On This Page

Adaptive Penetration Testing

Coalfire | December 3 - 4



Overview

Practice and real-world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. The majority of this course is spent in a fully operational lab environment, overcoming the real-world obstacles faced in today's enterprise networks. We will cover tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of enterprise environments. Methods presented are based on TTPs constantly being refined by our penetration testers' operational experience.
Utilizing the right tool for the job is often the difference maker for an effective penetration test. We will walk you through various commercial and open-source tools for identifying attack vectors and infiltrating enterprise environments. We will cover both network and web testing tools and frameworks. These tools will enable you to collaboratively conduct penetration tests efficiently and effectively against variable target environments. You will also overcome obstacles, practice modern attack techniques and learn how to use advanced tactics to force-multiply your penetration tests. Our courses are updated yearly with current operational methodologies, techniques and toolsets.
The following topics will be covered in this course:
Day 1:
Effective Assessment Management
External Network Footprinting
Network Enumeration
Vulnerability Identification
Gaining Access Through Network Exploitation
Password Cracking

Day 2:
Network Attacks
Gaining Situational Awareness
Escalation of Access
Internal Lateral Movement
Impact Demonstration

Who Should Take this Course

Participants with a working familiarity with Kali or Debian Linux as well as the Windows and Linux command line, who are interested in learning core tradecraft.

Student Requirements

To get the most from this course, participants should have at least one to two years of technical information security experience and be familiar with common administrative tools in Windows and Linux.

What Students Should Bring

Students will be provided with a custom version of the latest Kali Linux image to perform exercises. They will need their own laptop (with administrative access), with a wired network adapter, 8GB of RAM and the ability to run a virtual machine (VMWare Player, Workstation, Fusion) and an insatiable appetite for learning.

What Students Will Be Provided With

A custom version of the latest Kali Linux image

Trainers

Dan McInerney is a senior penetration tester and security researcher with Coalfire who has performed hundreds of tests, often in high security environments. He runs a top 100 Python Github account with dozens of original security tools, including IceBreaker, and has been featured on PaulDotCom's Security Weekly podcast in a technical segment on automating penetration testing tasks with Python. He was also named one of the "35 Awesome InfoSec Influencers You Need to Follow." Dan possesses a love of the cutting edge and is currently researching the use of machine learning for vulnerability hunting.

Qasim "Q" Ijaz is Director, Labs at Coalfire Systems who specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with focus on networks and web applications testing. His areas of interest include healthcare security, cybersecurity policy, Windows penetration testing, Python, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after hours. He has delivered trainings at conferences as well as in college classrooms.

Brad Woodward is a Director at Coalfire Labs with a focus in Cloud Security Architecture, and is the Coalfire Labs subject matter expert for AWS. With his extensive history and technical prowess on the blue team prior to Coalfire, Brad has presented at multiple conventions and events, driving executive leadership to comprehend the business risks associated with cybersecurity. His client work has taken him from mom & pop manufacturing facilities to 10,000+ employee healthcare institutions, from small municipalities to each of the big three public cloud providers.

Logan Evans (@sweetrollbandit) is a penetration tester and security consultant for Coalfire Labs. At Coalfire, Logan focuses on testing enterprise environments, web applications, and APIs. Before joining Coalfire, Logan worked in Systems Administration and Information Security for Dell Inc. and Sonic Corp. Logan holds his certification, along with a degree in Networking and Information Security.