Network Infiltration

Today, Network Infiltration: Pen-Testing Internal Networks & Active Directory is released-a practical, defense-oriented roadmap to understanding and assessing Windows enterprise networks. Rather than offering tool lists, the book teaches practitioners to think like assessors: define scope, gather the right telemetry, map behaviors to MITRE ATT&CK, and communicate findings leaders can act on.

What's inside
The book demystifies how authentication and authorization actually work in practice-Kerberos, NTLM, tokens, SIDs, SPNs-and shows how Group Policy, delegations, and trust topology shape exposure. Readers build a small, offline lab to observe identity flows on the wire and in logs, deploy Sysmon alongside Windows Event IDs, and integrate signal into SIEM/EDR/UEBA pipelines. The result is a repeatable way to establish baselines, detect what matters, and harden what counts.

Who it serves
Security engineers, detection analysts, incident responders, red/purple teamers, architects, admins-anyone responsible for the safety and reliability of Windows environments.

Key takeaways

• Clear mental models for AD, GPOs, trusts, and admin protocols

• A safe, reproducible offline lab and build scripts

• Curated Windows Event and Sysmon IDs that surface meaningful behaviors

• Practical hardening: tiering, LAPS hygiene, Credential Guard, auditing that works

• Reporting patterns that tie technical signal to business risk

  Chapter 0 - Foundations & Acronyms
  Chapter 1 - Assessment Mindset & Methodology
  Chapter 2 - Building the Safe Lab
  Chapter 3 - Identity 101 in Windows Domains
  Chapter 4 - Kerberos in the Real World
  Chapter 5 - NTLM and Legacy Realities
  Chapter 6 - Directory Objects, Delegations & RBAC
  Chapter 7 - Group Policy Deep Dive
  Chapter 8 - Trusts, Forests, and Boundaries
  Chapter 9 - Name Resolution & Identity Discovery
  Chapter 10 - Admin Protocols I: SMB, RPC/DCOM
  Chapter 11 - Admin Protocols II: WMI & WinRM
  Chapter 12 - Remote Access: RDP & NLA
  Chapter 13 - Secrets & Protections: LSASS, LSA, SSO
  Chapter 14 - Telemetry Architecture
  Chapter 15 - SIEM/EDR/UEBA Integration
  Chapter 16 - Behaviors that Matter (MITRE ATT&CK)
  Chapter 17 - Hardening the Enterprise
  Chapter 18 - Designing for Resilience
  Chapter 19 - Executive Reporting & Risk Communication
  Chapter 20 - Putting It All Together

  Appendices
  A. Checklists & Templates (Scope, ROE, Evidence Logs)
  B. Event ID & Sysmon Quick Reference
  C. Lab Topologies & Build Scripts (Safe, Offline)