Windows Post Exploitation w/ Kyle Avery

Instructor: Kyle Avery
Course Length: 16-Hours

Includes: 12 months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

So you popped a shell, now what?

Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. In addition, students will learn several modern techniques to minimize opportunities for detection.

This course goes beyond teaching popular tactics, techniques, and procedures. Instead, students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently.

A review of each post-ex capability will include discussion on the OPSEC implications and publicly documented detection recommendations. Open-source SIEM rules from Sigma and Elastic will be used as a starting point for avoiding alert generation. No technique is undetectable; the key is understanding an environment’s detection capabilities and choosing the best course of action.

KEY TAKEAWAYS

After taking this course, students will have:

• Insight into modern post-exploitation techniques for Windows environments
• An enhanced ability to make informed decisions to achieve objectives in a target environment
• The ability to create new tools that implement specific capabilities from larger projects

WHO SHOULD TAKE THIS COURSE

• Red teamers
• Penetration testers
• Anyone interested in the thought processes and techniques of adversaries

AUDIENCE SKILL LEVEL

Beginners will do well in this course if they are self-motivated and willing to ask questions.

Intermediate and experienced students may find that they were not familiar with some techniques or had not considered some OPSEC implications.

STUDENT REQUIREMENTS

Basic programming knowledge and an understanding of core security concepts are all students need in order to follow along with the course material. Students would benefit from penetration testing experience, but it is not required.

WHAT EACH STUDENT SHOULD BRING

• High-speed Internet connectivity
• A computer that can run a Windows 10 virtual machine—a minimum of 35 GB storage, 4 GB memory, and 2 vCPUs is recommended for the VM

WHAT STUDENTS WILL BE PROVIDED WITH

Students will receive a copy of the slides for the course and a script with instructions to create their own virtual machine.

TRAINER & AUTHOR

Kyle Avery has been tinkering with computers for his entire life. Growing up, he and his dad self-hosted game servers and ran their own websites. He formally studied system administration and compliance at university but spent his free time learning offensive security techniques. Kyle’s hobbies include Hack The Box, homelabbing, and catching the latest drama on infosec Twitter. In 2020 he got his dream job at BHIS, working alongside talented professionals to help companies better understand and secure their networks.

COURSE SCHEDULE