3-DAY TRAINING 4 – Red Teaming as a Service: Simulating Blackhat Attacks for Organisations

DURATION: 3 DAYS

CAPACITY: 23 pax

SEATS AVAILABLE: 2


EUR2599 (early bird)

EUR3199 (normal)

Early bird registration rate ends on the 28th of February


Overview

The goal of the training is to give a red teamer’s perspective to hackers and penetration testers who want to up their game of VAPT. We will start first with the fundamental concepts of red teaming and its process followed by differentiating how red-teaming is different than normal pentesting and the benefits of having a red-teaming approach towards application security testing. After this, the training will build upon from the ground up starting with the fundamental concepts of Information Gathering and Recon + various un-common tools and techniques to gather much more information about a target. We will then share red-teaming techniques for VA of Web and Mobile Applications where we will discuss various tools and tricks to find more bugs which will be followed by exploitation and data extraction methodologies. Not only will we be going through various automated tools and manual analysis, but the focus will also be on making the tools work efficiently and effectively by tweaking and debugging them. This will also include multiple case studies of interesting Business Logic vulnerabilities and how to spot them. Then we will cover numerous pivoting and privilege escalation mechanisms that help a red teamer move swiftly inside a corporate network without alerting the SOCs. The training will be packed with tons of real-life case studies we encounter during our staple + BONUS: A step by step case study of how we owned various pharmaceutical devices inside a corporate manufacturing network of a million dollar pharma client who wanted more than VAPT.

Who Should Attend

  • Intermediate to experienced Pentesters, Bug Hunters, DevOps,Security Researchers, Security Experts and Security Managers/Architects
  • People who want to introduce red team tactics to their hacking and security methodologies are the main focus of the training as the training is built to give the attendees a red teamers perspective so that they can implement red team approaches (for hackers) or prevent against them (for security managers).

Key Learning Objectives

  •  Red Teaming and its approaches
  •  Setting up a lightweight testing environment for maximum efficiency
  •  OSINT techniques
  •  Hunting for bugs and vulnerabilities that slip past automated scanners
  •  Manual Exploitation of critical vulnerabilities and customizing public tools to work better
  •  Data exfiltration techniques
  •  Network Pivoting
  •  Being stealthy, clean yet efficient while walking inside corporate networks
  •  Interesting Case Studies

Prerequisite Knowledge

  • VAPT Basics
  • Network and OS Basics
  • OWASP Top 10
  • SANS Top 25

Hardware / Software Requirements

  • Laptop with Linux (Kali preferred in Virtual Machine) and min 4 GB ram (8 GB if VM)
  • Working Internet Connection via LAN and WiFi
  • Basic pentesting tools like Burp Suite (Pro preferred), Sqlmap and scripting engines like python and perl etc
  • Virtualbox/VMware

Agenda – Day 1:

  • Introduction
  • What we do
  • What is the training going to be about
  • Lab Setup for real-life red teaming
  • Red Teaming techniques,  methodologies and tricks across phases of VAPT
  • Real life Case studies, interesting hacks and how they were done
  • Red Teaming – What and Why
  • The process
  • Demand: A complete black box red teaming exercise to test how well the
  • existing security team is doing
  • Information: The name of the organisation and the most critical assets
  • VAPT Process to follow:
  • Information Gathering and Recon
  • Asset Mapping and Level 2 Recon
  • Vulnerability Assessment – P0s and P1s only
  • Penetration – Find the single most critical point of entry that will
  • lead us quickest to the HVTs
  • Escalate pivot Escalate pivot…. till we own everything
  • Assess the damage on each pawned asset
  • Lab setup
  • Environment
  • OS
  • Security Configuration
  • Tools to install
  • Pro Tips
  • Information Gathering and Recon
  • Why
  • What to gather – Domains, subdomains, IP ranges, server arch, other
  • online devices, emails, leaked passwords, SSL signatures, Whois, related
  • organisations, related people, web applications, mobile applications,
  • development technologies used, etc
  • How to gather – Automated and Manual Recon
  • Asset Mapping and Level 2 Recon
  • Identifying critical assets
  • Per-asset recon – Port and Service Enumeration, Web App technology
  • stacks, Server software in use, Mobile app stack, Physical network
  • architecture, domain history, server hosting history, Employee History
  • ,Social Media Presence etc
  • Web Application Wreakage
  • Information gathering on web apps and servers
  • Subdomain harvesting,Zone Walking
  • Shodan and Censys
  • Hunting Directorys
  • Port and Service Scanning
  • Public Exploits
  • Vulnerabilities we will look at:
  • Uncommon SQLis
  • Command execution
  • Code Injection
  • Shell Uploads
  • File Inclusions
  • Business Logic Flaws
  • Payment Gateway Flaws
  • Authentication /Authorisation flaws (Vertical And Horizontal)
  • IDORs
  • SSRF
  • XXE
  • Security Misconfigurations
  • Brute force/ Rate-limiting Flaws
  • Attacking CMS – WordPress, Drupal, Joomla

Agenda – Day 2:

  • Interesting Case Studies and Bypassing Tricky Firewalls
  • Pivoting From Web apps to Servers and Servers to Network
  • Gaining server access
  • SQLi
  • Shells
  • File inclusions
  • Command/Code injection
  • XXE
  • Misconfigured Services
  • Components with vulnerabilities
  • Lab Setup
  • Metasploit with DB
  • Workspaces and importing Nmap scans
  • Team Server and Armitage
  • FUD Reverse Shell tricks
  • Privilege escalation
  • Local exploits
  • Exploiting misconfigurations
  • Poweshell exploitation
  • Automating Domain Controller takeover
  • Looting passwords, hashes, tokens and much more
  • Network Pivoting
  • Passing the hash
  • Manual Pivoting
  • Multi Level Pivoting
  • Hacking from within
  • Data Exfiltration techniques
  • Reporting
  • Tips to avoid making noise in the network
  • Case Studies

Agenda – Day 3:

  •    Practice and Doubts
  •    Live Hacking Challenges on Vulnerable Environments
  •    Walkthrough for challenges after completion

TRAININGS
Location: Training Rooms Date: May 6, 2019 Time: 9:00 am - 6:00 pm Himanshu Sharma Aman Sachdev