On This Page

Tactical Exploitation

Attack Research | March 25-26



Overview

Penetration testing often focuses on individual vulnerabilities and services, but the quickest ways to exploit are often hands on and brute force. This two-day course introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits. The class alternates between lectures and hands-on testing, providing attendees with an opportunity to try the techniques discussed.

In the first half of the course, attendees will come to a new understanding of how to use the Metasploit Framework and how to harness this new found understanding. The class will then move into unique less known tactics for taking down windows domains regardless of how old or new they are. This section of the class is based heavily upon post exploitation techniques perfected by Attack Research. Students will walk away being able to compromise any windows host regardless if it is the newest OS or not.

In the second half of the course, the focus will shift from compromising Windows based networks to a true production level Windows/Unix enterprise environment. Students will receive in-depth exploitation techniques for becoming root in any Unix environment. Attendees will learn how to compromise common operating systems, and once in, how to gain access to the rest of the network.

This course is well-suited to penetration testers of any skill level and all security professionals who have a basic grasp of networking and software exploits. This course differs from a typical ethical hacking program in that the focus is on techniques that are not affected by patch levels. A portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult penetration test.

Students will test all of the skills they have gained in the course against a virtual network specially designed for the class. The labs will be interwoven into the lecture so that students will receive a significant amount of time practically exercising these new skills as they learn. By the end of the class, students will have spent 50% of the time in a lab environment.

Course Syllabus 2 Day Version:

Tactical Exploitation Module 1
Introduction Tactical Exploitation Module 2
Post Exploitation Phases Tactical Exploitation Module 3
Assured root! Tactical Exploitation Module 4
Lateral Movement for Windows Domain Takeovers Tactical Exploitation Module 5
UnixDomain Takedown Tactical Exploitation Module 6
NFS Insecurities Tactical Exploitation Module 7
How Kerberos Kills

Who Should Take This Course

IT professionals interested in offensive and defensive techniques and tools for securing environments. Security professionals engaged in pentesting, redteaming or other offensive security testing. Security professionals engaged in incident response, computer forensics or other defensive security work.


Student Requirements

Student laptops must be running either OSX, Linux, or Windows and they must have the ability to disable all antivirus on the machine, or remove it. Students must have administrative access on their machine for sniffing traffic, adjusting firewalls, etc.


What Students Should Bring


What Students Will Be Provided With

Students will walk away from the class with full documentation and the entire custom and noncustom tools that we have given them or they have designed in class. In our previous Black Hat Las Vegas, AR released a number of Windows 7 post exploitation tools that no one has ever seen or heard of and they were made available only to the class. Students walk away from AR training sessions with more than just the “usual” training materials but a wealth of knowledge for both attacking and defending networks.


Trainers

Russ Gideon (rgideon@attackresearch.com) has many years of experience in information security fulfilling many diverse roles from being a core component of an Incident Response operation to running effective Red Teams from across the United States government. Russ excels both at malware reverse engineering, which enables him to deeply understand how the attackers do what they do, as well as at high end Red Teaming where he has to penetrate sophisticated and well protected high value systems. Russ currently serves as the Director of Malware Research and Training at Attack Research.

Val Smith (valsmith@attackresearch.com) has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Val founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Val founded Offensive Computing, a public, open source malware research project.

Colin Ames (amesc@attackresearch.com) is a security researcher with Attack Research LLC where he consults for both the private and public sectors. He's currently focused on Pentesting, Exploit Development, Reverse Engineering, and Malware Analysis.

Dave Kerb (dkerb@attackresearch.com) David has worked in the computer security arena for the past ten years. He has specialized in reverse engineering, malware research, and penetration testing. During the past ten years he has worked with various places including Offensive Computing, a Malware Research Company. He is currently conducting research at Attack Research, which is set up to help understand the internals of attacks. Dave has focused on *nix systems and enjoys figuring out how to abuse various trust relations between *nix systems.