2-DAY TRAINING 14 – Hacking Enterprises: Understanding in.security

DURATION: 2 DAYS

CAPACITY: 20 pax

SEATS AVAILABLE: 20


EUR1899 (early bird)

EUR2599 (normal)

Early bird registration rate ends on the 28th of February


Overview

This is an immersive hands-on course aimed at a technical audience looking to delve into or increase their presence in the world of security. The training covers a lot of popular security topics and will help students fully understand a variety of ways in which an attacker could access and exploit critical infrastructure.

Students will be exposed to a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will be expected to perform numerous hands-on exercises including using OSINT skills to retrieve useful data, perform host/service enumeration and exploitation as well as perform phishing attacks against our live in-LAB ‘users’ to gain access to new networks, bringing new challenges and in the process teaching a new set of skills in post exploitation, network reconnaissance, lateral movement and data exfiltration. This will be an intensive, knowledge packed and fun 2-days!

Each Student Will Receive:

We realise that 2-days is not a lot of time and therefore students are also provided with the following benefits.

  • 14-day extended LAB access after the course finishes
  • 14-day Slack support channel access where our security consultants are available
  • A Raspberry Pi with Kali Linux pre-installed
  • A portable wireless keyboard/mouse
  • A hard copy of the RTFM

If all this wasn’t enough, after training concludes we will fire up another subnet of hosts to attack! For this we’ll also provide an in-LAB CTF board with numerous challenges based around the new subnet for students to challenge themselves yet again!

Key Learning Objectives

  • How to perform effective OSINT activities
  • How to identify live hosts and services using both IPv4 and IPv6 protocols
  • How to enumerate targets from an unauthenticated and authenticated perspective using manual techniques and tools that target a range of services using both IPv4 and IPv6 protocols
  • How to identify and exploit configuration weaknesses in targets from both unauthenticated and authenticated perspectives
  • How to extract, identify and crack hashes from a variety of targets including Linux, Windows and other applications
  • How to perform effective post exploitation attacks, enumeration and data gathering
  • How to use tools and techniques introduced during the training to create payloads that can be used in phishing attacks
  • How to perform lateral movement and route traffic to hidden networks
  • How to exploit application weaknesses over tunnels, routed connections and shells using manual techniques and tools
  • Understand how Active Directory trusts operate, are structed and can be abused
  • How to gain persistence and exfiltrate data via out of band channels
  • Understand how defensive monitoring can be used to identify malicious activities

Who Should Attend

This training is suited to a variety of students, including:

  • Penetration Testers
  • Red/Blue Teamers
  • Security Professionals
  • IT Support, Administrative and Network Personnel
  • Anyone looking to enter the world of technical security

Prerequisite Knowledge

  • Familiarity with Windows and Linux command line syntax
  • A basic understanding of networking concepts

Hardware / Software Requirements

  • Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
  • Students will need to have access to VNC, SSH and OpenVPN clients on their laptops

Agenda – Day 1

  • An introduction into infrastructure and application security assessments
  • An introduction into monitoring and alerting using our in-LAB ELK stack
  • Leveraging OSINT activities
  • Enumerating and targeting IPv4 and IPv6 hosts
  • Exposure to vulnerability assessment toolsets
  • Windows and Linux enumeration techniques
  • Identifying and exploiting vulnerabilities
  • Phishing – Creation, execution and compromise using our in-LAB platform with live, simulated users

Agenda – Day 2

  • Windows privilege escalation
  • Linux privilege escalation
  • Overcoming restrictions/policies within an Active Directory environment
  • Executing effective post-exploitation tasks
  • P@ssw0rd cracking
  • Situational awareness and further enumeration of other subnets
  • Lateral movement and pivoting techniques – routing, tunnelling and SOCKS proxies
  • Abusing domain trusts to compromise the enterprise
  • Gaining persistence
  • Data exfiltration over OOB channels

TRAININGS
Location: Training Rooms Date: May 7, 2019 Time: 9:00 am - 6:00 pm Will Hunt Owen Shearing