On This Page

Adaptive Penetration Testing

Veris Group's Adaptive Threat Division | March 28 - 29



Overview

Practice and real world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. The majority of this course is spent in a fully operational lab environment, overcoming the real-world obstacles faced in today's enterprise networks. We will cover tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of enterprise environments. Methods presented are based on TTPs constantly being refined by our penetration testers' operational experience.

Utilizing the right tool for the job is often the difference maker for an effective penetration test. We will walk you through various commercial and open-source tools for identifying attack vectors and infiltrating enterprise environments. We will cover both network and web testing tools and frameworks including Cobalt Strike, Metasploit, Nessus and a host of various tools developed by Veris Group's Adaptive Threat Division (including Empire, PowerSploit, PowerView and PowerUp). These tools will enable you to collaboratively conduct penetration tests efficiently and effectively against variable target environments. You will also overcome obstacles, practice modern attack techniques and learn how to use advanced tactics to force-multiply your penetration tests.

The following topics will be covered in this course:

Day 1:
  • Effective Assessment Management
  • External Network Footprinting
  • Network Enumeration
  • Vulnerability Identification
  • Gaining Access Through Network Exploitation
  • Password Cracking

Day 2:
  • Gaining Access Through Social Engineering
  • Internal Network Attacks
  • Gaining Situational Internal Awareness
  • Escalation of Access
  • Internal Lateral Movement
  • Impact Demonstration

Who Should Take this Course

To get the most from this course, participants should have at least one to two years of technical information security experience and be familiar with common administrative tools in Windows and Linux.

Student Requirements

Please see "Who Should Take This Course" section

What Students Should Bring

A custom version of the latest Kali Linux image will be provided to participants all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:

  • Wired network adapter
  • 4GBs of RAM
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion)

What Students Will Be Provided With

Students will receive all course materials and lab manuals in electronic PDFs

Trainers

Steven Borosh is a penetration tester for Veris Group's Adaptive Threat Division, with several years' experience in physical and network security. Steve performs numerous penetration tests for our commercial and government clients, and his expertise includes network, web application and cloud system penetration testing. With his experience, Steve has developed many of the tools and techniques used by the Veris Group's ATD and other industry professionals including Egress-Assess. In addition, Steve participates in several public bug bounty programs, identifying security flaws in a large array of widely adopted applications. He actively participates in the information security community as an avid blogger and contributes to several open source tools.

Rohan Vazarkar is a penetration tester and developer for Veris Group's Adaptive Threat Division, who performs numerous penetration tests for our commercial and government clients. Rohan specializes in researching Microsoft security bulletins and releases tactics for leveraging security weaknesses in Windows based platforms. He published a tool and blog post that took advantage of MS14-068, a privilege escalation tactic used in Windows Active Directory network environments. In addition, Rohan is also a co-author of BloodHound, a tool designed to reveal the hidden and unintended permission relationships in Active Directory domains.