Intro to Penetration Testing of Non-Western IT Infrastructures

This course and associated labs will cover a range of technologies, languages, software, and services that a penetration tester may encounter while engaging various theoretical non-western organizations and the different challenges each may bring.

Course Length: 16 Hours

Includes a Certificate of Completion

Enroll Now

BSides Prauge - Link at bottom.

Description

Most offensive-related cybersecurity courses today are tailored to focus on western Information Technology systems. Primarily, English-based software and systems running on-premise or hosted in cloud infrastructure, owned by western-based companies, residing within US or EU borders. This course has been designed for those charged with helping to secure non-western IT systems by way of penetration testing. This course and associated labs will cover a range of technologies, languages, software, and services that a penetration tester may encounter while engaging various theoretical non-western organizations and the different challenges each may bring. Most importantly, this course will provide you with the necessary mindset and flexible TTP’s to efficiently and effectively assess the security of any non-western IT infrastructure.

Syllabus

Introduction
1. Roll call
Workshop Overview
1. Rules
2. Labs
  1. Range overview
  2. How to access the range
  3. Lab journey: Compromise Chinese and Russian partner business networks and exfil sensitive data
Operational Setup
1. Operator station overview
  1. Operator environment
  2. Operator tools
2. OPSEC considerations
  1. Hostnames and usernames
  2. Tooling OPSEC
  3. OPSEC-safe LLM usage
  4. Networking/Traffic obfuscation
3. Infrastructure and C2
  1. Infrastructure theory
  2. Picking the right C2 for the job
  3. Infrastructure builds and scenarios
Infrastructure OSNIT and Recon Activities
1. Overview
  1. Reviewing non-western threat reports for usable TTPs and environment clues
  2. Looking out to see in: Why extensive OSINT and Recon improves post-exploitation success
2. AI Workflows and Automation
  1. Setting up [n8n.io](http://n8n.io) for OSINT orchestration
  2. Leveraging LLMs to parse or manipulate datasets
  3. Automating data correlation and analysis
3. Non-Western Social Media Intelligence
  1. Analyzing VK and other media platforms
  2. Correlating users with organizational roles
  3. Identifying security weaknesses through social engineering vectors
  4. Creating actionable targeting scenarios
4. Scanning by Third-Party
  1. Shodan
  2. ZoomEye
  3. Fofa
  4. Ingress path identification
5. External Services Enumeration
  1. Network mapping and services discovery
  2. Subdomain enumeration
  3. Certificate analysis and transparency search
  4. Identifying and targeting users
Language and Translation Techniques
1. Translating websites and documents
2. OCR for Russian and Chinese RDP screens to extract non-Latin usernames
Initial Access and Persistence
1. Unique initial access methods for non-western systems
2. Firewall “Bending” for stealthy access
3. Establishing secure re-entry points
4. Persistence techniques
  1. High up-time targets
  2. Windows-specific persistence
  3. Linux-specific persistence
  4. Edge device persistence
Post-Exploitation
1. Helpful tradecraft tips
2. SOCKS proxies
3. Host Triage
  1. Local enumeration techniques
  2. Local privilege escalation evaluations
  3. Targeting browser credentials
4. Network Triage
  1. Internal network recon over C2 techniques
  2. Identifying soft targets for lateral movement
  3. Camera and CCTV enumeration
Credential Harvesting
1. Non-Active Directory password storage
2. Gathering password hashes
3. Cracking non-Latin passwords
Lateral Movement Techniques
1. Lateral movement in and out of Active Directory environments
2. Nuances in non-western environments
3. Protocols and methods
  1. Protocol selection
  2. Methods and tooling
  3. Authentication considerations
  4. Database access for lateral movement
  5. Riding SSH tunnels
Data Exfiltration
1. Hunting for sensitive information
2. Exfiltration methods and techniques
3. Extracting data to demonstrate impact
Closing Discussions

FAQ

Audience Skill Level

The course is an **intermediate to advanced** level course designed to introduce new topics and techniques to both those new to offensive security and professionals alike. The course is structured to walk students through the different phases of an attack against multiple non-western enterprises while overcoming the challenges that these networks bring to ensure success for the operation.

Student Expectations

Familiar with operating from a terminal interface or command line.
Familiar with using Linux and Windows environments.
Familiar with using a virtual machine environment.
A strong desire to learn exciting and unique offensive TTPs.
Students who may not have penetration testing experience may sit, absorb, and learn at their own pace as the labs and content are available to them after.

Prerequisites

Laptop capable of running a Linux/Kali Virtual Machine.

Labs

Students will learn from course materials, lectures, discussions, and hands-on labs that will be hosted with Antisyphon Training for continued use after the course ends. The labs are designed to take students on a journey through simulated Chinese and Russian partner business networks. Students will learn to perform unique OSINT leveraging visual AI workflows with [n8n.io](http://n8n.io) to orchestrate tasks and LLMs as a force-multiplication tool, enhancing the operator’s ability to parse through mounds of data, identify ingress points, correlate security weaknesses with users and their roles in the target organization by scraping VK and other .ru media, and utilize it all to rapidly create and prioritize actionable targeting scenarios. Students will operate against both Chinese and Russian-language simulated environments, demonstrating flexibility as technologies and languages may differ at various points in the labs. Students will learn how to translate websites, documents, quickly research “new to us” technologies, use OCR against Russian and Chinese RDP screens to extract non-Latin usernames, and more into actionable intelligence. Students will learn and practice the art of gaining initial access in unique ways while ensuring they can re-enter the system securely and persistently. Students will utilize a combination of OSINT information and network reconnaissance TTPs to quietly enumerate and jump laterally across network segments to their next targets. Students will learn how non-Active Directory systems store passwords, gather, and crack non-Latin password hashes to aid the attack deeper into the LAB network. Finally, students will hunt for and extract sensitive information from the network showing impact to the operation.

About the Instructor

Steve Borosh

Bio

Steve Borosh is a proud U.S. Army Infantry veteran and security consultant at Black Hills Information Security. Steve has extensive experience as a penetration tester, red team operator, and instructor since 2014. Steve has instructed courses on penetration testing and red teaming for the public, private, and federal law enforcement sectors. Steve also has experience teaching and speaking at conferences such as Blackhat, various BSides events, Gartner, and others. Steve maintains a blog and GitHub repository to share knowledge and open-source offensive tools with the community. Steve earned a B.S. in Computer and Information Science from ECPI University.

BSides Prauge - Link at bottom.

Description

Syllabus

FAQ

About the Instructor

Bio

Related products

Attacking and Defending AI

Professionally Evil ICS & OT Fundamentals

Workshop: Hacking AI-LLM Applications

Active Directory Security and Hardening