PENTESTING ENTERPRISE INFRASTRUCTURE - JOURNEYMAN LEVEL

SensePost | July 22-23 & July 24-25



Overview

Do you think you can pwn us?

This is a solid two-day course in network-level pwnage. Minimal theory, just pwning, privilege escalation and exfiltration. Rinse and repeat. This is as hands on as you'd expect from Blackhat, no videos or demos here.

This course looks at the methods and approaches one would take when performing internal and external network penetration tests. In your own fully functional lab, your aim will be to think like a hacker and mapout your target, find weaknesses and fully exploit trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of thinking, strategies and the methodologies you might need for every step along the way.

If you are looking for practical, hands on approach to learning how to pwn a network, then this is where you will find it.
Are you interested in...
BlackOps: https://www.blackhat.com/us-17/training/black-ops-hacking-for-pentesters-master-level.html
SecDevOps: https://www.blackhat.com/us-17/training/secdevops-injecting-security-into-devops.html
Tactics: https://www.blackhat.com/us-17/training/tactics-techniques-and-procedures-for-hackers.html

OVERVIEW

Day One:
  • A quick review of key concepts and technologies
  • Perform reconnaissance on the Internet & your own internal lab (not shared with anyone else)
  • Footprinting and fingerprinting like a boss
  • Targeting Operating Systems (Windows and Linux)
  • Targeting Databases/App Servers
  • Vulnerability discovery
  • Exploiting known vulnerabilities using Metasploit

Day Two:
  • You've found a way in, now what?
  • Post-Exploitation with Metasploit and Empire
  • Bypassing common security technologies: sneaky lateral movement
  • Pivoting and abusing trust relationships
  • Attacking Microsoft Active Directory
  • Obtaining the crown jewels of an organization
  • Data exfiltration: the who's how's and why's

Who Should Take this Course

This course is ideal for those wanting to learn how hackers are gaining access to networks, penetration testers who are new to network penetration testing, and/or those who wish to brush up on effective ways to pwn companies from the net and internally.

Student Requirements

  • No hacking experience is required
  • Familiarity with networking basics
  • Basic understanding of Virtual Machines
  • Basic knowledge of Linux and Windows and their command lines

What Students Should Bring

Students should bring a laptop that is capable of running a Kali VMware image, has a Ethernet port available (or a USB Ethernet adapter) and a user that has administrator rights. Please do not bring any devices that contain "Corporate" information.

What Students Will Be Provided With

We have developed a training portal that will be made available to all students before they attend Black Hat. This portal allows you to register an account and gain access to the slides used and any prerequisite information we feel would help you get the best out of this course. All content for the course, including tools required and instructions to configure your environment, will be made available via the training portal before you start, which means less time setting up and more time for learning.

Access to this portal will not stop once the course has finished, allowing you to continue learning in the weeks/months after Black Hat.

Trainers

SensePost has been training at Black Hat since 2001. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. From working penetration testers, responsible for numerous tools and vulnerablities, to environments tailored for learning, training is at the core of what we do.