Advanced Penetration Testing of Non-Western IT Infrastructures with Steve Borosh
Overview
- Course Length: 8 hours
- Support from expert instructors
- Includes certificate of completion
- 6 months access to Cyber Range
This course has been designed for those charged with helping to secure non-western IT systems by way of penetration testing.
Most offensive-related cybersecurity courses today are tailored to focus on western Information Technology systems. Primarily, English-based software and systems running on-premises or hosted in cloud infrastructure, owned by western-based companies, residing within US or EU borders. This course and associated labs will cover a range of technologies, languages, software, and services that a penetration tester may encounter while engaging various theoretical non-western organizations and the different challenges each may bring. Most importantly, this course will provide you with the necessary mindset and flexible TTP’s to efficiently and effectively assess the security of any non-western IT infrastructure.
Who Should Attend
Students or penetration testers interested in testing non-western networks.
Key Takeaways
This course will provide you with the necessary mindset and flexible TTP’s to efficiently and effectively assess the security of any non-western IT infrastructure.
Applicable Business Skills
Students will take back unique and advanced techniques to improve their business or clients’ computer systems through penetration testing and breaking assumptions of security.
- Introduction
- Roll call
- Workshop Overview
- Rules
- Labs
- Range overview
- How to access the range
- Operational Setup
- Attack stations
- Operating systems
- Linux
- Windows
- Operator Profiles
- Operator tools
- Operating systems
- OPSEC considerations
- Financing
- Technical
- Hostnames and usernames
- Tooling OPSEC
- LLM Usage
- Networking/Traffic obfuscation
- Attack stations
- Initial OSINT and Recon Activities
- Overview
- Scanning by Third-Party
- What can we find?
- Shodan
- ZoomEye
- Fofa
- Honeypot Identification
- SCADA Enumeration
- Remote Access Point Enumeration
- Camera and CCTV Enumeration
- SSL/TLS Enumeration
- Attack surface enumeration
- Port scanning
- Service enumeration
- Web content enumeration
- Cloud service discovery
- IP/DNS Discovery
- Certificate analysis and transparency search
- User enumeration
- Research unknown/unfamiliar technology stacks
- Detection Awareness
- Setup and tooling
- Identifying deception technologies
- Detect being detected
- Post Exploitation
- Host triage
- Cohabitation checks
- Persistence
- Network enumeration
- Data enrichment
- Lateral movement
- Data exfiltration
- Host triage
- After Action Review and Cleanup
- Desired state status (cleanup)
- Provide deliverables
- AAR
Schedule
FAQ
Q: Are there labs?
A: Yes.
Q: Do I need to know other languages than English?
A: No
System Requirements
Students need to be able to run an Ubuntu Virtual Machine and connect laptop to my wifi. Instructor provides an OVA / OVF to import.
There are no scheduled live dates for this course at this time.
Similar Courses
Aug 28th
– Aug 29th
