On This Page

Adaptive Penetration Testing

Veris Group | March 24-25


Practice and real world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. You will spend the majority of your time in a fully operational lab environment, overcoming the real-world obstacles you will face in today's enterprise environments. We will cover tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of target environments. Methods presented are based on TTPs consistently being refined by our penetration testers' operational experience.

While toolsets don't necessarily make or break an assessment, utilizing the right tools for the job is often the difference maker for an effective penetration test. We will walk you through various commercial and open-source tools for identifying attack vectors and infiltrating a simulated enterprise environment. We will cover both network and web testing tools and frameworks such as Cobalt Strike, Metasploit, Nessus, Nmap, OWASP-ZAP, SQLMap, and a host of various tools that have been developed by Veris Group testers, including the Veil Framework, PowerUp and EyeWitness. These tools will enable you to collaboratively conduct penetration tests efficiently and effectively against variable target environments. You will also overcome obstacles, practice modern attack techniques and learn how to use advanced tactics to force-multiply penetration tests.

At the conclusion of the course, participants will be able to:
  • Use techniques necessary to perform thorough, operationally focused network penetration tests
  • Apply practical skills following numerous exercises, including:
    -Identifying vulnerable hosts and services
    -Exploiting users and systems
    -Pivoting and conducting lateral movement through an IT infrastructure
  • Use commercial / open-source toolsets and frameworks to efficiently assess traditional networks and non-traditional targets
  • Leverage effective soft-skills, assessment management techniques and document templates to facilitate better run assessments
  • Reference an electronic PDF job aid, complete with navigation, during actual assessments

Who Should Take this Course

To get the most from this course, participants should have at least one to two years of technical information security experience and be familiar with common administrative tools in Windows and Linux.

What Students Should Bring

A custom version of the latest Kali Linux image will be provided to participants -- all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:
  • Wired network adapter
  • 4GBs of RAM
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion)


David McGuire is the Director of Veris Group's Adaptive Threat Division, where he leads penetration testing and Red Team efforts for Fortune 500 commercial clients and major U.S. Government agencies. David has extensive experience in conducting large scale, highly specialized adversarial network operations. In addition, he has spent several years training participants from various disciplines in red team operations and penetration testing methodologies, including at major industry conferences such as the Black Hat. In his previous life, David was the senior technical lead the National Security Agency Red Team, providing mission planning and direction through numerous large scale operations. He has a Bachelor's Degree in Computer Information Technology and is a CREST Certified Infrastructure Tester, GIAC Certified Penetration Tester, GIAC Certified Web Application Penetration Tester and an Offensive Security Certified Professional.