDR and identity monitoring
- Focus on techniques and methodology, not just tools
- Learn attacks that remain relevant even as patches and tools evolve
Participants will leave with a deep understanding of how real attackers think and operate inside enterprise identity infrastructures.
Who Should Attend
This training is ideal for:
- Red Teamers and penetration testers
- Blue Teamers and SOC professionals
- Active Directory and enterprise administrators
- Detection engineers and security architects
- Professionals involved in identity and access security
If you are comfortable with:
- Linux environments
- Basic scripting
- Using simple hardware tools
Skill Level
Intermediate to Advanced
Participant Requirements
Participants should have:
- Basic understanding of Active Directory or enterprise security
- Familiarity with command-line tools
- A system capable of connecting to remote lab environments
Apple systems are not recommended due to virtualization limitations.
What Participants Will Receive
Each participant will receive:
- Access to a realistic enterprise AD lab with multiple domains and forests
- Cloud-based student VM with all required tools pre-installed
- Extended lab access after the training to continue practice
- One attempt at a Certified Red Team Expert (CRTE) certification exam
- Post-training support through community and communication channels
Trainers
This training will be delivered by globally recognized experts in Active Directory security and red team operations, with extensive experience conducting enterprise security assessments and delivering training at leading international cybersecurity conferences.