Active Directory
AD attack primitives, reduced to focused reps with simulated LDAP and Kerberos services inside the isolated target.
Active Directory is where many internal engagements are won or lost, but standing up a domain to practice against is slow and heavy. PwnKata drills the core primitives — Kerberoasting, AS-REP roasting, and related paths — against simulated LDAP and Kerberos services running inside the isolated target.
The simulations are clearly labelled and deterministic: the accounts, tickets, and weak configurations change each rep so you practice the attack workflow and the tooling, not a memorised hash. It's the fastest way to keep AD muscle memory sharp between real engagements.
Kerberoasting
Kerberoasting is a workflow: identify the right SPN, request the ticket, crack offline, and prove the credential works.
hardAS-REP Roasting
Find the account with Kerberos pre-authentication disabled, then turn that misconfiguration into a credential.
mediumAD Graph Enumeration Simulator
AD Graph Enumeration Simulator distilled into repeatable single-technique reps on isolated targets.
mediumAD ACL Abuse Simulator
AD ACL Abuse Simulator distilled into repeatable single-technique reps on isolated targets.
hardADCS Abuse Simulator
ADCS Abuse Simulator distilled into repeatable single-technique reps on isolated targets.
hardResponder NTLM Capture Simulator
Responder NTLM Capture Simulator distilled into repeatable single-technique reps on isolated targets.
mediumStart drilling active directory
Free to start — live isolated targets, a fresh variant every rep.