PTX v2

Penetration Testing eXtreme

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing


View enrollment pricing for individual students.


Purchase eLearnSecurity courses for your company.

Study at your own pace

PTX is an online, self-paced training course that provides the knowledge and skills to execute state-sponsored-like operations as well as perform advanced adversary simulation and covers implementation details on numerous undocumented attacks plus much more. PTX comes with lifetime access to course material and flexible access to the most sophisticated virtual labs on Network and Web Application Security.

Discover Contents

Learn by Doing

Practice advanced Network Pentesting against a number of real-world and enterprise-like network infrastructures. PTX includes the most sophisticated virtual lab on Network Security: Hera Lab.

Discover Labs

Get Certified

Obtain the eCPTXv2 certification and prove your practical skills with the only 100% practical certification on Advanced Network Penetration Testing and Red Teaming.

Discover eCPTXv2

Course at a glance

  • Obscure ways of exploitation and backdooring
  • Advanced client side exploitation techniques
  • Custom attack vector and payload creation
  • Custom payload creation techniques
  • In depth Active Directory Reconnaissance & Enumeration
  • In depth analysis of Active Directory exploitation
  • Stealthy lateral movement and evasion against modern defenses
  • In depth analysis of critical domain infrastructure exploitation
  • In depth details of common misconfigurations and weaknesses
  • Details for covert operations and stealthy persistence
  • Extremely Hands-on with challenges in virtual-labs
  • Obtaining the eCPTXv2 certification qualifies you for 40 CPE

Course material

  • Over 3 hours of HQ video training material
  • 7 Modules - 2000+ Interactive slides
  • 100+ hands-on red teaming challenges spread across 11+ attack scenarios in our industry leading Active Directory labs

Course delivery

  • Self-paced, HTML5 , PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.



  • Module 1 : Social Engineering Attack Vectors

    In this module, you will be shown how to execute advanced client-side attacks, while remaining under the radar. You will learn how to execute advanced social engineering attacks as well as how to develop your own custom attack vectors and payloads. Uncommon phishing techniques and anti-analysis practices are also included in this module.


  • Module 1 : Advanced AD Reconnaissance & Enumeration

    A red team member will usually identify misconfigurations or exploit trust relationships which will take him all the way to domain administrator. To achieve this, stealthy and extensive reconnaissance and enumeration are required, prior to any exploitation activities. In this module, you will be shown such advanced reconnaissance and enumeration techniques against Windows environments. You will actually learn how to retrieve the most important pieces of information out of Active Directory, while remaining undetected. Privileged user, group and computer hunting, SPN scanning, ACL attack path enumeration, situational awareness surveys, leveraging reflection, LDAP & WMI and advanced Powerview usage are only a subset of what you will learn in this module.

  • Module 2 : Red Teaming Active Directory

    In this module, you will be shown how to attack Active Directory environments. Specifically, you will be shown how to attack Windows authentication leveraging inefficiencies in its core (regardless of the basis being NTLM or Kerberos), how to bypass the latest in Windows security enhancements (Script block logging, AMSI, Constrained Language Mode, Applocker etc.) and how to identify and abuse common Active Directory misconfigurations. Then, you will be taught how to stealthily move laterally into a network leveraging native Windows functionality, how to abuse domain trusts and finally, how to stealthily own the whole infrastructure and persist on it. The whole range of Active Directory attacks and attacker TTPs are covered. From targeted kerberoasting to the infamous “printer bug” and from resource-based constrained delegation to abusing PAM trusts, attacking LAPS and abusing DPAPI as well as JEA. Three (3) fully featured and enterprise-like Active Directory environments will be provided to you where you will apply all the above and more while using the latest in C# and .NET tradecraft.


  • Module 1 : Red Teaming MS SQL Server

    The majority of organizations base their database infrastructure on SQL Server. In this module, attention will be given on weak and default SQL Server configurations that can be leveraged by a penetration tester / red team member. The whole SQL Server attack surface will also be mapped in this module. You will eventually learn how to locate and access SQL servers from various attack perspectives, how to identify insufficiently secure configurations, how to escalate privileges within SQL server from various attack perspectives and how to perform post-exploitation activities against SQL servers.

  • Module 2 : Red Teaming Exchange

    The majority of organizations base their email infrastructure on MS Exchange Server and Outlook. In this module, you will see that those two components offer capabilities that can greatly assist us in a Red Team engagement. You will learn how you can compromise an organization externally by attacking its Exchange infrastructure. Specifically, you will be shown how to gain initial foothold, move laterally and even bypass network segregation by abusing Exchange functionality. Stealthily spreading the compromise and escalating your privileges are two additional things that you will be taught to do again by abusing Exchange functionality. The same actions, as you will see, can also be performed during an internal red teaming engagement.

  • Module 3 : Red Teaming WSUS

    Windows updates are an important aspect of security in every organization. Due to the trust relationship that exists between users and Windows updates, WSUS has some great potential for serious compromise. In this module, you will learn how to manipulate WSUS components, using a variety of techniques, to gain initial foothold, move laterally and even spread the compromise into an organization’s network.

Section: EVASION

  • Module 1 : Defense Evasion

    The majority of organizations base their defenses in multiple security solutions. During an engagement, a red team member may come across multiple defense layers, from IDS/IPS and firewalls all the way to network segmentation, A/V, EDR, Sysmon, ETW and HIDS solutions. In this module you will be shown how to move around such defenses as well as the common pitfalls in a red team member’s tradecraft. Removing hooks placed by A/Vs or EDRs, bypassing ETW, evading Sysmon, advanced AMSI patching and executing assemblies in memory are only a subset of what you will be taught during this module.

Download PDF Syllabus


  • Solid understanding of networks and network related security models
  • Solid understanding of Active Directory administration and Windows internals
  • Good knowledge of network protocols
  • Basic knowledge of PowerShell scripting, C# and .NET
  • Basic reverse engineering skills

This training course is for...

  • Penetration Testers
  • IT Security personnel (incl. Blue Team members)
  • IT admins and staff
  • Forensers


Penetration Testing eXtreme (PTX) is the most practical training course on Advanced Penetration testing. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience.

Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform.

Students can access Hera Lab from anywhere through VPN.

Modules will be accompanied by 7 hands-on labs that include 100+ red teaming challenges, spread across 11+ extensive Active Directory attack scenarios.

Lab IDDescriptionCategory
Lab 1 Custom Undetectable Macro Development - Your goal is to develop a custom macro-based attack (and the accompanying payloads), to compromise a target without being detected. Practical
Lab 2 Establishing A Shell Through The Victim's Browser - During the lab you will develop a payload from scratch that will establish a shell through the victim’s browser. Practical
Lab 3 Serving a Malicious Update Through WSUS - You are engaged in an internal network penetration test. Your goal is to compromise a Windows 7 machine ( through a Windows 10 machine (, leveraging weak network configurations and abusing WSUS. Practical
Lab 4 SQL injection to Domain Administrator Hash - You are engaged in an external network penetration test. Your goal is to stealthily capture the Domain Administrator's password hash through the internet facing Web App 1, leveraging weak SQL Server and database configurations as well as legitimate SQL Server capabilities. Practical
Lab 5 Red-teaming Active Directory Lab #1 (Covenant C2 VS ELS.LOCAL) - In this fully-featured Active Directory lab you will heavily use Covenant C2 and modern C#/.NET tradecraft to achieve a great number of red-teaming objectives. You will have the opportunity to practice: attack path enumeration using Bloodhound, pivoting, lateral movement, (targeted) kerberoasting, golden/silver ticket creation, SIDHistory attacks, abusing constrained/unconstrained delegation, DCSync, SMB-based C2, bypassing Constrained Language Mode/AMSI/Applocker, attacking SQL Server, HTTP NetNTLM Relaying, privilege escalation, ACL-based attacks and much more... Educational
Lab 6 Red-teaming Active Directory Lab #2 (ELS.BANK) - In this fully-featured and hardened Active Directory lab you will have to opportunity to practice: abusing a PAM trust, privilege escalation, ACL-based attacks, DCSync, abusing constrained delegation, decrypting a powershell secure string, malicious Kerberos ticket creation, abusing AD description attributes, abusing resource-based delegation, the “printer bug”, abusing the machine key of IIS and much more... Educational
Lab 7 Red-teaming Active Directory Lab #3 (ELS.CORP) - In this fully-featured Active Directory lab you will have to opportunity to practice: Phishing, stealthy enumeration, pivoting and lateral movement, SQL Server attacks, abusing forest trusts, Linux and Windows privilege escalation, malicious Kerberos ticket creation, the “printer bug”, exploiting web app vulnerabilities to gain initial foothold, exploiting domain-joined Linux machines and Jumphosts and much more... Educational


Get the eCPTXv2 Certification

eLearnSecurity's eCPTXv2 (Certified Penetration Tester eXtreme version 2) certification is the most practical and professionally oriented certification you can obtain in advanced penetration testing and red teaming. Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual advanced penetration test on a corporate network. This penetration test is modeled after a real-world scenario.

Learn more


  • Dimitrios Bougioukas
    Dimitrios Bougioukas

    Dimitrios Bougioukas, Training Director at eLearnSecurity holds a B.Sc. in Computer Science from the Athens University of Economics and Business. For the past 6 years, he has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution, as a penetration tester within EY's practice and as lead instructor within eLearnSecurity. Dimitrios is also an (informal) expert at ENISA on Incident Response technical training and specializes in advanced cyber threat simulation, threat intelligence and purple team tactics. He has been engaged on numerous penetration testing activities against critical infrastructure, web applications and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgements from security, telecom and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.

  • Andres Doreste
    Andres Doreste

    Andres Doreste graduated from the University of Greenwich with a First-Class B.Sc. (Hons) in Computer Security and Forensics in 2016. He then worked as a senior penetration tester and red team operator, performing multiple engagements within financial institutions. Following this, he worked as a security researcher under the EU Horizon 2020 Research and Innovation Program. His expertise focuses on advanced cyber threat simulation, industrial control systems security, and system and network hardening. Andres obtained his eLearnSecurity Certified Penetration Tester eXtreme version (eCPTX) certification, the most advanced certification in the market, prior to joining eLearnSecurity. He subsequently joined eLearnSecurity, and is primarily involved in research and development projects to further advance the contents of the eCPTX certification.

  • Łukasz Mikuła
    Łukasz Mikuła

    Łukasz Mikuła is a self-taught white-hat hacker and penetration tester who enjoys both learning and sharing his knowledge with others. Upon reaching a certain level of expertise in the field of IT Security, he started working as a penetration tester for a financial institution where he performed various tasks related to penetration testing: application and network security assessment, reverse engineering and red teaming. He has many vulnerabilities submitted and accepted by vendors like IBM and Oracle, which is visible in their patch advisories. Currently, Łukasz is an IT Security Trainer and Researcher at eLearnSecurity, where he continues to share his passion and knowledge of the field to help others learn and grow in their careers. In his spare time, he is an active penetration tester and still sharpens his skills by participating in bug bounty programs, as well as helping companies and organizations build secure environments.

Enroll now and get access to all of our material and labs!


The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Go to top of page