You May Also Like
Sponsored
Sold by Mighty Ape
Today, Network Infiltration: Pen-Testing Internal Networks & Active Directory is released-a practical, defense-oriented roadmap to understanding and assessing Windows enterprise networks. Rather than offering tool lists, the book teaches practitioners to think like assessors: define scope, gather the right telemetry, map behaviors to MITRE ATT&CK, and communicate findings leaders can act on.
What’s inside
The book demystifies how authentication and authorization actually work in practice-Kerberos, NTLM, tokens, SIDs, SPNs-and shows how Group Policy, delegations, and trust topology shape exposure. Readers build a small, offline lab to observe identity flows on the wire and in logs, deploy Sysmon alongside Windows Event IDs, and integrate signal into SIEM/EDR/UEBA pipelines. The result is a repeatable way to establish baselines, detect what matters, and harden what counts.
Who it serves
Security engineers, detection analysts, incident responders, red/purple teamers, architects, admins-anyone responsible for the safety and reliability of Windows environments.
Key takeaways
Clear mental models for AD, GPOs, trusts, and admin protocols
A safe, reproducible offline lab and build scripts
Curated Windows Event and Sysmon IDs that surface meaningful behaviors
Practical hardening: tiering, LAPS hygiene, Credential Guard, auditing that works
Reporting patterns that tie technical signal to business risk
Chapter 0 – Foundations & Acronyms
Chapter 1 – Assessment Mindset & Methodology
Chapter 2 – Building the Safe Lab
Chapter 3 – Identity 101 in Windows Domains
Chapter 4 – Kerberos in the Real World
Chapter 5 – NTLM and Legacy Realities
Chapter 6 – Directory Objects, Delegations & RBAC
Chapter 7 – Group Policy Deep Dive
Chapter 8 – Trusts, Forests, and Boundaries
Chapter 9 – Name Resolution & Identity Discovery
Chapter 10 – Admin Protocols I: SMB, RPC/DCOM
Chapter 11 – Admin Protocols II: WMI & WinRM
Chapter 12 – Remote Access: RDP & NLA
Chapter 13 – Secrets & Protections: LSASS, LSA, SSO
Chapter 14 – Telemetry Architecture
Chapter 15 – SIEM/EDR/UEBA Integration
Chapter 16 – Behaviors that Matter (MITRE ATT&CK)
Chapter 17 – Hardening the Enterprise
Chapter 18 – Designing for Resilience
Chapter 19 – Executive Reporting & Risk Communication
Chapter 20 – Putting It All Together
Appendices
A. Checklists & Templates (Scope, ROE, Evidence Logs)
B. Event ID & Sysmon Quick Reference
C. Lab Topologies & Build Scripts (Safe, Offline)
We are committed to protecting your rights under the Consumer Guarantees Act and working with our suppliers to assist with warranty claims. Products sold by Mighty Ape will be covered by a Manufacturer's Warranty for at least a one-year period from the date of purchase.
Your warranty will cover any manufacturing defects which, if existing, will present themselves within this warranty period.
Your warranty will not cover normal wear and tear, faults caused by misuse, and accidents which cause damage or theft caused after delivery. Using the product in a way it is not designed for will void your warranty.
Please refer to our Help Centre for more information.
