Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents.
An offense-in-depth approach may be applied to offensive practitioner’s looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, border hosts, and many of them are tied to the internal network in some way.
This course aims to help offensive practitioners successfully exercise their client environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper hand on your assessments.
- This exciting course focuses on using the latest offensive attack methodology against an enterprise spanning cloud and on-premises targets.
- Beginning from an unprivileged external adversary, you will be immersed in unique offensive attacks against an enterprise attack surface.
- You will conduct Open-Source Intelligence (“OSINT”) searching for useful data found across the internet and dark web.
- Analyze every step of the process with Observe, Orient, Determine, and Act (“OODA”) accordingly against your target organization.
- Enumerate the external network presence for potential avenues of entry. Border devices and insecure applications are commonly used on offensive engagements as entry points to the internal or cloud network segments.
- Students will learn various password spraying techniques to access target services.
- Build infrastructure to host various payloads using unique services to bypass common proxy configurations and network restrictions.
- Generate Command and Control payloads to bypass protections.
- Utilize multiple Command and Control frameworks and payloads for compromising target hosts. You will utilize both common and obscure communications channels for your implants.
- Gain entry to an enterprise through various ingress channels using novel techniques. You will learn to adapt to your target environment and execute attacks accordingly.
WHO SHOULD TAKE THIS COURSE
- Aspiring Penetration Testers and Red Team Operators
- Defenders looking to understand offensive tradecraft to better defend their networks
AUDIENCE SKILL LEVEL
Students should have a fundamental interest in offensive operations and familiarity with information security concepts.
- Students should be comfortable operating from the command-line in Debian-based Linux distributions such as Kali Linux and Ubuntu.
- Students should be comfortable operating Windows and familiar with using PowerShell scripts.
- Students should be comfortable connecting to remote systems with tools such as Remote Desktop (RDP), SSH, and OpenVPN.
- Students should be comfortable installing and running Windows and Linux.
The following prerequisites are recommended for students to successfully complete all the hands-on exercises (labs):
- High-speed Internet – sufficient for participating in a video conference/webinar and connecting to the online labs.
- A modern x64 computer running Windows 10 with at least 8 GB of RAM – Students will need to run PowerShell scripts locally to deploy virtual infrastructure in their Azure environment. Students will also need sufficient hardware to run virtual machines on their own computer.
- Full Administrator access to their computer
- A credit card – Students will be signing up for cloud service accounts such as Microsoft Azure and AWS. These services may require a credit card for signing up. Some services may have a free period.
- A mobile phone – Students may need to receive SMS messages to complete signups for cloud service accounts. Students may also require a mobile phone for multi-factor authentication during the labs.
WHAT EACH STUDENT SHOULD BRING
Above requirements and Virtual Machines on their local computer.
WHAT STUDENTS WILL BE PROVIDED WITH
- A PDF copy of all slides
- Links to all the material and tools needed
- Instructions for completing each lab
TRAINER & AUTHOR
Steve Borosh is a proud U.S. Army Infantry veteran and security consultant at Black Hills Information Security. Steve has extensive experience as a penetration tester, red team operator, and instructor since 2014. Steve has instructed courses on penetration testing and red teaming for the public, private, and federal law enforcement sectors. Steve also has experience teaching and speaking at conferences such as Blackhat, various BSides events, Gartner, and others. Steve maintains a blog and GitHub repository to share knowledge and open-source offensive tools with the community. Steve earned a B.S. in Computer and Information Science from ECPI University.
Tue, August 23, 2022 11:00AM – 4:00PM ET
Wed, August 24, 2022 12:00PM – 4:00PM ET
Thu, August 25, 2022 12:00PM – 4:00PM ET
Fri, August 26, 2022 12:00PM – 4:00PM ET