Adaptive Penetration Testing

Overview

How do you conduct a comprehensive and successful penetration test? What services, methodologies, timeframe and skillsets are necessary for effective execution? There are often no easy answers to these questions for testers whose job it is to provide quality services in constrained environments and must often justify the resources they need to execute successful engagements. The purpose of this course is to assist participants in adapting to these challenging environments by conducting penetration tests that are consistent, repeatable and measurable. While such assessments cannot be designed to cover every possible attack vector, their goal should be to assess the business purpose and likely intrusion points into the customer's network; provide customers with valuable insight into actual risks and business impacts of network intrusions; all while working under the real-world constraints of with limited resources, team members of unknown skillset and restricted engagement timeframes.

In this course, we're going to dive into how to use methodologies, techniques and tools to provide comprehensive assessments as efficiently as possible. The only way to learn how to effectively conduct penetration tests is to practice. As such, participants will spend the majority of the course in practical lab scenarios, overcoming the real obstacles faced in today's enterprise environments and learning to get the most power out of the tools available. While tools don't make the tester, having the right tools for the job can often make or break the assessment. To illustrate the power of this point, we have partnered with Strategic Cyber, LLC, founded by Raphael Mudge (the creator of Armitage) to provide participants with their new advanced penetration testing suite, Cobalt Strike (http://www.advancedpentest.com/). Cobalt Strike is all about enabling teams to conduct penetration tests as efficiently and effectively as possible and participants will be using it throughout the course to overcome advanced obstacles and emulate modern attacks. In addition, participant will be provided a 30-day license to evaluate Cobalt Strike out in their environments.

This course is fast paced with numerous challenging labs, tools, technologies and methodologies. Much like in real environments, participants will be pressed for time and must overcome the obstacles that can make every-day testing difficult. Just as testers must do in real world engagements, participants will have to rely on their skills, intuition and tools to succeed. Most importantly, this course is designed for participants to walk away with the ability to actually conduct thorough, operationally focused network penetration tests.

Who should attend

Participants should have previous penetration testing training or experience with the ability to conduct common penetration testing activities. This includes conducting information gathering, network enumeration, launching exploits, conducting privilege escalation, post-exploitation information gathering and network foothold activities.

What to bring

• Laptop with 2 GBs of RAM (4 GB preferred) capable of:
  • Booting off of a USB drive or,
  • Running a VM in VMWare Player or other VMWare product
• If students would like to run their own environments, the following tools are recommended:
  • Exploitation framework
  • Network mapping tool
  • Packet capture tool
  • Windows system administrative/manipulation tools
  • Password cracker

Course Syllabus

Day 1
• Pre-Assessment Activities
• Open Source Intelligence Gathering
• External Network Footprinting
• DNS & Mail Server Enumeration
• Network Protocols Review
• Network Traffic Analysis
Day 2
• Assessment Methodologies
• Network Enumeration
• Voice-over IP Assessment
• Vulnerability Identification
• Network Level Attacks
• Windows Server-Side Exploitation
Day 3
• Information Management Strategies
• WLAN Assessment
• Windows Client-Side Exploitation
• Windows Post-Exploitation
• Unix Exploitation
• Windows Post-Exploitation
• Unix Post-Exploitation
Day 4
• Post-Assessment Activities
• Capstone Exercise

Trainers

David McGuire is a Senior Security Engineer with Veris Group, LLC where he leads penetration testing and vulnerability assessment efforts for commercial clients and major Federal agencies, including the Department of Justice (DOJ) and the Department of Homeland Security (DHS). He specializes in penetration testing methodologies, tools and techniques and wireless & mobile device security. David has extensive experience in conducting large scale, highly specialized and technically difficult network vulnerability assessments, penetration tests and adversarial (red team) network operations. In addition, he has considerable experience in training participants from various disciplines in computer security, adversarial network operations and penetration testing methodologies, including at major industry conferences such as the Black Hat. Previously, David was the senior technical lead at a large Department of Defense (DoD) Red Team, providing mission planning and direction through numerous large scale operations. David has a Bachelor's Degree in Computer Information Technology and is a CREST Certified Infrastructure Tester, GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT) and Offensive Security Certified Professional (OSCP).

Jason Frank is a Security Engineer with Veris Group, LLC where he supports Federal agencies, including the Department of Homeland Security (DHS) and the Department of Treasury, and commercial clients developing technical security assessment programs and leading penetration tests and vulnerability assessments. His technical specialties include network penetration testing activities, web application assessments and incident response. Previously, Jason developed and deployed technical training courses and exercises for enterprise commercial and government clients. He also has developed and led multiple teams in classroom and conference Capture-the-Flag events, which challenged participants in areas such as technical knowledge expertise, logic exercises and system defense techniques. Jason holds a Bachelor of Science in Information Science and Technology from the Pennsylvania State University. In addition, Jason is a GIAC Certified Penetration Tester (GPEN) and web application penetration tester (GWAPT).

Christopher Truncer is a Security Engineer at Veris Group, LLC, where he performs a variety of vulnerability assessments and penetration tests for Federal and commercial customers. His specialties include wireless network assessments, technical vulnerability assessments, and penetration testing. Christopher specializes in develops focused training for specific aspects of security assessments, including auditing wireless networks and exploiting flaws in network services to gain access to the host. Additionally, Christopher specializes in developing custom lab environments for training on real world penetration testing scenarios. Christopher has both designed and participated in various security conference Capture the Flag events. Christopher has a Bachelor's degree in Information Technology from Florida State University and is an Offensive Security Wireless Professional (OSWP) Certified Ethical Hacker (CEH), and Associate of ISC2.