Enterprise Attack Initial Access with Steve Borosh

Enterprise Attack Initial Access w/ Steve Borosh

Instructor: Steve Borosh
Course Length: 16 Hours
Format: Live Online or On-Demand

Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

Live Online Class Schedule
Register for On-Demand Training

Course Description

Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents.

An offense-in-depth approach may be applied to offensive practitioner’s looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, border hosts, and many of them are tied to the internal network in some way.
This course aims to help offensive practitioners successfully exercise their client environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper hand on your assessments.

Key Takeaways

  • This exciting course focuses on using the latest offensive attack methodology against an enterprise spanning cloud and on-premises targets.
  • Beginning from an unprivileged external adversary, you will be immersed in unique offensive attacks against an enterprise attack surface.
  • You will conduct Open-Source Intelligence (“OSINT”) searching for useful data found across the internet and dark web.
  • Analyze every step of the process with Observe, Orient, Determine, and Act (“OODA”) accordingly against your target organization.
  • Enumerate the external network presence for potential avenues of entry. Border devices and insecure applications are commonly used on offensive engagements as entry points to the internal or cloud network segments.
  • Students will learn various password spraying techniques to access target services.
  • Build infrastructure to host various payloads using unique services to bypass common proxy configurations and network restrictions.
  • Generate Command and Control payloads to bypass protections.
  • Utilize multiple Command and Control frameworks and payloads for compromising target hosts. You will utilize both common and obscure communications channels for your implants.
  • Gain entry to an enterprise through various ingress channels using novel techniques. You will learn to adapt to your target environment and execute attacks accordingly.

Who Should Take This Course

  • Aspiring Penetration Testers and Red Team Operators
  • Defenders looking to understand offensive tradecraft to better defend their networks

Audience Skill Level

  • Students should have a fundamental interest in offensive operations and familiarity with information security concepts.
  • Students should be comfortable operating from the command-line in Debian-based Linux distributions such as Kali Linux and Ubuntu.
  • Students should be comfortable operating Windows and familiar with using PowerShell scripts.
  • Students should be comfortable connecting to remote systems with tools such as Remote Desktop (RDP), SSH, and OpenVPN.
  • Students should be comfortable installing and running Windows and Linux.

Student Requirements

The following prerequisites are recommended for students to successfully complete all the hands-on exercises (labs):

  • High-speed Internet sufficient for participating in a video conference/webinar and connecting to the online labs.
  • A modern x64 computer running Windows 10 with at least 8 GB of RAM – Students will need to run PowerShell scripts locally to deploy virtual infrastructure in their Azure environment. Students will also need sufficient hardware to run virtual machines on their own computer.
  • Full Administrator access to their computer
  • A credit card – Students will be signing up for cloud service accounts such as Microsoft Azure and AWS. These services may require a credit card for signing up. Some services may have a free period.
  • A mobile phone – Students may need to receive SMS messages to complete signups for cloud service accounts. Students may also require a mobile phone for multi-factor authentication during the labs.

What Each Student Should Bring

Above requirements and Virtual Machines on their local computer.

What Students Will Be Provided With

  • A PDF copy of all slides
  • Links to all the material and tools needed
  • Instructions for completing each lab

About Antisyphon Training Options

Live Online

Learn via live stream from instructors that are in the field utilizing the techniques they teach. Classes are split into four training days that are each four hours long. Live Online training includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

On-Demand

Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Most courses are offered with lifetime access to the course and content updates. All On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

Live Online w/ On-Demand Bundle

This is the best of both worlds! Attend the live online class at its next scheduled interval and gain access to the online training modules in the Antisyphon On-demand training platform. Bundle also includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

Trainer & Author

Steve Borosh

Steve Borosh is a proud U.S. Army Infantry veteran and security consultant at Black Hills Information Security. Steve has extensive experience as a penetration tester, red team operator, and instructor since 2014. Steve has instructed courses on penetration testing and red teaming for the public, private, and federal law enforcement sectors. Steve also has experience teaching and speaking at conferences such as Blackhat, various BSides events, Gartner, and others. Steve maintains a blog and GitHub repository to share knowledge and open-source offensive tools with the community. Steve earned a B.S. in Computer and Information Science from ECPI University.

Live Training Events

There are no sessions of this course currently on our schedule.

Please keep an eye on the Live Training Calendar page for updates, or Contact Us for a private training session.