Course Description
Course contents
Day 1
- Getting familiar with the MITRE ATT&CK framework
- An introduction into monitoring and alerting using our in-LAB ELK stack
- Leveraging OSINT activities
- Enumerating and targeting IPv4 and IPv6 hosts
- Remote/local Linux enumeration and living off the land
- Linux shells, post exploitation and privilege escalation
- P@ssw0rd cracking (*nix specifics)
- Kubernetes and container security
- Creating and executing Phishing campaigns against our simulated enterprise users
- Living off the land tricks and techniques in Windows
Day 2
- P@ssw0rd cracking (Windows specifics)
- Remote/local Windows enumeration
- Windows exploitation and privilege escalation techniques
- Windows Defender/AMSI and UAC bypasses
- Bypassing AppLocker, PowerShell CLM and Group Policy restrictions
- Enumerating and extracting LAPS secrets
- RDP hijacking
- Lateral movement, pivoting, routing, tunnelling and SOCKS proxies
Day 3:
- Application enumeration and exploitation via pivots
- Leveraging domain trusts
- Gaining persistence using Scheduled Tasks and WMI Event Subscriptions
- Data exfiltration over OOB channels (ICMP and DNS)
- Domain Fronting and C2
Target audience
This training is suited to a variety of students, including:
- Penetration testers
- SOC analysts
- Security professionals
- IT Support, administrative and network personnel
Requirements
- A firm familiarity of Windows and Linux command line syntax
- Understanding of networking concepts
- Previous pentesting and/or SOC experience is advantageous, but not required
Hardware/Software Requirements
- Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
- Students will need to have access to VNC, SSH and OpenVPN clients on their laptops (these can be installed at the start of the training)
Trainers Biography
Will Hunt is a cyber security consultant who has worked in IT security for over 10 years. He co-founded In.security Limited, a specialist cyber security company delivering high-end consultancy and training services. He’s delivered hacking courses at Black Hat USA/EU, Wild West Hackin’ Fest, NolaCon, 44CON and others, and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer
Twitter : @Stealthsploit
Owen Shearing is a co-founder of In.security Limited, a specialist cyber security consultancy offering technical and training services based in the UK. He is a CREST CCT level security consultant with a strong background in networking and IT infrastructure and has over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events and various conferences. He keeps projects at https://github.com/rebootuser.
Twitter : @rebootuser