Pentesting Enterprise Infrastructure - Journeyman Level
Overview
For the 2018 Edition of our Pentesting Enterprise Infrastructure, we've upped the game with new twists and turns during the lab exercises. Additional pivoting techniques and more pwnage sprinkled on top!
Minimal theory, just pwning, privilege escalation and exfiltration. Our Pentesting Enterprise Infrastructure course is as hands on as you'd expect from Blackhat, no videos or demos here.
This course looks at the methods and approaches we take when performing internal and external network penetration tests. At SensePost we have almost two decades of experience pwning 'all the things' and continue to contribute to the industry with cutting edge research and tools.
For our training, we have taken our experience from the field and brought it to you in a controlled lab environment. Your aim will be to think like a hacker, map your target, find weaknesses and fully exploit the trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of problem solving, strategies and the methodologies delivered by experienced hackers.
Do you think you can pwn us?
OVERVIEW
Day One:
A quick review of key concepts and technologies
Perform reconnaissance on the Internet & your own internal lab (not shared with anyone else)
Footprinting and fingerprinting like a boss
Targeting Operating Systems (Windows and Linux)
Targeting Databases/App Servers
Vulnerability discovery
Exploiting known vulnerabilities
Day Two:
You've found a way in, now what?
Post-Exploitation with Metasploit and Empire
Bypassing common security technologies: sneaky lateral movement
Pivoting and abusing trust relationships
Attacking Microsoft Active Directory
Privilege escalation techniques
Obtaining the crown jewels of an organization
Data exfiltration: the who's how's and why's
Who Should Take this Course
This course is ideal for those wanting to learn how hackers are gaining access to networks, penetration testers who are new to network penetration testing, and/or those who wish to brush up on effective ways to pwn companies from the net and internally.
Student Requirements
No hacking experience is required
Familiarity with networking basics
Basic understanding of Virtual Machines
Basic knowledge of Linux and Windows and their command lines
What Students Should Bring
Students should bring a laptop that can run a Kali VMware image and a user that has administrator rights. Please do not bring any devices that contain "Corporate" information.
What Students Will Be Provided With
We have developed a training portal that will be made available to all students before they attend Black Hat. This portal allows you to register an account and gain access to the slides used and any prerequisite information we feel would help you get the best out of this course. All content for the course, including tools required and instructions to configure your environment, will be made available via the training portal before you start, which means less time setting up and more time for learning.
Access to this portal will not stop once the course has finished, allowing you to continue learning in the weeks/months after Black Hat.
Trainers
SensePost has been training at Black Hat since 2001. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. From working penetration testers, responsible for numerous tools, talks and 0day releases. We have years of experience building environments tailored for learning, training is at the core of what we do.