Infrastructure Pentesting - WPTC

Beschreibung

You will enjoy it! This deep-dive course teaches strategy and advanced techniques for performing internal infrastructure penetration testing in a highly secure Windows infrastructure.
Our in-depth course has been developed around professional penetration testing and security awareness in the business and IT fields. During the first day of the course you will learn how to pick the right methodology for your project and acquire the skills on how to successfully perform target reconnaissance and get valuable data on the objective. We will also recap some key concepts such as the Cyber Kill Chain and review the MITRE ATT&CK Matrix.

The next stage of the training will focus on learning the key tools and concepts needed for performing infrastructure penetration testing.
Later on, you will go through various methods of infrastructure penetration testing, we will learn how to determine the attacks scope, discover vulnerable services and configuration. After we have successfully prepared for the penetration test, the next steps will be to weaponize. Together we will prepare malicious payloads and reverse shells.
During the course we will also cover bypassing system guards and how to utilize Living Off The Land Binaries, Scripts and Libraries for further exploitation.
As soon as we have gained the access to the target system, we will try various methods of privilege escalation and lateral movement, including the infamous Pass-the-Hash family attacks.

To make sure that all participants gain the necessary infrastructure security concepts and knowledge, our classes have an intensive hands-on labs format and we have prepared tons of exercises that you will be able to perform even after the course concludes as we will grant you an extra 3-weeks of lab access.
The knowledge used to prepare the unique content of this amazing course has been gathered during tons of penetration testing projects all around the world by CQURE’s world-renowned Experts. The training will allow you to prepare for penetration testing projects or red team exercises.
Every exercise is supported by lab instructions and multiple tools, both traditional and specialized. CQURE trainers recommend students have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the course.

error_outline Wichtige Information

Dieses Seminar wird in ENGLISCH gehalten!

expand_more chevron_right Zielgruppe

Ideal candidate for this course:
  • Pentesters
  • red teamers
  • Windows network administrators
  • security professionals
  • systems engineers
  • IT professionals
  • security consultants and other people responsible for implementing infrastructure security

    expand_more chevron_right Vorkenntnisse

    You should have 3-5 years of experience in cybersecurity to attend this training or have successfully completed one of the following CQURE Academy courses:
    Introduction to Pentesting Course
    You should have a good understanding of Windows infrastructure security concepts and features.
    Before attending this course, you should also be familiar with basic hacking tools and Kali Linux

    expand_more chevron_right Detail-Inhalte

    Module 1: Introduction to Windows Infrastructure Penetration Testing
    • What is Penetration Testing?
    • Cyber Kill Chain
    • MITRE ATT&CK Matrix
    • Testing methodologies
    • Reporting

    Module 2: Reconnaissance
    • Open-Source Intelligence (OSINT)
    • Social Media Intelligence (SOCMINT)
    • Google hacking and alternative search engines
    • Subdomains and DNS enumeration
    • Public services enumeration
    • Discovering hidden secrets

    Module 3: Web Applications
    • Web application as infrastructure entry point
    • Architecture of modern web applications
    • Brief overview of OWASP TOP 10
    • Web attacks and Remote Code Execution

    Module 4: Infrastructure penetration testing
    • Modern company, systems and solutions
    • Determining attack scope
    • Discovering services
    • Attacking services
    • Vulnerable default configurations

    Module 5: Weaponization and delivery
    • Generating malicious payloads
    • Reverse shells
    • Evasion techniques
    • Command and Control
    • Physical toolkit

    Module 6: Exploitation and Installation
    • Types of vulnerabilities
    • Exploit development
    • Bypassing system guards
    • Living Off the Land Binaries
    • Stealth communication channels

    Module 7: Privilege escalation
    • Token and privileges
    • Attacking services
    • Attacking file system
    • Accessing system secrets

    Module 8: Lateral movement
    • Responder
    • Pass-The-Hash family attacks
    • Bloodhound
    • Critical Active Directory issues
    • Lateral movement within AD
    • expand_more chevron_right event_available 20.07.-22.07.2022 20.07.2022 Seminarzeitentimer3 Tage roomVirtual-Training (VILT)
      • expand_more chevron_right Virtual Classroom 2.500,00
        • Live Online Training im virtuellen Klassenraum
        • Live Vortrag inkl. Interaktion mit dem/der Trainer*in
        • Seminarunterlagen, Teamwork, Labs
        • Keine hohen Hardware Anforderungen, dennoch Zugriff auf die gewohnte professionelle Übungsumgebung
        • keine Anfahrt ins Seminarzentrum notwendig