Pentesting Enterprise Infrastructure - Journeyman Level

For the 2018 Edition of our Pentesting Enterprise Infrastructure, we've upped the game with new twists and turns during the lab exercises. Additional pivoting techniques and more pwnage sprinkled on top!

Minimal theory, just pwning, privilege escalation and exfiltration. Our Pentesting Enterprise Infrastructure course is as hands on as you'd expect from Blackhat, no videos or demos here.

This course looks at the methods and approaches we take when performing internal and external network penetration tests. At SensePost we have almost two decades of experience pwning 'all the things' and continue to contribute to the industry with cutting edge research and tools.

For our training, we have taken our experience from the field and brought it to you in a controlled lab environment. Your aim will be to think like a hacker, map your target, find weaknesses and fully exploit the trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of problem solving, strategies and the methodologies delivered by experienced hackers.

Do you think you can pwn us?

OVERVIEW

Day One:
A quick review of key concepts and technologies
Perform reconnaissance on the Internet & your own internal lab (not shared with anyone else)
Footprinting and fingerprinting like a boss
Targeting Operating Systems (Windows and Linux)
Targeting Databases/App Servers
Vulnerability discovery
Exploiting known vulnerabilities

Day Two:
You've found a way in, now what?
Post-Exploitation with Metasploit and Empire
Bypassing common security technologies: sneaky lateral movement
Pivoting and abusing trust relationships
Attacking Microsoft Active Directory
Privilege escalation techniques
Obtaining the crown jewels of an organization
Data exfiltration: the who's how's and why's

This course is ideal for those wanting to learn how hackers are gaining access to networks, penetration testers who are new to network penetration testing, and/or those who wish to brush up on effective ways to pwn companies from the net and internally.

No hacking experience is required
Familiarity with networking basics
Basic understanding of Virtual Machines
Basic knowledge of Linux and Windows and their command lines

Students should bring a laptop that can run a Kali VMware image and a user that has administrator rights. Please do not bring any devices that contain "Corporate" information.

We have developed a training portal that will be made available to all students before they attend Black Hat. This portal allows you to register an account and gain access to the slides used and any prerequisite information we feel would help you get the best out of this course. All content for the course, including tools required and instructions to configure your environment, will be made available via the training portal before you start, which means less time setting up and more time for learning.

Access to this portal will not stop once the course has finished, allowing you to continue learning in the weeks/months after Black Hat.