On This Page

Adaptive Penetration Testing

Coalfire | July 22-23 & July 24-25



Overview

Practice and real world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. The majority of this course is spent in a fully operational lab environment, overcoming the real-world obstacles faced in today's enterprise networks. We will cover tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of enterprise environments. Methods presented are based on TTPs constantly being refined by our penetration testers' operational experience.

Utilizing the right tool for the job is often the difference maker for an effective penetration test. We will walk you through various commercial and open-source tools for identifying attack vectors and infiltrating enterprise environments. We will cover both network and web testing tools and frameworks including Cobalt Strike, Metasploit, Nessus and a host of various tools developed by Veris Group's Adaptive Threat Division (including Empire, PowerSploit, PowerView and PowerUp). These tools will enable you to collaboratively conduct penetration tests efficiently and effectively against variable target environments. You will also overcome obstacles, practice modern attack techniques and learn how to use advanced tactics to force-multiply your penetration tests. Our courses are updated yearly with current operational methodologies, techniques and toolsets.

The following topics will be covered in this course:

Day 1:
  • Effective Assessment Management
  • External Network Footprinting
  • Network Enumeration
  • Vulnerability Identification
  • Gaining Access Through Network Exploitation
  • Password Cracking


Day 2:
  • Gaining Access Through Social Engineering
  • Internal Network Attacks
  • Gaining Situational Internal Awareness
  • Escalation of Access
  • Internal Lateral Movement
  • Impact Demonstration

Who Should Take this Course

To get the most from this course, participants should have at least one to two years of technical information security experience and be familiar with common administrative tools in Windows and Linux.

Student Requirements

Please see "Who Should Take This Course" section

What Students Should Bring

Students will be provided with a custom version of the latest Kali Linux image to perform exercises. They will need their own laptop, with a wired network adapter, 4GBs of RAM and the ability to run a virtual machine (VMWare Player, Workstation, Fusion) and an insatiable appetite for learning.


What Students Will Be Provided With

A custom version of the latest Kali Linux image

Trainers

Jason Yorty is a senior cybersecurity expert at PLEX, LLC, with 20+ years of combined experience leading, performing, and teaching about offensive and defensive cyber operations for military, government, and commercial clients. He provides cyber operations instruction, and has deep experience in telecommunications exploitation operations experience focusing on 802.11/802.3/Cellular Networks. He has systems security analysis, penetration testing, and exploitation experience, with particular technical depth in WiFi survey and exploitation, memory analysis, and traffic analysis.

Michael Allen "Wh1t3Rh1n0" is one of Coalfire's premiere Red Team and adversary simulation specialists. In addition to holding the OSCE, he is one of only a handful of certified Master Level Social Engineers in the world, and was recognized during the MLSE course as a leader in impersonation and intelligence-gathering techniques. Michael's client work has taken him from United States military bases to Fortune 50 companies, as well as technology start-ups, government institutions, and healthcare providers. He is also the creator of Air-Hammer, a tool designed to leverage open source intelligence in attacks against wireless networks.