Practice and application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive penetration testing course that will provide practical experience and a solid framework for conducting in-depth security assessments. In this engaging course, participants will spend the majority of their time in practical lab scenarios, overcoming the real-world obstacles they will face in today’s enterprise environments. Participants will also delve into the techniques, tools, and methodologies successful penetration testers use to provide comprehensive and efficient security assessments in a variety of target environments.
While tools don’t make the tester, having the right tools for the job can often make or break the assessment. Veris Group has partnered with Strategic Cyber, LLC, founded by Raphael Mudge (the creator of Armitage), to provide participants with a powerful toolkit, the new advanced penetration testing suite Cobalt Strike (http://www.advancedpentest.com/). Cobalt Strike enables teams to conduct penetration tests efficiently and effectively against variable target environments. Participants will use Cobalt Strike throughout the course to overcome advanced obstacles and practice modern attack techniques and are invited to continue working with the toolkit after the conclusion of the course.
At the conclusion of the course, participants will be able to:
In this course, we focus on the real world techniques we use when conducting assessments and building programs in often constrained environments. We focus on training how to make assessments efficient to maximize resources and results.
Participants should have at least two years of technical information security experience and be familiar with common versions of Windows and Linux.
Students will need to bring their own laptop with:
A custom version of the latest Kali Linux image will be provided to students – all exercises will be able to be performed from this virtual machine. PDF Version of Slide Deck, Course Lab Write-ups.
David McGuire is a Manager of Penetration Testing at Veris Group, LLC where he leads penetration testing and vulnerability assessment efforts for commercial clients and major Federal agencies, including the Department of Justice (DOJ) and the Department of Homeland Security (DHS). He specializes in penetration testing methodologies, tools and techniques and wireless & mobile device security. David has extensive experience in conducting large scale, highly specialized and technically difficult network vulnerability assessments, penetration tests and adversarial (red team) network operations. In addition, he has considerable experience in training participants from various disciplines in computer security, adversarial network operations and penetration testing methodologies, including at major industry conferences such as the Black Hat. Previously, David was the senior technical lead at a large Department of Defense (DoD) Red Team, providing mission planning and direction through numerous large scale operations. David has a Bachelor's Degree in Computer Information Technology and is a CREST Certified Infrastructure Tester, GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT) and Offensive Security Certified Professional (OSCP).
Matthew Maley is a Security Engineer at Veris Group, LLC where he leads technical security assessments and assists with secure engineering for various Federal Agencies and commercial clients. He specializes in web application and mobile device penetration testing and vulnerability assessment, as well as assisting customers with the development of secure implementation guidance for emerging mobile technologies, remote access, and communications solutions. Matt also performs security assessments (vulnerability assessments and penetration testing) of cloud environments in support of Federal Risk and Authorization Management Program (FedRAMP) certification efforts. Matt holds a Bachelor’s degree in Information Sciences and Technology and a minor in Security and Risk Analysis from Pennsylvania State University. In addition, Matt is a GIAC Certified Web Application Penetration Tester (GWAPT).