Join us for Wild West Hackin’ Fest Mile High conference! Register Here

Advanced Penetration Testing of Non-Western IT Infrastructures with Steve Borosh

Course Authored by .

Advanced Penetration Testing of Non-Western IT Infrastructures with Steve Borosh

This course has been designed for those charged with helping to secure non-western IT systems by way of penetration testing.

Course Length: 8 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: Content is loading, please wait.

Description

This course has been designed for those charged with helping to secure non-western IT systems by way of penetration testing.

Most offensive-related cybersecurity courses today are tailored to focus on western Information Technology systems. Primarily, English-based software and systems running on-premises or hosted in cloud infrastructure, owned by western-based companies, residing within US or EU borders. This course and associated labs will cover a range of technologies, languages, software, and services that a penetration tester may encounter while engaging various theoretical non-western organizations and the different challenges each may bring. Most importantly, this course will provide you with the necessary mindset and flexible TTP’s to efficiently and effectively assess the security of any non-western IT infrastructure.

System Requirements
  • Student/Lab Requirements:
    • Students need to be able to run an Ubuntu Virtual Machine and connect laptop to my wifi.
    • Instructor provides an OVA / OVF to import.

Syllabus

  1. Introduction
    • Roll call
  2. Workshop Overview
    • Rules
    • Labs
      • Range overview
      • How to access the range
  3. Operational Setup
    • Attack stations
      • Operating systems
        • Linux
        • Windows
      • Operator Profiles
      • Operator tools
    • OPSEC considerations
      • Financing
      • Technical
        • Hostnames and usernames
        • Tooling OPSEC
        • LLM Usage
        • Networking/Traffic obfuscation
  4. Initial OSINT and Recon Activities
    • Overview
    • Scanning by Third-Party
      • What can we find?
      • Shodan
      • ZoomEye
      • Fofa
      • Honeypot Identification
      • SCADA Enumeration
      • Remote Access Point Enumeration
      • Camera and CCTV Enumeration
      • SSL/TLS Enumeration
    • Attack surface enumeration
      • Port scanning
      • Service enumeration
      • Web content enumeration
      • Cloud service discovery
      • IP/DNS Discovery
      • Certificate analysis and transparency search
      • User enumeration
    • Research unknown/unfamiliar technology stacks
  5. Detection Awareness
    • Setup and tooling
    • Identifying deception technologies
    • Detect being detected
  6. Post Exploitation
    • Host triage
      • Cohabitation checks
    • Persistence
    • Network enumeration
    • Data enrichment
    • Lateral movement
    • Data exfiltration
  7. After Action Review and Cleanup
    • Desired state status (cleanup)
    • Provide deliverables
    • AAR

FAQ

Who Should Attend:
Students or penetration testers interested in testing non-western networks.
Key Takeaways:
This course will provide you with the necessary mindset and flexible TTP’s to efficiently and effectively assess the security of any non-western IT infrastructure.
Applicable Business Skills:
Students will take back unique and advanced techniques to improve their business or clients' computer systems through penetration testing and breaking assumptions of security.

About the Instructor

Pixel splash background
Steve Borosh
Bio

Steve Borosh is a proud U.S. Army Infantry veteran and security consultant at Black Hills Information Security. Steve has extensive experience as a penetration tester, red team operator, and instructor since 2014. Steve has instructed courses on penetration testing and red teaming for the public, private, and federal law enforcement sectors. Steve also has experience teaching and speaking at conferences such as Blackhat, various BSides events, Gartner, and others. Steve maintains a blog and GitHub repository to share knowledge and open-source offensive tools with the community. Steve earned a B.S. in Computer and Information Science from ECPI University.

Related products

Shopping Cart

No products in the cart.