Hacking Enterprises – 2020 Release

Course Description

UPDATE May 10th – We have decided to host this training virtually due to the Corona crisis. 

This is an immersive hands-on course aimed at a technical audience. The training covers a multitude of security topics, is based around modern operating systems and using modern techniques, with an emphasis on exploiting configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.

Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including using OSINT skills to retrieve useful data, perform host/service enumeration and exploitation as well as perform phishing attacks against our live in-LAB users’ to gain access to new networks, bringing new  challenges and in the process teaching new sets of skills in post exploitation, network reconnaissance, lateral movement and data exfiltration.

We also like to do things with a difference. In this training you’ll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, as an attacker, as a blue teamer, to understand the types of artefacts your attacks leave, therefore understanding how you might catch, or be caught in the real word.

Each Student Will Receive:
We realise that training courses are limited for time and therefore students are also provided a complementary In.security hackpack! This includes:

  • 14-day extended LAB access after the course finishes
  • 14-day access to a CTF platform with subnets/hosts not seen during training!
  • Slack support channel access where our security consultants are available
  • A hard copy of the RTFM
  • A Hak5 LAN Turtle

Course contents

Day 1

  • Getting familiar with the MITRE ATT&CK framework
  • An introduction into monitoring and alerting using our in-LAB ELK stack
  • Leveraging OSINT activities
  • Enumerating and targeting IPv4 and IPv6 hosts
  • Remote/local Linux enumeration and living off the land
  • Linux shells, post exploitation and privilege escalation
  • P@ssw0rd cracking (*nix specifics)
  • Kubernetes and container security
  • Creating and executing Phishing campaigns against our simulated enterprise users
  • Living off the land tricks and techniques in Windows

Day 2

  • P@ssw0rd cracking (Windows specifics)
  • Remote/local Windows enumeration
  • Windows exploitation and privilege escalation techniques
  • Windows Defender/AMSI and UAC bypasses
  • Bypassing AppLocker, PowerShell CLM and Group Policy restrictions
  • Enumerating and extracting LAPS secrets
  • RDP hijacking
  • Lateral movement, pivoting, routing, tunnelling and SOCKS proxies

Day 3:

  • Application enumeration and exploitation via pivots
  • Leveraging domain trusts
  • Gaining persistence using Scheduled Tasks and WMI Event Subscriptions
  • Data exfiltration over OOB channels (ICMP and DNS)
  • Domain Fronting and C2

Target audience

This training is suited to a variety of students, including:

  • Penetration testers
  • SOC analysts
  • Security professionals
  • IT Support, administrative and network personnel

Requirements

  • A firm familiarity of Windows and Linux command line syntax
  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience is advantageous, but not required

Hardware/Software Requirements

  • Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
  • Students will need to have access to VNC, SSH and OpenVPN clients on their laptops (these can be installed at the start of the training)

Trainers Biography

Will Hunt is a cyber security consultant who has worked in IT security for over 10 years. He co-founded In.security Limited, a specialist cyber security company delivering high-end consultancy and training services. He’s delivered hacking courses at Black Hat USA/EU, Wild West Hackin’ Fest, NolaCon, 44CON and others, and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer

Twitter : @Stealthsploit

Owen Shearing is a co-founder of In.security Limited, a specialist cyber security consultancy offering technical and training services based in the UK. He is a CREST CCT level security consultant with a strong background in networking and IT infrastructure and has over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events and various conferences. He keeps projects at https://github.com/rebootuser.

Twitter : @rebootuser