Getting a foothold is the first step in a successful breach—be it in the form of user credentials, email access, or code execution on a target system. This course will provide students with the fundamental skills and know-how to perform the most common attacks used to get an initial foothold during a red team exercise.
Since Microsoft products and services are the most widespread platform in use by organizations, Office 365 and Microsoft Windows will be the primary targets of student exercises. Core concepts will also be discussed so that students can apply the lessons learned to other platforms in the future.
- Students will learn OPSEC considerations when performing each step from reconnaissance to initial foothold.
- Students will learn how to counter modern defenses that can interfere with each attack.
- Students will learn how to set up an environment for testing each attack before running it against targets.
- Students will get hands-on practice:
- Performing reconnaissance to support each attack.
- Setting up their own “botnet” with ProxyCannon to spread traffic across multiple source IP addresses.
- Executing password guessing attacks such as credential stuffing and password spraying.
- Phishing for credentials and sessions to bypass multi-factor authentication.
- Setting up and using Azure Information Protection (AIP) to deliver encrypted phishing emails.
- Creating “MalDocs”—Microsoft Office documents with embedded executable payloads.
- Delivering executable payloads during a phishing campaign.
WHO SHOULD TAKE THIS COURSE
- Aspiring red teamers
- Penetration testers
- Defenders / Blue teamers
- Information security students
- Anyone interested in learning fundamental attacks commonly used to get a foothold during red team exercises
AUDIENCE SKILL LEVEL
Basic familiarity with information security concepts is all that is required to follow along with the presentation and course material. Additional prerequisites required to complete all of the hands-on exercises (labs) are included in the “Student Requirements” and “What a Student Should Bring” sections below.
The following prerequisites are recommended for students to successfully complete all of the hands-on exercises (labs):
- Students should be comfortable operating from the command-line in Debian-based Linux distributions such as Kali Linux and Ubuntu.
- Students should be comfortable operating from the command-line and running PowerShell scripts in Windows.
- Students should be comfortable connecting to remote systems with tools such as Remote Desktop (RDP), SSH, and OpenVPN.
- Students should be comfortable installing and running Windows and Linux
- Virtual Machines on their local computer.
WHAT EACH STUDENT SHOULD BRING
Students will need to have all of the following resources to participate in all of the hands-on exercises (labs):
- High-speed Internet sufficient for participating in a video conference/webinar
- A modern x64 computer running Windows 10 with at least 8 GB of RAM – Students will need to run PowerShell scripts locally to deploy virtual infrastructure in their Azure environment. Students will also need sufficient hardware to run virtual machines on their own computer.
- Full Administrator access to their computer
- A credit card – Students will be signing up for cloud service accounts such as Microsoft Azure and AWS. These services require a credit card for signing up.
- A mobile phone – Students may need to receive SMS messages to complete signups for cloud service accounts. Students will also require a mobile phone for multi-factor authentication during the labs.
Learn via live stream from instructors that are in the field utilizing the techniques they teach. Classes are split into four training days that are each four hours long. Live Online training includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.
Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Most courses are offered with lifetime access to the course and content updates. All On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.
Live Online w/ On-Demand Bundle
This is the best of both worlds! Attend the live online class at its next scheduled interval and gain access to the online training modules in the Antisyphon On-demand training platform. Bundle also includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.
TRAINER & AUTHOR
After years of hacking “just for fun,” Michael Allen turned his hobby into a career and began penetration testing professionally in 2014. Since then, he has also spent time teaching courses a Black Hat USA and earned a multitude of infosec certifications, including the OSCE, MLSE, and CISSP, among others. He joined the BHIS team in 2019 where he is proud to work alongside some of the best and brightest infosec professionals in the world today.