Join us at the Blue Team Summit! Register Here

Penetration Testing: Beyond the Basics with Tim Medin

Course Authored by .

Penetration Testing: Beyond the Basics with Tim Medin

Building on the foundational skills learned in the introductory course, this training will take you deeper into the world of penetration testing, equipping you with the skills and knowledge to conduct more complex, real-world engagements.

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: WWHF Deadwood 2025 - Link at bottom.

Description

Building on the foundational skills learned in the introductory course, this training will take you deeper into the world of penetration testing, equipping you with the skills and knowledge to conduct more complex, real-world engagements.

Want to learn Penetration Testing?

Have you already taken Introduction to Pentesting with John Strand from Antispyhon? This course is meant as a follow on to the class, where we go into even more depth on what it takes to deliver a high-value penetration test. This course begins with tips and tricks for enumerating hosts, then dives into valuable initial access techniques. From there the course teaches how to identify additional targets via situational awareness, and of course, how to pivot to those hosts using practical lateral movement techniques.

Do you have to take John’s class? No, but the expectation is that you have some experience with information security and IT.

In this course, we will focus on refining and expanding your penetration testing methodology, with an emphasis on advanced techniques, toolsets, and strategic thinking. You’ll gain hands-on experience in testing more intricate attack surfaces including Active Directory (AD), Kerberos, and Active Directory Certificate Services (AD CS).

Syllabus

    • Target Identification – You can’t exploit systems and services you don’t know exists. In this course you’ll learn tips and tricks to quickly and safely identify high value targets for deeper testing.

    • Initial Access – Initial Access (IA) comes in many forms. According to the latest Verizon Data Breach Investigation Report (VDBIR), Initial Access is gained through compromised passwords, phishing, and to a lesser degree, exploitation. We’ll cover all these techniques as part of a practical penetration test.

    • Situation Awareness – Once a system is compromised, a penetration tester needs to gain information from the system to learn about the target environment for further attacks. A lot of valuable information can be gained from the network once a single host has been exploited/compromised.

    • Pivoting and Lateral Movement – When a real-world bad guy gains access to a system, they do not stop. They are going to work to extend their reach. In this course, we’ll cover common ways for lateral movement to model real world attackers, and to find issues beyond the surface.

    • Windows Domain and Kerberos – Nearly every organization uses Active Directory (AD). No penetration testing course would be complete without a deep dive into identifying issues in AD, and abusing those issues for privilege escalation, lateral movement, and persistence.

    • Active Directory Certificate Services – Far too often, organizations implement Microsoft’s Active Directory Certificate Services (AD CS), but it isn’t setup security. You’ll get hands on experience using real-world techniques to escalate privileges using this far-too-common technique.

FAQ

Prerequisites
Completion of John Strand’s Intro to Penetration Testing course or equivalent hands-on experience with penetration testing fundamentals.
Audience Skill Level
Intermediate
Who Should Take this course
This is designed for professionals learning how attackers work and to understand common, high-impact techniques commonly used by real world attackers. Whether you are a system administrator or defender looking to learn offense, or an offensive person looking to strengthen you’re skill, this is the course for you!

About the Instructor

Pixel splash background
Tim Medin
Tim Medin
"Hacker, instructor, and Kerberoast Guy"
Bio

Tim is the CEO and founder of Red Siege Information Security. He is the creator of the Kerberoasting. Tim was a Senior Instructor and course author (SEC560) at The SANS Institute. Tim has performed penetration tests on a wide range of organizations and technologiesTim is an experienced international speaker, having presented to organizations around the world.

This class is being taught at Wild West Hackin’ Fest – Deadwood 2025.

For more information about our conferences, visit Wild West Hackin’ Fest!

REGISTER HERE

Clicking on the button above will take you to our registration page

Related products

Shopping Cart

No products in the cart.