Instructor: Kyle Avery
Course Length: 16-Hours
Includes: 12 months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

So you popped a shell, now what?
Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. In addition, students will learn several modern techniques to minimize opportunities for detection.
This course goes beyond teaching popular tactics, techniques, and procedures. Instead, students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently.
A review of each post-ex capability will include discussion on the OPSEC implications and publicly documented detection recommendations. Open-source SIEM rules from Sigma and Elastic will be used as a starting point for avoiding alert generation. No technique is undetectable; the key is understanding an environment’s detection capabilities and choosing the best course of action.
KEY TAKEAWAYS
After taking this course, students will have:
- Insight into modern post-exploitation techniques for Windows environments
- An enhanced ability to make informed decisions to achieve objectives in a target environment
- The ability to create new tools that implement specific capabilities from larger projects
WHO SHOULD TAKE THIS COURSE
- Red teamers
- Penetration testers
- Anyone interested in the thought processes and techniques of adversaries
AUDIENCE SKILL LEVEL
Beginners will do well in this course if they are self-motivated and willing to ask questions.
Intermediate and experienced students may find that they were not familiar with some techniques or had not considered some OPSEC implications.
STUDENT REQUIREMENTS
Basic programming knowledge and an understanding of core security concepts are all students need in order to follow along with the course material. Students would benefit from penetration testing experience, but it is not required.
WHAT EACH STUDENT SHOULD BRING
- High-speed Internet connectivity
- A computer that can run a Windows 10 virtual machine—a minimum of 35 GB storage, 4 GB memory, and 2 vCPUs is recommended for the VM
WHAT STUDENTS WILL BE PROVIDED WITH
Students will receive a copy of the slides for the course and a script with instructions to create their own virtual machine.
TRAINER & AUTHOR

Kyle Avery has been tinkering with computers for his entire life. Growing up, he and his dad self-hosted game servers and ran their own websites. He formally studied system administration and compliance at university but spent his free time learning offensive security techniques. Kyle’s hobbies include Hack The Box, homelabbing, and catching the latest drama on infosec Twitter. In 2020 he got his dream job at BHIS, working alongside talented professionals to help companies better understand and secure their networks.
COURSE SCHEDULE
There are no sessions of this course currently on our schedule.
Please keep an eye on the Upcoming Training page for updates, or Contact Us for a private training session.