On This Page

Tactical Exploitation: Attacking Windows

Attack Research, LLC | August 1-2


Tactical Exploitation: Attacking Windows is Attack Research's unique approach to compromising Windows environments without relying on traditional exploits. In this 2-day course students will become proficient in the skills necessary to compromise Windows environments using the same methods as real world attackers rather than compliance based penetration testing techniques. Skills to be covered include: host recon, network recon and credential hijacking as well as tricks for taking advantage of configuration and design flaws.

This course focuses primarily on Windows and windows internals and how to leverage them. Host and network recon, privilege escalation, credential stealing and passing, persistence, and lateral movement techniques will be covered in depth. Once finished with the course, students will have a foundation on how Windows attacks actually happen and how to secure against them from the post exploitation stage.

Like all classes offered by Attack Research, Tactical Exploitation: Attacking Windows is very hands on with a virtual enterprise network environment for students to practice the techniques they learn from the course lecture. Exercises are then demonstrated so each student gets a deep understanding. For more advanced students, there are additional challenges within the environment for them to discover.

Course Outline:

  • Introductory Concepts and Thinking Like an Attacker
  • Host Recon
  • Privilege Escalation
  • Credential Stealing and Passing
  • Persistence
  • Network Recon
  • Lateral Movement

We believe that attacking enterprise networks is multi-platform. So please consider also taking Tactical Exploitation: Attacking UNIX.

Who Should Take this Course

  • Penetration Testers
  • Detection and Response Staff
  • System Administrators
  • Developers

Student Requirements

Students must bring their own machines. Attack Research, LLC provides a windows based virtual machine for each student to connect to via the Remote Desktop Protocol (RDP). All exercises are then based from there.

Laptops must meet the minimum specifications to run:
  • Windows 7 or higher
  • Mac OS X Lion 10.7 or higher
  • Linux with a windowing system for RDP support
  • Must have an RDP client
  • Gigabit Ethernet preferred. Limited wireless access is available.
  • Recommend a USB/Thunderbolt Ethernet adaptor for laptops that don't have Ethernet
  • Student must have appropriate access and knowledge to change their network configuration to support DHCP or static IP Addresses.

What Students Should Bring

See Student Requirements.

What Students Will Be Provided With

Students leave the class with full documentation and the entire custom and non-custom toolsets. Students will also take away the custom tools that they design and build in the class. Students walk away from AR training sessions not only with the "usual" training materials, but with a wealth of knowledge for both attacking and defending networks.

AR utilizes a very hands on approach to teaching by having the students spend approximately 50% of class time performing practical exercises in a lab environment designed to simulate real world enterprise networks. This type of class structure has been a proven success in retention of skills learned and student engagement. Our unique lab environments are replicas of the types of production networks that students will encounter in the real world.


Colin Ames is one of the founding partners of Attack Research LLC a boutique security company in the United States. Colin has been working in the information technology field for 18 years for both Government and Private organizations, with the last decade being focused on computer and information security. Colin was a contributing member of Metasploit, and has spoken and trained many times at security conferences like Blackhat, Shakacon, Countermeasures, and Source Boston. Colin has done Reverse Engineering, Exploitation Development, Vulnerability Discovery, and Post Exploitation on Windows, OSX, Linux, and Unix operating systems, and has a special place in his heart for File Formats, especially Adobe's PDF. Colin is also on the selection committee for the Shakacon security conference.

Val has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Val founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Val founded Offensive Computing, a public, open source malware research project.

David has worked in the computer security arena for the past ten years. He has specialized in reverse engineering, malware research, and penetration testing. During the past ten years he has worked with various places including Offensive Computing, a Malware Research Company. He is currently conducting research at Attack Research which is set up to help understand the internals of attacks. Dave has focused on *nix systems and enjoys figuring out how to abuse various trust relations between *nix systems.