About This Online Training Course

Trainers: Carlos Perez

Course Description:

Mimikatz is a POC written by Benjamin Delpy as a way for him to learn C and show some of the design risks in many of Windows authentication subsystems. The tool has become the #1 tool when it comes to learning about credential extraction on Windows system and has been used by Red Team, Pentester, auditors, and even nation-states in their operations. The class will cover in detail the fundamentals of the toolset Benjamin has developed including features that many don’t even know it has.

This course qualifies for 14 hours of CPE credit hours.

Overview and Course Syllabus:

The class will cover:

  • What are Mimikatz and Kekeo
    • The Basics
    • Standard Module
    • Misc Module
  • Working with Privileges and Tokens
    • Privilege Module
    • Token Module
  • Working with Processes
  • RPC and SMB Remote Control
  • LSASS and LSA
    • Windows Authentication
    • LSASS Protection
    • Kernel Module
    • Patch and Inject
    • SAM
    • Cached Credentials
    • LSA Secrets
    • Security Support Provider
    • LSASS Memory Dump
    • Changing and Resetting Passwords
    • Pass the Hash
  • Kerberos
    • Kerberos Basics
    • Working with Kerberos Tickets
    • ChangePAsswData
    • Over Pass the Hash – Key
    • Pass the Cache
    • Golden Ticket
    • Silver Ticket
    • Kerberoasting
  • Becoming a Domain Controller
    • DCShadow
    • DCSync
    • NetSync
  • DPAPI – Data Protection API
    • Why DPAPI
    • What is DPAPI
    • Working with Keys
    • Credential History
    • Credential Vault
    • Decrypting Application Secrets

Student Requirements:

Students should be familiar with Windows and Active Directory. Students should be able to use Microsoft RDP (Remote Desktop Protocol) to connect to lab systems on port 5001 and 5004 TCP.

What’s provided:

Students will get slides and lab manual in digital form.


*Contact us for a military discount and group pricing (3 or more students)

See Dates & Times