Adaptive Penetration Testing

Veris Group | August 2-3 & 4-5


On This Page


Overview

Practice and real world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. Participants will spend the majority of their time in a fully operational lab environment, overcoming the real-world obstacles they will face in today’s enterprise environments. Participants will also delve into the techniques, tools, and methodologies successful penetration testers use to provide comprehensive and efficient security assessments in a variety of target environments.

While tools don’t necessarily make or break the assessment, having the right tools for the job are often the difference maker for an effective penetration test. Veris Group has partnered with Strategic Cyber, LLC, to provide participants with a powerful testing suite, Cobalt Strike (http://www.advancedpentest.com/), which enables teams to collaboratively conduct penetration tests efficiently and effectively against variable target environments. Participants will use Cobalt Strike throughout the course to overcome advanced obstacles, practice modern attack techniques and learn how to use advanced tools to force-multiply penetration tests.

At the conclusion of the course, participants will be able to:debrabutt
• Use techniques necessary to perform thorough, operationally focused network penetration tests
• Apply practical skills following numerous exercises, including:
          •Identifying vulnerable hosts and services
          •Exploiting users and systems
          •Pivoting and conducting lateral movement through an IT infrastructure
• Use tools and testing frameworks to efficiently assess traditional networks and non-traditional targets
• Leverage effective soft-skills, assessment management techniques and document templates to facilitate better run assessments
• Reference an electronic PDF job aid, complete with navigation, during actual assessments
• Further practice utilizing a comprehensive tool-suite to enable effective and efficient assessments with a free 21-day trial version of Cobalt Strike


Who Should Take This Course

To get the most from this course, participants should have at least one to two years of technical information security experience and be familiar with common administrative tools in Windows and Linux.


What Students Should Bring

A custom version of the latest Kali Linux image will be provided to participants - all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:

• Wired network adapter
• 4GBs of RAM
• Ability to run a virtual machine (VMWare Player, Workstation, Fusion)


Trainers

Jason Frank is a penetration testing team lead at Veris Group, where he leads penetration efforts for multiple U.S. Government clients, including the Department of Homeland Security and the Department of Treasury, as well as multiple commercial customers. Jason specializes in leading penetration testing programs while developing and maturing penetration testing programs. In addition, Jason has several years of experience training participants in penetration testing methodologies, including at major industry conferences such as the Black Hat, and in creating network attack exercises that emulate IT infrastructure, common traffic, and network hosts. He has also developed and led multiple teams in classroom and conference Capture-the-Flag events, which challenged participants in areas such as technical knowledge expertise, logic exercises, and system defense techniques. Jason holds a Bachelor of Science in Information Science and Technology Jason is an Offensive Security Certified Professional, GIAC Certified Penetration Tester, and GIAC Certified Web Application Penetration Tester.http://www.linkedin.com/in/jasonjfrank

Matt Maley is a penetration testing team lead at Veris Group, where he leads penetration tests, technical security assessments and secure engineering efforts for several U.S. Government agencies and commercial clients. He specializes in conducting web application, cloud platform and mobile device penetration tests and in-depth technical vulnerability assessments. In addition Matt assists customers with the development of secure engineering guidance for emerging mobile technologies, remote access, and communications solutions. Matt holds Bachelor’s degree in Information Sciences and Technology with a minor in Security and Risk Analysis and is a GIAC Certified Web Application Penetration Tester (GWAPT).http://www.linkedin.com/in/mjmaley

Alex Norman is a penetration tester for Veris Group’s Adaptive threat division, and has over ten years of experience in the field of information security and system development. Alex performs assessment services for an array of commercial and government clients, and his expertise includes network, web application and cloud system penetration testing as well as security control assessment and vulnerability analysis. He actively participates in the public security community, volunteering on community projects (OWASP) and helping to manage security conferences, such as Security BSidesDC. Alex holds a Master of Science in Security Informatics and is an Offensive Security Certified Professional (OSCP).