Network & Security


Movement, Pivoting, and Persistence

Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers

4.88 (72 reviews)

Movement, Pivoting, and Persistence


5.5 hours


Aug 2021

Last Update
Regular Price

What you will learn

Password Spraying

Email Phishing

Command and Control with Covenant and Metasploit

Offensive PowerShell

Routing, Port Forwarding, Proxying and Bind Shell Usage

Credential Harvesting and Passing

Mimikatz and Rubeus Usage

How the Misconfigurations We See in Real Pentests Happen

Common Remediation Strategies You Can Use to Report to Clients


Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers is the next step in YOUR penetration testing and ethical hacking journey.

Most engagements are conducted remotely, meaning that the tester must have the ability to move about freely from outside of the network into it. We do this using various techniques. Some of the simplest can be utilizing a compromised password to access a desktop environment via remote desktop and attempting to access other machines with those credentials. More complicated techniques include utilizing compromised endpoints to act as a proxy for us, forwarding traffic from internal targets back to our own.

MP&P will cover topics such as:

  • Username and Password List Generation

  • Password Spraying

  • Email Phishing

  • Command and Control (C2)

  • Credential Harvesting and Passing

  • Routing, Port Forwarding, SOCKS Proxies, and Bind Usage

  • Offensive PowerShell

  • How the Misconfigurations We See in Real Pentests Happen

  • Common Remediation Strategies You Can Use to Report to Clients


  • This course is not meant to be a course for beginners. It is assumed that each student has a basic to intermediate understanding of penetration testing and ethical hacking, including the use of Nmap, Metasploit, OWASP ZAP or Burp Suite, and other well-used tools. Some basic level knowledge will be used, such as enumeration, and expanded upon for various lessons.

  • The course will require the generation of a local lab environment. In order to gain the full benefit from the course, the student’s PC will need at least 16GB of RAM. It is possible to configure the lab with less, however some assets will have to be suspended to run critical services. Students can also opt to generate lab environments using Azure, AWS, or Google Cloud; however, implementation will be outside the scope of the course.

  • Students should have the knowledge to install VirtualBox, create and provision virtual machines.  VirtualBox will be necessary in order to provision the virtual networks needed for the course. Automated generation scripts are provided in order to create necessary user accounts and permissions for your Active Directory domain environment. Some additional configurations will be required, which will be covered at the appropriate point in the course.

  • Students must understand how to use basic PowerShell scripting and functionality.  This includes loading, importing, modifying, and executing PowerShell scripts. 

Why should you purchase this course?

  • The information in this course comes from first hand experiences in real world penetration tests.   

  • This course will provide you with advanced hacking techniques and expertise that can help you pass professional pentesting certifications such as eCPPT, ePTX, PNPT, and more.

  • The skills you will learn in Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers are the same that employers are demanding from applicants looking to enter the field.

What will I receive from this course?

  • Access to the student-only channel on Discord to receive support from the instructor and other students

  • Custom Kali Linux distribution for students

  • Course completion certificate

  • Lifetime access to materials on Udemy

  • Free updates



1-1 Introduction

Lab Setup

2-1 Network Configuration

2-2 MayorSec Domain Setup Part 1 - Installing Windows Server 2019

2-3 MayorSec Domain Setup Part 2 - DC01 Invoke-ForestDeploy

2-4 MayorSec Domain Setup Part 3 - DC01 InvokeADGenerator

2-5 MayorSec Domain Setup Part 4 - Workstation-01 and Workstation-02 Creation

2-6 MayorSec Domain Setup Part 5 - Workstation-01 and 02 Domain Connect

2-7 MayorSec Domain Setup Part 6 - UbuntuMail

Introduction to Command and Control

3-1 Introduction to Command and Control

3-2 Introduction to Covenant

3-3 Covenant Integrity and Session IDs

Section Quiz

Gaining the Foothold

4-1 Website Enumeration and Wordlist Generation

4-1a Host File Update Lecture for RoundCube Email

4-2 OutWord Email Phishing With Covenant

4-3 hta Email Phishing With Covenant

4-4 hta Email Phishing With Metasploit

4-5 Remediating Password Spraying and Email Phishing

Quiz Section 4

Enumerating the Local Machine, Privilege Escalation, and Local Persistence

5-1 Local Enumeration with Covenant

5-2 Local Enumeration with Metasploit

5-3 AutoLogon Misconfiguration and Exploitation

5-4 AlwaysInstallElevated Misconfiguration and Exploitation with Covenant

5-5 AlwaysInstallElevated Misconfiguration with Metasploit

5-6 Fodhelper UAC Bypass with Covenant

5-7 UAC Bypass with Metasploit

5-8 New User Persistence

5-9 Startup Persistence

5-10 Autorun Persistence

5-11 Session Passing to Metasploit, SOCKS, and the Autoroute Module

5-12 Persistence via RDP

5-13 Workstation Dominance Part 1 - Dumping Hashes with Covenant and Mimikatz

5-14 Workstation Dominance Part 2 - Dumping Hashes with Metasploit

5-15 Workstation Dominance Part 3 - Rulelist Hash Cracking with Hashcat

5-16 Workstation Dominance Part 4 - Cracking the Credential Vault with Covenant

5-17 Workstation Dominance Part 5 - Cracking the Credential Vault via Metasploit

5-18 Workstation Dominance Part 6 - Dumping Firefox Credentials with Metasploit

Section 5 Quiz

Domain Enumeration

6-1 Offensive Powershell Part 1 - Downloading Files with Powershell

6-2 Offensive Powershell Part 2 - Enumerating Users

6-3 Offensive Powershell Part 3 - Enumerating Groups

6-4 Offensive Powershell Part 4 - Enumerating Domain Computers and Shares

6-5 Offensive Powershell Part 5 - Invoke-FileFinder

6-6 Offensive Powershell Part 6 - Enumerating Local Admin Users

6-7 Offensive Powershell Part 7 - Enumerating Group Policy Objects

6-8 Offensive Powershell Part 8 - Enumerating Access Control Lists

6-9 Offensive Powershell Part 9 - Enumerating the Domain

6-10 Offensive Powershell Part 10 - Powershell Remoting

Movement, Pivoting, and Persistence in the Domain Environment

7-1 Preparing Necessary Domain Misconfigurations

7-2 Brief Overview of the Domain Through the Eyes of Bloodhound

7-3 Abusing ACLs

7-4 Pivoting through Remote Desktop via Compromised Host

7-5 Configuring Reverse Port Forwarding

7-6 Gaining a Shell on an Internal Workstation

7-7 Remoting through Proxychains

7-8 Unconstrained Delegation

7-9 Golden Ticket Persistence

7-10 Reverse Port Forwarding for Reverse Shell on DC01


YufanLimbu28 August 2021

One of the finest course. I would like to recommended every one to take these course. So instructor would motivate from our comment.

Manuel28 August 2021

very good course. I learned a lot. Of course I will be back to the material (i have a lot to process). Maybe one aspect to improve is the audio quality. Thanks for the course! Regards

Mohamed20 August 2021

the course videos and steps are so detailed which makes it easy to troubleshoot any issue moreover the instructor answer any question fast via discord

Hollie16 August 2021

An extremely indepth and high quality course, The Mayors lab set up is one of the most superior and high quality set up tutorials I have ever experienced, not to mention the quality and depth of the content that this course has to offer results in excellent value for money, this will definitely be one of my recommended udemy courses.

Adhirath13 August 2021

Joe not only knows his stuff but also knows how to teach extremely well. Perfect Combination. Go Mayor.


Udemy ID


Course created date


Course Indexed date
Course Submitted by