Learn modern Active Directory attack paths including Kerberos abuse, NTLM and Kerberos relay, AD CS exploitation, delegation attacks, ACL and GPO task abuse, trust boundary compromise across parent and child domains, and endpoint evasion fundamentals inside a private AWS AD forest.



This certification course teaches how Active Directory is compromised in real organizations, not in isolated or artificial lab environments. Students learn how misconfigurations, trust relationships, permissions, and identity controls are chained together during real enterprise attacks.
By the end of the certification course, students will be able to:
All students are onboarded into the White Knight Labs student portal, where all certification content is delivered in Markdown format.
The student portal provides:
Students are encouraged to explore, modify, break, rebuild, exploit, and harden systems freely. The portal enforces only the budgets and guardrails configured by the student.
The course walks students through all documented attack paths using a comprehensive lab guide that includes credentials and complete technical details. In addition, the environment contains hidden attack paths that students can independently discover and execute beyond the guided exercises.
By the end of the certification course, students will be able to:
The certification course includes a real attack path diagram demonstrating compromise progression across complex enterprise boundaries.
The diagram highlights:
Master real world Active Directory attack paths used by offensive security consultants, red team operators, and internal security teams. OADOC is an on demand certification course built to teach beginners through expert practitioners how enterprise Active Directory environments are compromised using modern attack techniques, realistic misconfigurations, and real operational tradecraft.
All course material is delivered through the student portal. For transparency, students may download the Table of Contents to review the scope of topics covered prior to enrollment.

Hands on training is provided across the following areas:
Each module requires live execution inside the student lab environment and professional documentation.
The OADOC certification exam is performance based and completed inside the student deployed AWS Active Directory environment managed through the student portal.
Students must:
There are no multiple choice questions. Certification is issued only upon successful practical completion.

OADOC prepares students to assess and test enterprise Active Directory environments used in organizations operating under regulatory and compliance frameworks including:

The student portal includes AWS cost visibility, budget enforcement, and automatic lab stop controls to ensure responsible and auditable lab usage.
Students are responsible for AWS compute costs associated with running their lab environment.
The student portal provides:
Students may start, stop, destroy, and rebuild labs at any time. White Knight Labs does not impose external lab access time limits.
This certification course is designed for:
This is a beginner to expert level certification course. Students progress at their own pace based on experience and learning goals.


Students do not watch demos. Every technique is executed by the student inside a live Active Directory environment that they control through the White Knight Labs student portal.
This is an on demand certification course.
Students may enroll at any time and begin immediately.
All lab deployment, control, cost tracking, and budget enforcement are handled through the student portal.


Used by consultants, operators, and security teams that test real Active Directory environments.