Penetration testing and forensics: Credential abuse

Trustwave Government Solutions SpiderLabs team provides offensive, defensive, threat-hunting, and forensic solutions to customers across many government agencies.

In this hands-on workshop, students will perform both offensive and forensics tasks. Students will be conducting several attacks from the perspective of a penetration tester in an Active Directory environment. Students will execute a password harvesting attack against Active Directory, perform a Kerberoast attack, crack password hashes, and dump hashes from the domain controller. Once the attack is complete, students will examine the event logs and other forensics evidence left behind by these attacks.

This scenario is an abbreviated version of the Forensics, Incident Response and Exploitation (FIRE) course currently operated by TGS and taught to federal law enforcement and other government agencies.

Instructor background

Steve has been loving life as a penetration tester, red teamer, and instructor since 2014. Steve leads penetration tests and red teams as a principal security consultant at Trustwave Government Solutions. Steve has led and taught penetration testing and red teaming courses both publicly and privately at conferences such as Blackhat.


Students will be required to have a computer and internet connection to RDP to their instance. It is also suggested to have two screens, one to view the lab, and one to view the classroom, if possible.