Certified Active Directory Pentesting eXpert (C-ADPenX)

Testimonials

I share with you my achievement in certification Certified AppSec Pentesting eXpert (CAPenX) of The SecOps Group. It is an exam for people with extensive knowledge and require out-of-band techniques, I failed the first attempt. This made me practice and learn new attack models to perform this second attempt and obviously practicing in my professional days as a pentester. Thank you very much for this excellent professional challenge The SecOps Group.

The challenges were really cool at first, I started solving some quickly, but then it got difficult and I ended up speeding up to try to rest, but 7 hours of testing are enough to solve them all! In total there are 10 questions and each one has a greater weight than the other, so if you are going to dedicate yourself at the beginning, focus on the ones that have more weight in the score, something I didn't do at the beginning. Well, if you want to prepare yourself beforehand, do some labs from portswigger labs, basic explorations in AWS, API exploration and evasion techniques in web explorations (SSRF, XSS, SQL Injection, etc.) That's it, again I congratulate The SecOps Group, you are certainly at my top as companies I recommend for certification and your innovative model.

I’m happy to share that I’ve obtained a new certification: Certified AppSec Pentesting eXpert (CAPenX) from The SecOps Group! This one was quite a bit challenging and I learned some neat stuff attempting it and trying to solve its puzzles. A diverse array of topics. Thanks for the attempt Sumit Siddharth!

Who should take this exam?

C-ADPenX is intended to be taken by penetration testers, red team members, blue team members, security engineers, and AD administrators who want to validate their expertise in Active Directory security. It is also ideal for anyone seeking to elevate their skills in securing or attacking AD infrastructures.

What is the format of the exam?

C-ADPenX is a rigorous 7-hour practical exam that challenges candidates to identify and exploit real-world vulnerabilities within a simulated AD environment. Candidates will need to:

Perform reconnaissance to map and understand the AD infrastructure.
Obtain an initial foothold within different AD forests.
Exploit misconfigurations to escalate privileges and gain control over multi-domain environments.
Demonstrate techniques for persistence, lateral movement, and advanced AD compromises.

The exam can be taken online, anytime (on-demand), and from anywhere. Candidates will need to connect to a dedicated exam VPN server to access the pre-configured AD infrastructure.

What is the pass criteria for the exam?

The pass criteria are as follows:

Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
Candidates scoring over 75% marks will be deemed to have passed with merit.

What is the experience needed to take the exam?

This is an expert-level exam, and candidates should possess extensive hands-on experience with Active Directory pentesting. Prior knowledge of AD exploitation techniques, Windows security, and privilege escalation is required.

Note: As this is an expert-level exam, a minimum of five years of professional pentesting or red teaming experience is recommended.

What will the candidates get?

Upon successful completion of the exam, candidates will receive:

A certificate indicating their pass/fail and merit status.
A unique certificate code/QR link for validation purposes.

What is the exam retake policy?

Candidates who fail the exam, are allowed one free retake within the exam fee.

What are the benefits of this exam?

The exam will allow candidates to demonstrate their understanding of securing and attacking Active Directory environments. This will help them to advance in their career.

How Long Is The Certificate Valid?

The certificate does not have an expiration date. However, it will include the exam version and the date it was taken. Candidates are encouraged to retake updated versions of the exam as it evolves to reflect new attack methods and defenses.

Will You Provide Any Training That Can Be Taken Before The Exam?

Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience, and practical knowledge of these topics. Further, the following independent resources can be utilized to prepare for the exams.

Learning Source	Free/Paid
MITRE ATT&CK	Free
AD Security	Free
Ired Team	Free
Dirk-Janm	Free
Internal All The Things	Free
Awesome Red Teaming	Free
RedTeam-Tools	Free
Red Teaming Toolkit	Free
GOAD	Free
Vulnerable-AD	Free
Abusing Active Directory Certificate Services	Free

Exam Syllabus

The C-ADPenX exam will cover the following topics:

Active Directory Reconnaissance

Mapping domain environments, forests, and trusts.
Enumerating users, groups, and system details through various techniques.

Credential Harvesting and Attacks

Capturing and cracking password hashes.
Exploiting authentication mechanisms using Kerberoasting, AS-REP Roasting, and password spraying.
Identifying and attacking weak authentication configurations.

Privilege Escalation

Identifying and exploiting misconfigured AD objects.
Leveraging vulnerabilities in Group Policy Objects (GPOs) and Active Directory Certificate Services (ADCS).
Abusing tokens, user privileges, and nested group memberships.

Persistence Techniques

Implementing advanced persistence mechanisms in Active Directory environments.
Exploiting service accounts, delegated permissions, and other long-term footholds.

Lateral Movement

Moving between systems using techniques like Pass-the-Ticket and Pass-the-Hash.
Exploiting trust relationships across multi-domain environments.

Domain and Forest Compromise

Gaining control over domain controllers (DCs) and achieving domain dominance.
Extracting and analyzing NTDS databases offline.
Manipulating AD configurations to achieve full forest compromise.

Azure Active Directory Exploitation

Attacking hybrid environments with Azure AD Connect.
Exploiting vulnerabilities in synchronization processes and privileged accounts.

Advanced Techniques for Defense Evasion

Bypassing modern security controls, including antivirus and endpoint detection and response (EDR).
Using obfuscation techniques to maintain stealth during operations.

Data Extraction and Exfiltration

Identifying and extracting sensitive data from compromised environments.
Safely handling and securing critical information post-compromise.

Automated Vulnerability Scanning and CVE Exploitation

Utilizing automated tools to identify and assess vulnerabilities in AD environments.
Exploiting known Common Vulnerabilities and Exposures (CVEs) to escalate privileges and gain unauthorized access.
Understanding patch management and mitigation strategies from an attacker’s perspective.

Bypassing Security Controls and Advanced Persistence

Evading security monitoring tools such as SIEM, EDR, and intrusion detection systems.
Leveraging golden ticket, silver ticket, and skeleton key attacks for long-term persistence.
Modifying AD security policies to maintain hidden access and persistence.

Command and Control (C2) Techniques

Establishing and maintaining communication with compromised systems.
Using AD-based channels for C2, including DCOM, SMB, and RPC.
Techniques for blending C2 traffic with normal network traffic to avoid detection.
Implementing and bypassing C2 security measures like network segmentation, firewalls, and EDR solutions.
Leveraging C2 tools and frameworks commonly used in AD attacks, such as Empire, Cobalt Strike, etc.