Windows & Active Directory Security

This two-day knowledge-packed training is a deep-dive into the inner workings and security of Windows and Active Directory. This training will help you to understand and implement security controls that aid in stopping or detecting modern attacks attack techniques used by red teams and targeted attackers.

Combining a large and private hands-on lab and having instructors with over 12+ year’s experience in breaking into Windows networks, you will leave this training excited and prepared for the next steps in Windows and AD security.

This course is powered and delivered by the experts of Outflank

Who should attend

The training is optimally suited for:

  • Defenders, Windows and Active Directory administrators who want to strengthen their knowledge of Windows and Active Directory internals, security concepts and defensive measures.
  • Penetration testers and ethical hackers wanting to provide better recommendations to their clients on defensive measures.
  • Security professionals interested in expanding their knowledge of Windows and Active Directory related modern attack techniques, Red Teaming and defend against it.
  • Forensic professionals who want to better understand the entire flow of an attacker and offensive tactics.
  • Technical auditors wanting to increase their hands-on experience and technical skills.
  • Attendees of other Outflank trainings who are looking for more in-depth knowledge on Windows and Active Directory security concepts as well as defensive measures.

Key learning objectives

The training is focussed on several key elements:

  • Key theoretical concepts e.g. kill chain, course of action matrix, pyramid of pain, tiering security model, etc.
  • Windows inner workings and key concepts that are often abused by attackers, or can help you in stopping or detecting attackers. Amongst others: How do processes work in detail? ACL and security descriptors, AMSI, Local Security Authority Subsystem Service, DCOM/WMI, relaying attacks.
  • Active Directory inner workings and key concepts that are often abused by attackers, or can help you in stopping or detecting attackers. Amongst others: the inner workings of Kerberos and LDAP, attacks abusing the Kerberos protocol (i.e. golden ticket, silver ticket), domain trusts and attacks such as unconstrained delegation, resource-based delegation or Microsoft Exchange and common misconfigurations.
  • Windows logging in detail, with amongst others topics such as WEF, Sysmon, centralised logging, ATT&CK and EDR features.
  • Security of networking protocols, and the power of the built-in Windows firewall.
  • Recent developments related to Azure Active Directory that could introduce new risks or help you addressing them.
  • Relevant security models to enhance the security of Windows and Active Directory environments. Amongst others: privilege access workstations, the clean source principal and the Microsoft tiering model.


This training uses the same approach as other trainings by Outflank. This means:

  • Interactive setting with multiple trainers, each bringing their dedicated area of expertise.
  • A combination of theory and learning by doing.
  • Large lab environments per student that represent real office networks.
  • Students will learn about and perform both offensive and defensive steps in the lab; working with Cobalt Strike and with modern ways of log centralisation and security monitoring.
  • Detailed labmanual that guides the students through each lab assignment, including extra assignments for more experienced students.
  • Full set of training material to take home and restudy at a later moment.

Personal lab environment

During the training, participants have access to a personal lab environment that acts as a playground area. Having a personal lab is a key differentiator compared to many other labs. This environment is comparable to common enterprise networks as it contains Windows servers and desktops, an Active Directory domain, multiple services, user accounts and service accounts. Furthermore, commonly found insecurities are configured on purpose, as well as detective measures are in place, e.g. central monitoring environments using open source and commercial tools (e.g. IDS, Splunk/ELK stack). We have spent significant time making this lab as real as possible.

Hardware requirements for attendees

A laptop that has the ability to run a Remote Desktop Connection.

Pre-required knowledge for attendees

It helps if you already have detailed experience with Windows and Active Directory, commonly found in a systems engineering role. Yet, the training is setup in such a way that any participant with a technical IT background and a basic level of security knowledge can follow the topics; it welcomes both novices and veterans. There are extra lab assignments for students that want to go the extra mile.

About the trainers

The training is hosted by a selection of three of the trainers enlisted below. Working at the Dutch company Outflank, they focus on Red Teaming operations and advanced penetration tests. The training is created based on their 10+ years of experience with offensive operations and advising their clients on defending against targeted attackers. They each bring their own unique expertise to this training, ranging from SOC operations, custom malware and infrastructure security.

The programme

LocationBCN Utrecht Daltonlaan 100, 3584 BJ Utrecht
Price€ 1800,- per participant, excluding taxes


  1. Jarno van de Moosdijk Digital security expert, ethical hacker & director at Outflank

    Where it all began After jobs at various computer shops, an online gaming adventure got quite serious: ending up playing Unreal Tournament capture the flag on a high level. Being frustrated by ..

    More about Jarno van de Moosdijk

    View on Linkedin

  2. Marc Smeets IT security expert, ethical hacker & co-founder bij Outflank

    Where it all began Computers got my attention when I was about 10 years old. It started with games, but quickly all those weird commands you had to enter before the game got my attention. Not h..

    More about Marc Smeets

    View on Linkedin

  3. Stan Hegt Digital security expert and co-founder at Outflank

    Where it all began I am terrible at playing computer games. At the age of 10, I was attracted by a completely different side of computers than most of my friends. I was pulled into the world of..

    More about Stan Hegt

    View on Linkedin