Talk With an Expert

Shadow Steps: Understanding and Detecting User Impersonation and Lateral Movement in Active Directory

  • Thu, Sep 18, 2025
  • 10:00AM - 12:00PM EDT
  • English
  • Jean-François Maes
  • Technical Presentation
Webcast Hero

This hands-on, scenario-driven workshop delves into how attackers move stealthily through Active Directory environments using user impersonation and lateral movement techniques. Participants will explore how attackers exploit credentials and trust relationships to expand their access, and how defenders can detect, prevent, and respond to such threats.

Through simulated exercises and guided labs, participants will walk through real-world attack paths such as (over)Pass-the-Hash, Kerberoasting, and token impersonation.

Learning Objectives:

  • Understand the key mechanisms behind user impersonation in Active Directory.
  • Demonstrate how attackers perform lateral movement via tools and techniques such as:
    • Pass-the-Hash
    • Pass-the-Ticket/Overpass-the-Hash
    • Remote Services Abuse (SMB, WMI, RDP, WinRM)\
    • SOCKS PTH
    • Kerberoasting
    • Token Impersonation
    • Token Creation
    • This hands-on workshop is ideal for Penetration Testers with limited knowledge about AD internals.

Prerequisites:

  • Basic understanding of Windows networks and Active Directory
  • Familiarity with common cybersecurity concepts
  • Participants should have an AWS account with appropriate payment methods associated.
  • Participants will need an Ubuntu VM with Terraform and Empire Installed.

This workshop supports content and knowledge from SEC565: Red Team Operations and Adversary Emulation. To learn more about this course, explore upcoming sessions, and access your FREE demo, click here.

Speaker

Jean-François Maes
Jean-François Maes

Jean-François Maes

Director of Offensive Security

European director of advanced assessment at Neuvik, specializing in penetration testing, red teaming, and adversary emulation. Passionate open-source contributor with extensive experience in offensive security technologies.

Read more about Jean-François Maes