Ethical Hacking and Network Penetration Testing Hands – On Training

Security is an issue that no forward-looking organisation can afford to ignore. Yet, only when a clear and in-depth understanding of the existing security posture, vulnerabilities and risk tolerance exists, can an organisation deal with.

Date: 20 November – 22 November

Course description

Security is an issue that no forward-looking organisation can afford to ignore. Yet, only when a clear and in-depth understanding of the existing security posture, vulnerabilities and risk tolerance exists, can an organisation deal with.

In this intermediate to advanced level class, students will learn the art of exploiting at network and system level. The training will lead the students through several common security vulnerabilities and demonstrate how they’re actually exploited using common tools and hacking trickery. We build scenarios using the compromised system as a pivot point to further penetrate the infrastructure, to demonstrate the potential impact of a successful attack.

Our methodology aligns to best practice standards and guidelines from OSSTMM, NIST and OWASP.

  • Identify attack paths that could lead to network or system breaches
  • Reveal the security risk of a vulnerability by demonstrating how an attacker could steal and manipulate data
  • By chaining attacks, determine if an attacker could gain administrator privileges via local privilege escalation techniques
  • Proven Penetration Testing Methodology
  • Use the tools and methodologies hackers use efficiently

Audience

IT Security Professionals, System and network administrators, Penetration testers

Course Length

3 days

Course Style

This is a highly practical, hands-on course where students are encouraged to experiment, discuss, explore and exploit

Course Outline

  • Advanced Port and Vulnerability Scanning
  • Exploit categories (server-side, client-side, and local privilege escalation)
  • Metasploit Framework and advanced usage of the Meterpreter
  • Advanced Password cracking (Rainbow table password attack, Password cracking using GPU, Pass-the-hash attacks, Cached domain credentials)
  • L2 attacks in the internal network

o Remote Desktop Protocol (RDP) and man-in-the-middle attacks

o Software updates attacks using Evilgrade

  • Windows exploitation against modern OS security features (ALSR, DEP, etc.)
  • Buffer Overflow basics and exploit coding (giving a better understanding how exploitation frameworks like Metasploit are working)
  • Client exploitation (From basic domain user to domain admin, bypassing Anti-Virus tools)
  • Post-Exploitation Capabilities (Pivot to backend system, privilege escalation)

Methodology

Our training provides a strong understanding of penetration testing concepts and methodologies, as well as hands-on experience with crucial penetration testing tools. You will get the latest tools and techniques using Metasploit to exploit targets, and post exploitation techniques using Mimikatz, and Powershell together to enhance your attack. Utilize ‘Pivoting’ techniques to route into internal networks from compromised perimeter nodes to gain further exploitation.

For each vulnerability, choose the right exploitation methods with 100% practical hands on examples of real life scenarios:

Definition – defining the vulnerability and its origin in the code

Impact – presenting the potential impact of an exploitation of the vulnerability

Hands-on Labs – explaining how to detect the vulnerability (manually or using vulnerability scanners) and presenting several attack scenarios showing how an hacker would exploit the vulnerability

Agenda

Day 1

  • The Fundamentals: Pitfalls, Methodologies, Toolkits and more
  • Reconnaissance and Open Source Intelligence (OSINT) Gathering
  • Vulnerability Scanning and Enumeration

Day 2

  • Advanced Metasploit
  • Buffer Overflows
  • Exploiting Linux Environments
  • Exploiting Windows Environments

Day 3

  • Hacking Windows Domains (Active Directory)

o Domain and User Enumeration

o AppLocker / GPO Restriction Bypass

o Local Privilege Escalation

o Post Exploitation #1 (AMSI Bypass & Mimikatz)

o Post Exploitation #2 (LSASecrets)

  • Password Cracking
  • Client-Side Exploitation
  • Post Exploitation
  • Advanced Post-Exploitation with Powershell
  • Capture the Flag

Price: EUR 2,400 (discounts for groups of 3 people or more)

Want to register or hear more about the training? Please contact Frédéric Lavend’Homme

Ajouter au calendrier