Winter Infrastructure Pentesting Bootcamp

During this 5-day course in 37,5 hours of super intensive Winter BOOTCAMP you will gain crucial cybersecurity knowledge and skills in terms of Infrastructure Penetration Testing. Moreover, you will be able to:
Get the highest quality and unique learning experience.
Get the opportunity to interact with our world-renowned Experts.
Go through CQURE’s custom lab exercises and practice them after the course.
Receive a lifelong certification after completing the course!
Get 12-month access to the recordings!

The Winter Infrastructure Pentesting Bootcamp agenda consists of 10 Modules that will be covered during intense 5 Days.
Main takeaways:

• In-depth knowledge of reconnaissance and enumeration: You’ll learn how to map and analyze networks to spot vulnerabilities and potential entry points. 
• Advanced skills in vulnerability & threat hunting:  Gain expertise in using cutting-edge tools and techniques to find, understand, and exploit system weaknesses. 
• Mastery of Active Directory (AD) and Azure Entra ID exploitation: Discover sophisticated attack and defense tactics for identity-based attacks. 
• Proficiency in advanced Windows services attacks: Learn how to exploit and defend against attacks on critical Windows services and infrastructure. 
• Expertise in enterprise exploitation and post-exploitation techniques: Understand how to exploit key enterprise services and maintain persistence within compromised networks. 

Day 1: Mastering Reconnaissance and Enumeration
Module 1. REconnaissance Techniques

• Review of goals for testing
• Mastering scanning tools
• Attacking password authentication
• Executing traffic sniffing and analysis
• Covert channel delivery and exfitration

Module 2: Operating System Oriented Environment Enumeration

• Understanding Windows & Linux network architecture
• Enumerationg Windows domains and workstations
• Identifying high value targets (users, admins, devices etc.)
• Itentifying roles or different machines (Domain Controllers, File Servers, etc.)
• Utilizing Nmap for operating system-specific scans
• Accessing sensitive data

Day 2: Mastering Hunting for Vunlerabilities
Module 3: Hunting for Vulnerabilities

• Discovering live systems
• Getting information from open ports
• Miusing typical services NetBIOS, SMB, and other
• Metasploit and other tools
• Automation techniques
• Mastering Powershell / Poersploit
• Manipulating SMB, RDP, and other protocols for control and data exfiltration

Day 3: Mastering Identity Attacks and Protocol Flows
Module 4: Attacks on NTLM: Execution and Mitigations

• Understanding and exploiting NTLM
• Pass-The-Hash
• NTLM relay
• NTLM attacks detections
• Hardening NTLM authentication

Module 5: Attacks on Kerberos authentication: Exectuion and Mitigations

• Understanding and exloiting Kerberos
• Core concepts (tickets, keys, SPN)
• Authentication flow
• PKlinit
• Refreshing PAC
• Authentication Monitoring

Module 6: Attacks against Kerberos tickets: Execution and Mitigations

• Pass-The-Ticket
• Silver ticket
• Golden ticket
• Keberoasting

Day 4: Advanced Attacks on Active Directory and Entra ID
Module 7: Advanced AD Attacks: Execution and Mitigations

• DCSync
• DCShadow
• NGC/shadow credentials
• Advanced persistence techniqueis
• Skeleton Key
• Windows Hello for Business Security
• AdminSDholder
• Offline access attacks
• Descrypting secrets with DPAPI and DPAPI-NG
• Attacks against smart card authentication

Module 8: Azure and Entra ID Pivoting

• Cloud enumeration
• On-prem to cloud pivoting
• Cloud to on-prem pivoting
• Entra ID security review
• Stealing Entra ID tokens
• Entra ID MFA and FIDO2 auditing
• Entra ID application security
• Catching signs of attack on-prem and in the Cloud

Day 5: Mastering Enterprise Exloitation, Post-Explotation and Pivoting
Moudle 9: Mastering Explotation of Enterprise Services

• Exploiting PKI services
• Exploiting MSSQL Severs
• Exploiting IIS
• Exploiting ADFS
• Bypassing application whitelisting

Module 10: Mastering Persistence and Lateral Movement

• Techniques for lateral movement recap
• BITS Jobs
• Boot or Login Autostart Execution
• Boot or Login Initialization Scripts
• Browser Extensions
• Compromising Software Binary
• Event-Triggered Execution
• External Remote SErvices
• Hijack Execution Flow
• Office Application Startup
• Scheduled Task/Job
• Server Software Component
• Traffic Signaling
• Persistence through Registry keys
• Malicious services
• Fireless malware

This bootcamp is perfect for experienced cybersecurity pros - think penetration testers, security analysts, and IT administrators - who want to up their game in network defense and attack strategies.

This bootcamp is designed for you if you are a: 

• Penetration tester 
• Security analyst 
• IT administrator 
• Cybersecurity professional & a geek with IT background who wants to start an adventure in the cybersecurity pentesting field