Adaptive Penetration Testing (Intensive Edition)

Overview

How do you conduct a comprehensive and successful penetration test? What services, methodologies, timeframe and skillsets are necessary for effective execution? There are often no easy answers to these questions for testers whose job it is to provide quality services in constrained environments and must often justify the resources they need to execute successful engagements. The purpose of this course is to assist participants in adapting to these challenging environments by conducting penetration tests that are consistent, repeatable and measurable. While such assessments cannot be designed to cover every possible attack vector, their goal should be to assess the business purpose and likely intrusion points into the customer’s network; provide customers with valuable insight into actual risks and business impacts of network intrusions; all while working under the real-world constraints of with limited resources, team members of unknown skillset and restricted engagement timeframes.

In this course, we’re going to dive into how to use methodologies, techniques and tools to provide comprehensive assessments as efficiently as possible. The only way to learn how to effectively conduct penetration tests is to practice. As such, participants will spend the majority of the course in practical lab scenarios, overcoming the real obstacles faced in today’s enterprise environments and learning to get the most power out of the tools available. This course is designed with the same format as the standard four-day course with a more intensive schedule. Just as in the four-day course, participants will be challenged with numerous practical labs, tools, technologies and methodologies. It is for participants who want to learn how to conduct thorough, operationally focused network penetration tests in an intensive two-day format and are ready for a challenging course.

Who should attend

Participants should have previous penetration testing training or experience with the ability to conduct common penetration testing activities. This includes conducting information gathering, network enumeration, launching exploits, conducting privilege escalation, post-exploitation information gathering and network foothold activities.

What to bring

Students will be provided with a customized Virtual Machine or bootable USB image. Students will need to bring their own laptop with:

• Laptop with 2 GBs of RAM (4 GB preferred)
• Wired network connection
• Ability to boot off of a USB drive or,
• Run a VM in VMWare Player or other VMWare product

Course Syllabus

Day 1
• Assessment Soft Skills
• Open Source Intelligence Gathering
• External Network Footprinting
• DNS & Mail Server Enumeration
• Network Technologies
• Network Enumeration
• Network Traffic Analysis
Day 2
• Assessment Management
• Vulnerability Identification
• Network Level Attacks
• Windows Server-Side Exploitation
• Windows Client-Side Exploitation
• Unix Exploitation
• Post-Exploitation

Trainers

David McGuire is the Vulnerability Assessment and Penetration Testing (VAPT) Lead with Veris Group, LLC where he runs VAPT efforts for commercial clients and major Federal agencies, including the Department of Justice (DOJ) and the Department of Homeland Security (DHS). He specializes in penetration testing methodologies, tools and techniques and wireless & mobile device security. David has extensive experience in conducting large scale, highly specialized and technically difficult network vulnerability assessments, penetration tests and adversarial (red team) network operations. In addition, he has considerable experience in training participants from various disciplines in computer security, adversarial network operations and penetration testing methodologies, including at major industry conferences such as the Black Hat. Previously, David was the senior technical lead at a large Department of Defense (DoD) Red Team, providing mission planning and direction through numerous large scale operations. David has a Bachelor's Degree in Computer Information Technology and is a CREST Certified Infrastructure Tester, GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT) and Offensive Security Certified Professional (OSCP).

Christopher Truncer is a Security Tester at Veris Group, LLC, where he performs a variety of vulnerability assessments and penetration tests for Federal and commercial customers. His specialties include wireless network assessments, technical vulnerability assessments, and penetration testing. Christopher specializes in develops focused training for specific aspects of security assessments, including auditing wireless networks and exploiting flaws in network services to gain access to the host. Additionally, Christopher specializes in developing custom lab environments for training on real world penetration testing scenarios. Christopher has both designed and participated in various security conference Capture the Flag events. Christopher has a Bachelor's degree in Information Technology from Florida State University and is a GIAC Certified Web Application Penetration Tester (GWAPT), Offensive Security Wireless Professional (OSWP) and Certified Ethical Hacker (CEH).