Enterprise Penetration Testing

This course prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. The course material is complemented with 30+ practical lab exercises concluding with an intensive, hands-on Capture-the-Flag exercise in which you will conduct a penetration test against a sample target organization and demonstrate the knowledge you have mastered,(Online classes available)

Course KeyLearnings

• Properly plan and prepare for an enterprise penetration test
• Perform detailed reconnaissance to aid in social engineering, phishing, and making well-informed attack decisions
• Scan target networks using best-of-breed tools to identify systems and targets that other tools and techniques may have missed
• Perform safe and effective password guessing to gain initial access to the target environment, or to move deeper into the network
• Exploit target systems in multiple ways to gain access and measure real business risk
• Execute extensive post-exploitation to move further into the network
• Use privilege escalation techniques to elevate access on Windows or Linux systems, or the Microsoft Windows domain
• Perform internal reconnaissance and situational awareness tasks to identify additional targets and attack paths
• Execute lateral movement and pivoting to further extend access to the organization and identify risks missed by surface scans
• Crack passwords using modern tools and techniques to extend or escalate access
• Use multiple Command and Control (C2, C&C) frameworks to manage and pillage compromised hosts
• Attack the Microsoft Windows domain used by most organizations
• Execute multiple Kerberos attacks, including Kerberoasting, Golden Ticket, and Silver Ticket attacks
• Conduct Azure reconnaissance
• Execute Azure Active Directory (AD) password spray attacks
• Execute commands in Azure using compromised credentials
• Develop and deliver high-quality reports

Course Content: Comprehensive Penetration Test Planning, Scoping, Recon, and Scanning

Overview

In this course section, you will develop the skills needed to conduct a best-of-breed, high-value penetration test. We’ll go in-depth on how to build a penetration testing infrastructure that includes all the hardware, software, network infrastructure, and tools you will need to conduct great penetration tests, with specific low-cost recommendations for your arsenal. We’ll then cover formulating a pen test scope and rules of engagement that will set you up for success, including a role-play exercise. We’ll also dig deep into the reconnaissance portion of a penetration test, covering the latest tools and techniques.

Exercises

• Formulating an Effective Scope and Rules of Engagement
• Linux for Pen Testers
• Reconnaissance and OSINT
• Nmap
• Masscan
• Advanced Nmap Usage, EyeWitness, and Netcat for Pen Testers

Topics

• The Mindset of the Professional Pen Tester
• Building a World-Class Pen Test Infrastructure
• Creating Effective Pen Test Scopes and Rules of Engagement
• Reconnaissance of the Target Organization, Infrastructure, and Users
• Tips for Awesome Scanning
• Version Scanning with Nmap
• False-Positive Reduction
• Netcat for the Pen TesterGetting the Most Out of Nmap
• Faster Scanning with Masscan
• OS Fingerprinting, Version Scanning In-Depth, Netcat for Penetration Testers, and EyeWitness
• Nmap In-Depth: The Nmap Scripting Engine

Module2: Initial Access, Payloads, and Situational Awareness

Overview

This course section includes password guessing attacks, which are a common way for penetration testers and malicious attackers to gain initial access and pivot through the network. This action-packed section concludes with another common way to gain initial access: exploitation. We’ll discuss many ways that exploits are used to gain access or escalate privileges, then examine how these exploits are packaged in frameworks like Metasploit and its mighty Meterpreter. You’ll learn in-depth how to leverage Metasploit and Meterpreter to compromise target environments

Exercises

• Initial Access with Password Guessing and Spraying with Hydra
• Exploitation with Metasploit and the Meterpreter Shell
• Command and Control Sliver and Teammates
• Leveraging [PowerShell] Empire for Post-Exploitation
• Developing Payloads in Multiple C2 Frameworks
• GhostPack’s Seatbelt

Topics

• Gaining Initial Access
• Password Guessing, Spraying, and Credential Stuffing
• Exploitation and Exploit Categories
• Exploiting Network Services and Leveraging Meterpreter
• Command and Control Frameworks and Selecting the One for You
• Using the Adversary Emulation and Red Team Framework, Sliver
• Post-Exploitation with [PowerShell] Empire
• Payload Generation in Metasploit and Sliver
• Post-Exploitation
• Assumed Breach Testing

Module3: Privilege Escalation, Persistence, and Password Attacks

Overview

In this section, you’ll learn tools and techniques to perform privilege escalation attacks to gain elevated access on compromised hosts to further pillage compromised hosts for an even more high-impact penetration test. Part of post-exploitation includes password dumping, where we’ll perform cleartext password extraction with Mimikatz and password cracking. We’ll also cover persistence to help you maintain access to compromised hosts that survive a reboot or a user logoff. You’ll learn modern tools and techniques to perform better cracking attacks that will extend or upgrade your access in the target environment. We’ll take a look at the powerful BloodHound to allow us to map attack paths to get to high-value targets. This section concludes with Responder, a tool to obtain password hashes and for relaying.

Exercises

• Privilege Escalation on Windows
• Domain Mapping and Exploitation with BloodHound
• Practical Persistence
• Metasploit PsExec, Hash Dumping, and Mimikatz Kiwi Credential Harvesting
• Password Cracking with John the Ripper and Hashcat
• Attacking Nearby Clients with Responder

Topics

• Privilege Escalation Methods and Techniques on Windows and Linux
• Identifying Attack Paths with BloodHound
• Persistence and Maintaining Access
• Password Attack Tips
• Retrieving and Manipulating Hashes from Windows, Linux, and Other Systems
• Extracting Hashes and Passwords from Memory with Mimikatz Kiwi
• Effective Password Cracking with John the Ripper and Hashcat
• Poisoning Multicast Name Resolution with Responder

Module4: Lateral Movement and Reporting

Overview

This course sections zooms in on moving through the target environment. When attackers gain access to a network, they move, so you’ll learn the same techniques used by modern attackers and penetration testers. You’ll start by manually executing techniques used for lateral movement, then move on to automation using the powerful toolset, Impacket, to exploit and abuse network protocols. We’ll examine Windows network authentication, and you’ll perform a pass-the-hash attack to move through the network without knowing the compromised account’s password.

Exercises

• Lateral Movement and Running Commands Remotely with WMIC and by Creating Malicious Services
• The Impacket Framework
• Pass-the-Hash
• Bypassing Application Control Technology Using Built In Windows Features
• Pivoting through SSH and an Existing Meterpreter Session

Topics

• Lateral Movement
• Running Commands Remotely
• Attacking and Abusing Network Protocols with Impacket
• Anti-Virus and Evasion of Defensive Tools
• Application Control Bypasses Using Built-In Windows Features
• Implementing Port Forwarding Relays via SSH for Merciless Pivots
• Pivoting through Target Environments with C2
• Effective Reporting and Business Communication

Module5: Domain Domination and Azure Annihilation

Overview

This course section focuses on typical AD lateral movement strategies. You’ll gain an in-depth understanding of how Kerberos works and what the possible attack vectors are, including Kerberoasting, Golden Ticket, and Silver Ticket attacks. You’ll use credentials found during the penetration test of the target environment to extract all the hashes from a compromised Domain Controller. We’ll cover one of the most useful new techniques for privilege escalation due to vulnerabilities in Active Directory Certificate Services (AD CS). With full privileges over the on-premise domain, we’ll then turn our attention to the cloud and have a look at Azure principles and attack strategies. The integration of Azure AD with the on-premise domain provides interesting attack options, which will be linked to the domain dominance attacks we saw earlier during the course section.

Exercises

• Kerberoast Attack for Domain Privilege Escalation
• Domain Dominance and Password Hash Extraction from a Compromised Domain Controller
• Identifying Vulnerabilities and Attacking Active Directory Certificate Services (AD CS)
• Silver Tickets for Persistence and Evasion
• Golden Ticket Attacks for Persistence
• Azure Reconnaissance and Password Spraying
• Running Commands in Azure Using Compromised Credentials

Topics

• Kerberos Authentication Protocol
• Kerberoasting for Domain Privilege Escalation and Credential Compromise
• Persistent Administrative Domain Access
• Evaluating and Attacking AD CS
• Obtaining NTDS.dit and Extracting Domain Hashes
• Golden and Silver Ticket Attacks for Persistence
• Additional Kerberos Attacks Including Skeleton Key, Over-Pass-the-Hash, and Pass-the-Ticket
• Effective Domain Privilege Escalation
• Azure and Azure AD Reconnaissance
• Azure Password Attacks and Spraying
• Understanding Azure Permissions
• Running Commands on Azure Hosts
• Tunneling with Ngrok
• Lateral Movement in Azure

Module6: Penetration Test and Capture-the-Flag Exercise

Overview

This course section focuses on typical AD lateral movement strategies. You’ll gain an in-depth understanding of how Kerberos works and what the possible attack vectors are, including Kerberoasting, Golden Ticket, and Silver Ticket attacks. You’ll use credentials found during the penetration test of the target environment to extract all the hashes from a compromised Domain Controller. We’ll cover one of the most useful new techniques for privilege escalation due to vulnerabilities in Active Directory Certificate Services (AD CS). With full privileges over the on-premise domain, we’ll then turn our attention to the cloud and have a look at Azure principles and attack strategies. The integration of Azure AD with the on-premise domain provides interesting attack options, which will be linked to the domain dominance attacks we saw earlier during the course section.

Exercises

• Kerberoast Attack for Domain Privilege Escalation
• Domain Dominance and Password Hash Extraction from a Compromised Domain Controller
• Identifying Vulnerabilities and Attacking Active Directory Certificate Services (AD CS)
• Silver Tickets for Persistence and Evasion
• Golden Ticket Attacks for Persistence
• Azure Reconnaissance and Password Spraying
• Running Commands in Azure Using Compromised Credentials

Topics

• Kerberos Authentication Protocol
• Kerberoasting for Domain Privilege Escalation and Credential Compromise
• Persistent Administrative Domain Access
• Evaluating and Attacking AD CS
• Obtaining NTDS.dit and Extracting Domain Hashes
• Golden and Silver Ticket Attacks for Persistence
• Additional Kerberos Attacks Including Skeleton Key, Over-Pass-the-Hash, and Pass-the-Ticket
• Effective Domain Privilege Escalation
• Azure and Azure AD Reconnaissance
• Azure Password Attacks and Spraying
• Understanding Azure Permissions
• Running Commands on Azure Hosts
• Tunneling with Ngrok
• Lateral Movement in Azure

International Student Fee: 950 US$