Hacking Enterprises - 2022 Edition (Online Training) (3 Days Mo.-Wed.)
Updated for 2022, this immersive hands-on course will allow you to fully compromise a simulated enterprise covering a multitude of TTP’s. The training is based around modern operating systems (including Windows 11), using modern techniques and emphasising the exploitation of configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.
Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users to gain access to new networks, in turn bringing new challenges including IPv6 exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, OOB persistence mechanisms and much more!
We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training!
Updated for 2022, this immersive hands-on course will allow you to fully compromise a simulated enterprise covering a multitude of TTP’s. The training is based around modern operating systems (including Windows 11), using modern techniques and emphasising the exploitation of configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.
Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users to gain access to new networks, in turn bringing new challenges including IPv6 exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, OOB persistence mechanisms and much more!
We also like to do things with a difference. You’ll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, whether an attacker or defender, to understand the types of artefacts your attacks leave and how you might catch or be caught in the real world.
We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training!
Content:
Day 1
- MITRE ATT&CK framework
- Overview on using the in-LAB ELK stack
- Offensive OSINT
- Enumerating and exploiting IPv6 targets
- Pivoting, routing, tunnelling and SOCKS proxies
- Application enumeration and exploitation via pivots
- Linux living off the land and post exploitation
- C2 infrastructure and beacons
Day 2
- Exploitative phishing against our simulated enterprise users
- Living off the land tricks and techniques in Windows
- P@ssw0rd and p@ssphras3 cracking
- Windows exploitation and privilege escalation techniques
- Windows Defender/AMSI and UAC bypasses
- Situational awareness and domain reconnaissance
- RDP hijacking
Day 3
- Bypassing AWL (AppLocker, PowerShell CLM and Group Policy)
- Extracting LAPS secrets
- Lateral movement for domain trust exploitation
- WMI Event Subscriptions for persistence
- Out of Band (OOB) data exfiltration
- Domain Fronting