Course Overview

Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers is the next step in YOUR penetration testing and ethical hacking journey.

Most engagements are conducted remotely, meaning that the tester must have the ability to move about freely from outside of the network into it. We do this using various techniques. Some of the simplest can be utilizing a compromised password to access a desktop environment via remote desktop and attempting to access other machines with those credentials. More complicated techniques include utilizing compromised endpoints to act as a proxy for us, forwarding traffic from internal targets back to our own.

MP&P will cover topics such as:

  • Username and Password List Generation
  • Password Spraying
  • Email Phishing
  • Command and Control (C2)
  • Credential Harvesting and Passing
  • Routing, Port Forwarding, SOCKS Proxies, and Bind Usage
  • Offensive PowerShell
  • How the Misconfigurations We See in Real Pentests Happen
  • Common Remediation Strategies You Can Use to Report to Clients



  • This course is not meant to be a course for beginners. It is assumed that each student has a basic to intermediate understanding of penetration testing and ethical hacking, including the use of Nmap, Metasploit, OWASP ZAP or Burp Suite, and other well-used tools. Some basic level knowledge will be used, such as enumeration, and expanded upon for various lessons.
  • The course will require the generation of a local lab environment. In order to gain the full benefit from the course, the student’s PC will need at least 16GB of RAM. It is possible to configure the lab with less, however some assets will have to be suspended to run critical services. Students can also opt to generate lab environments using Azure, AWS, or Google Cloud; however, implementation will be outside the scope of the course.
  • Students should have the knowledge to install VirtualBox, create and provision virtual machines. VirtualBox will be necessary in order to provision the virtual networks needed for the course. Automated generation scripts are provided in order to create necessary user accounts and permissions for your Active Directory domain environment. Some additional configurations will be required, which will be covered at the appropriate point in the course.


Why should you purchase this course?

  • The information in this course comes from first hand experiences in real world penetration tests.  
  • This course will provide you with advanced hacking techniques and expertise that can help you pass professional pentesting certifications such as eCPPT, OSCP, ePTX, PNPT, and more.
  • The skills you will learn in Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers are the same that employers are demanding from applicants looking to enter the field.

What will I receive from this course?

  • Access to the student-only channel on Discord to receive support from the instructor and other students
  • Custom Kali Linux distribution for students
  • Course completion certificate

Hacker Breaking Into Laptop
5 Star Course Review

"I just wanna say, I’ve been having so much fun going through this course. As a beginner. I was concerned I it would be too much for me.. but no, it has given me valuable experience in setting up an AD environment. Using real world tactics to exploit networks, etc. Great course!"

Holding Star for Course Review
Joe Aguilar Jr.

"Used some of our long weekend to advance my skillset with Joe Helle course with Movement, persistence, and lateral movement!! Excellent course that teaches Covenant’s C2 framework, persistence techniques, and utilizing powershell during internal assessments! Definitely a course to take!"

Soubhy Kouzi

"Thank you Joe Helle for providing such an amazing course ! The course was worth it. Absolutely amazing how much I’ve learned about Windows Active Directory Movement , Pivoting and Persistence.

Good Job Sir and keep up the good work."

Course Curriculum - 5 Hours

  First Section
Available in days
days after you enroll
  Lab Setup
Available in days
days after you enroll
  Introduction to Command and Control
Available in days
days after you enroll
  Gaining the Foothold
Available in days
days after you enroll
  Enumerating the Local Machine, Privilege Escalation, and Local Persistence
Available in days
days after you enroll
  Domain Enumeration
Available in days
days after you enroll
  Movement, Pivoting, and Persistence in the Domain
Available in days
days after you enroll
Available in days
days after you enroll

This course is included in our
All-Access Membership
starting at $29.99/month

Get full access to the Practical Ethical Hacking course and our full course catalog when you enroll in our All-Access Pass Membership.

Joe Helle - The Mayor - The instructor

About the Instructor

Joe Helle is an Army Veteran of the Iraq and Afghanistan Wars, former Mayor, and senior penetration tester at TCM Security. Known online as “TheMayor,” Joe has provided educational content and mentoring to thousands of people through Twitch and Youtube. 

Joe is eCPPT, eWPT, OSCP, SSCP, CEH, Security+, Network+, and A+ and holds a Bachelor’s of Science in Cybersecurity and Information Assurance. 

Follow Joe on Social Media:

LinkedIn: https://





Frequently Asked Questions

Can I get a refund if I'm unhappy with my purchase?

Yes. All purchases come with a 3-day money-back guarantee.

Will I receive a certificate of completion when I finish a course?

Yes. All courses come with a certificate of completion.

Do the courses count as Continuing Education Units (CEUs)?

Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.

What is the All-Access Pass?

As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.

What if you already own courses on TCM Academy?

If you already own a course on our platform, you will continue to own that course forever. Previously owned courses will not be affected by this change.