CRTE - Before Exam

  • Check for Restricted Groups and their members - HANDS-ON 2

  • Check for Domain Admin ACLs, User ACLs, User Group ACLs - HANDS-ON 3

  • Check for Nested Groups ACLs - HANDS-ON 5

  • Check for LAPS Permissions - HANDS-ON 8

  • Extracting Credentials Using Mimikatz - HANDS-ON 9

  • Check for MailBoxes read permissions - HANDS-ON 10

  • Bypassing CLM & WDAC - HANDS-ON 10

  • Check for Unconstrained Delegation - HANDS-ON 11

  • Copying Files to remote machine - HANDS-ON 11

  • Check for Constrained Delegation - HANDS-ON 12

  • Check for Resource Based Constrained Delegation - HANDS-ON 13

  • Check for Remote local admin access HANDS-ON 13

  • Golden Ticket Using winrs & BetterSafetykatz - HANDS-ON 14

  • Golden Ticket Using Invoke-Mimikatz.ps1 and PowerShell Remoting - HANDS-ON 14

  • Sliver Ticket - HANDS-ON 15

  • Check for DCSync Rights ( add the rights for the user ) - HANDS-ON 16

  • Check for Exchange Groups membership - HANDS-ON 17

  • Escalate to EA using Unconstrained Delegation - HANDS-ON 18

  • Check for Azure ADConnect machine - HANDS-ON 19

  • Escalate to EA using Trust key - HANDS-ON 20

  • Escalate to EA using krbtgt hash - HANDS-ON 21

  • Escalate to EA using Constrained Delegation - HANDS-ON 23

  • Escalate to a trusted domain using Unconstrained Delegation - HANDS-ON 24

  • Accessing Shares between Two Forest - HANDS-ON 25

  • Bypassing SID Filtering - HANDS-ON 25

  • Check for DB Links & Enabling RPC-Out - HANDS-ON 26

  • Cross Forest Attacks - Foreign Security Principals - HANDS-ON 27

  • Cross Forest Attack - Check for Interesting ACLs in EACH domains - HANDS-ON 27

  • PAM Trust - HANDS-ON 28

  • Golden Ticket that bypassing ATA - HANDS-ON 29

PreviousReading ListNextCRTP - Before Exam

Last updated

Was this helpful?