Shopping Cart

No products in the cart.

Enterprise Attack Initial Access w/ Steve Borosh

Enterprise Attack Initial Access with Steve Borosh

Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents.

Instructor: Steve Borosh
Course Length: 16 Hours
Tuition: $575 USD

This Antisyphon Training Course is available On-Demand.

This page is for the On-Demand version of this course. Please check our Live Events Calendar for any live presentations of this class currently scheduled.

An offense-in-depth approach may be applied to offensive practitioner’s looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, border hosts, and many of them are tied to the internal network in some way. This course aims to help offensive practitioners successfully exercise their client environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper hand on your assessments.


Key Takeaways

  • This exciting course focuses on using the latest offensive attack methodology against an enterprise spanning cloud and on-premises targets.
  • Beginning from an unprivileged external adversary, you will be immersed in unique offensive attacks against an enterprise attack surface.
  • You will conduct Open-Source Intelligence (“OSINT”) searching for useful data found across the internet and dark web.
  • Analyze every step of the process with Observe, Orient, Determine, and Act (“OODA”) accordingly against your target organization.
  • Enumerate the external network presence for potential avenues of entry. Border devices and insecure applications are commonly used on offensive engagements as entry points to the internal or cloud network segments.
  • Students will learn various password spraying techniques to access target services.
  • Build infrastructure to host various payloads using unique services to bypass common proxy configurations and network restrictions.
  • Generate Command and Control payloads to bypass protections.
  • Utilize multiple Command and Control frameworks and payloads for compromising target hosts. You will utilize both common and obscure communications channels for your implants.
  • Gain entry to an enterprise through various ingress channels using novel techniques. You will learn to adapt to your target environment and execute attacks accordingly.

Who Should Take This Course

  • Aspiring Penetration Testers and Red Team Operators
  • Defenders looking to understand offensive tradecraft to better defend their networks

What Each Student Should Bring

Above requirements and Virtual Machines on their local computer.

Audience Skill Level

  • Students should have a fundamental interest in offensive operations and familiarity with information security concepts.
  • Students should be comfortable operating from the command-line in Debian-based Linux distributions such as Kali Linux and Ubuntu.
  • Students should be comfortable operating Windows and familiar with using PowerShell scripts.
  • Students should be comfortable connecting to remote systems with tools such as Remote Desktop (RDP), SSH, and OpenVPN.
  • Students should be comfortable installing and running Windows and Linux.

Student Requirements

The following prerequisites are recommended for students to successfully complete all the hands-on exercises (labs):

  • High-speed Internet sufficient for participating in a video conference/webinar and connecting to the online labs.
  • A modern x64 computer running Windows 10 with at least 8 GB of RAM – Students will need to run PowerShell scripts locally to deploy virtual infrastructure in their Azure environment. Students will also need sufficient hardware to run virtual machines on their own computer.
  • Full Administrator access to their computer
  • A credit card – Students will be signing up for cloud service accounts such as Microsoft Azure and AWS. These services may require a credit card for signing up. Some services may have a free period.
  • A mobile phone – Students may need to receive SMS messages to complete signups for cloud service accounts. Students may also require a mobile phone for multi-factor authentication during the labs.

What Students Will Be Provided With

  • A PDF copy of all slides
  • Links to all the material and tools needed
  • Instructions for completing each lab

About Our On-Demand Courses…

This Antisyphon Training Course is available On-Demand.

Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Many courses are offered with lifetime access to the course and content updates. On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of completion, and complimentary access to the Antisyphon Cyber Range*.

* Cyber Range access and other course features may vary from course to course. See the specific details for each course on its registration page.

QW50aXN5cGhvbiBPbi1EZW1hbmQ=


Trainer & Author

Steve Borosh

Steve Borosh is a proud U.S. Army Infantry veteran and security consultant at Black Hills Information Security. Steve has extensive experience as a penetration tester, red team operator, and instructor since 2014. Steve has instructed courses on penetration testing and red teaming for the public, private, and federal law enforcement sectors. Steve also has experience teaching and speaking at conferences such as Blackhat, various BSides events, Gartner, and others. Steve maintains a blog and GitHub repository to share knowledge and open-source offensive tools with the community. Steve earned a B.S. in Computer and Information Science from ECPI University.