On This Page

Adaptive Penetration Testing

Veris Group | August 1-2 & 3-4



Overview

Practice and real world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. The majority of this course is spent in a fully operational lab environment, overcoming the real-world obstacles faced in today enterprise networks. We will cover tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of enterprise environments. Methods presented are based on TTPs consistently being refined by our penetration testers' operational experience.

Knowing the right tool for the job and how to adapt around constraints is often the difference maker for an effective penetration test. We will walk you through various commercial and open-source tools for identifying attack vectors and infiltrating a simulated enterprise environment. We will cover both network and web testing tools and frameworks such as Cobalt Strike, Metasploit, Nessus, Nmap, OWASP-ZAP, SQLMap, and a host of various tools that have been developed by Veris Group testers (including the Veil-Framework, PowerUp and EyeWitness). These tools will enable you to collaboratively conduct penetration tests efficiently and effectively against variable target environments. You will also overcome obstacles, practice modern attack techniques and learn how to use advanced tactics to force-multiply your penetration tests.

At the conclusion of the course, participants will be able to:
  • Use techniques necessary to perform comprehensive, operationally focused network penetration tests
  • Effectively emulation modern attack vectors against customer systems
  • Apply practical skills following numerous exercises, including:
  • Identify vulnerable hosts and services
  • Exploit end users and host systems
  • Pivot and conduct lateral movement throughout an enterprise environment
  • Use commercial / open-source frameworks to efficiently assess traditional networks and non-traditional targets
  • Leverage effective soft-skills, assessment management techniques and document templates to facilitate better run assessments
  • Reference an electronic PDF job aid, complete with navigation, during actual assessments

Who Should Take this Course

To get the most from this course, participants should have at least one to two years of technical information security experience and be familiar with common administrative tools in Windows and Linux.

Student Requirements

Listed in who should take course

What Students Should Bring

A custom version of the latest Kali Linux image will be provided to participants -- all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:
  • Wired network adapter
  • 4GBs of RAM
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion)

What Students Will Be Provided With

  • An electronic copy of all course slides for reference
  • Kali Linux virtual image with a trial of Cobalt Strike and custom toolsets preloaded for use during and after the class

Trainers

Jason Frank is the Manager of Veris Group's Adaptive Threat Division, where he manages penetration testing efforts for various Government agencies, including the Department of Homeland Security, Department of Treasury and multiple Fortune 500 clients. Jason specializes in leading penetration testing programs while developing and maturing clientês internal assessment efforts. In addition, Jason has several years of experience training participants in testing methodologies, including at major industry conferences such as the Black Hat. He has a developed and led multiple disparate assessment penetration testing teams, both within Veris Group and for clients. Jason holds a Bachelor of Science in Information Science and Technology Jason is an Offensive Security Certified Professional, GIAC Certified Penetration Tester, and GIAC Certified Web Application Penetration Tester.

Matt Maley is a penetration testing lead with Veris Group's Adaptive Threat Division, where he leads penetration tests, technical security assessments and secure engineering efforts for several U.S. Government agencies and commercial clients. He specializes in conducting web application, cloud platform and mobile device penetration tests and in-depth technical vulnerability assessments. In addition Matt assists customers with the development of secure engineering guidance for emerging mobile technologies, remote access, and communications solutions. Matt holds Bachelorês degree in Information Sciences and Technology with a minor in Security and Risk Analysis, is an Offensive Security Certified Professional, and a GIAC Certified Web Application Penetration Tester (GWAPT).

Chris Truncer is a penetration testing lead with Veris Group's Adaptive Threat Division where he leads a variety of penetration tests and red team exercises for Federal and commercial customers. His specialties include penetration testing post-exploitation, specialized technical vulnerability assessments and developing focused training for specific aspects of security assessments. Chris is a developer of the Veil Framework, an open-source advanced penetration testing toolsuite. Additionally, Chris specializes in developing custom lab environments for training on real world penetration testing scenarios and he has designed various security conference Capture the Flag events. Chris has a Bachelor's degree in Information Technology and is an Offensive Security Certified Professional, GIAC Certified Web Application Penetration Tester and Offensive Security Wireless Professional.