Tactical Exploitation

Attack Research july 23-24


Ends February 1


Ends June 1


Ends July 20


July 21-24


Penetration testing often focuses on individual vulnerabilities and services, but the quickest ways to exploit are often hands on and brute force. This two-day course introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits. The class alternates between lectures and hands-on testing, providing attendees with an opportunity to try the techniques discussed. A virtual target network will be provided, along with all of the software needed to participate in the labs.

In the first half of the course, attendees will investigate a wide variety of information gathering and footprinting techniques, many of which are critical to a successful penetration test. The Metasploit Framework will be used as a development platform for building custom discovery tools.

In the second half of the course, the focus will shift from information discovery to information exploitation. Attendees will learn how to compromise common operating systems, and once in, how to gain access to the rest of the network.

This course is well-suited to penetration testers of any skill level and all security professionals who have a basic grasp of networking and software exploits. This course differs from a typical ethical hacking program in that the focus is on techniques that are not affected by patch levels. A portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult penetration test.

What to bring



Attack Research was founded by Valsmith in the winter of 2008 after his decision to move on from his previous malware research company. There were two purposes in mind when Attack Research was formed:

In addition to these fundamental drivers of our organization, Attack Research also provides a publishing vehicle for community members. Papers, presentations, and tools related to computer security and attack methodologies may be distributed under the Attack Research umbrella.