DAY 1: Footprinting
- WHOIS and DNS Enumeration
- Structure of Registrations Organizations
- Record Privacy Features
- DNS Interrogation
- Protocol Summary
- Query Types
- Zone Transfers / Reverse Lookups
- Open Source INTelligence (OSINT)
- Manual Methods
- Automated Utilities
Scanning
- Host Discovery
- ICMP Utilities
- TCP Utilities
- UDP Utilities
- Service Discovery
- TCP Port Scanning
- UDP Port Scanning
- Enumeration
- Banner Grabbing
- Simple Services
- HTTP / Web Servers
- UDP Based Services
- Operating System Detection
- Passive Methods
- Active Methods
- Vulnerability Scanning
- Commercial Tools
- Open Source Tools
DAY 2: System Hacking (Windows)
- Domain Enumeration
- Passive Enumeration
- Active Enumeration
- User Enumeration
- Windows SIDs
- User Policy Enumeration
- Penetration
- Brute Force Attacks
- Vulnerability Exploitation
- Client Application Attacks
- Privilege Escalation
- Abusing Mis-configured Services
- WMIC
- Sysinternals Tools
- Pillaging
- Password Weaknesses
- Searching for Sensitive Information
- Mimikatz
- Expanding Influence
- Pivoting
- Pass the Hash
- Cached Credentials
- Local Access
- Programmable Human Interface Devices
- Powershell
- Portable Virtualization Software
DAY 3: System Hacking (UNIX)
- User Enumeration
- Penetration
- Brute Force Revisited
- Mis-configured Services
- Privilege Escalation
- Pillaging
- Password Cracking
- Finding Stored Credentials
- Expanding Influence
- Abusing Trust
- TCP Port Forwarding
- Local Access
- Bootable Media
- Firewire Attacks
DAY 4: Web Hacking
- Web Application Architecture
- Browsers
- Load Balancers
- Web Servers
- Web Applications
- Databases
- HTTP(S) Primer
- Request Methods
- Response Codes
- SSL/TLS Implementations
- Discovery
- Configuration Management
- Application Vulnerabilities
- Default / Mis-configured Settings
- Authentication
- Brute Force Attacks
- Abusing Process Logic
- Authorization
- Lateral Privilege Escalation
- Vertical Privilege Escalation
- Session Handling
- Session Hijacking Techniques
- Session Confidentiality Issues
- Data Validation
- SQL Injection
- Cross-Site Scripting
- OWASP Top 10
- History
- Overview and Interpretation
- Automated Assessment
DAY 5: Final Exercise
The practical exercise is a team-based Capture The Flag (CTF) event. Students will work in teams to perform a thorough penetration test of a simulated corporation. Specific informational objectives are defined for each step of the process. These objectives are in the form of “flags”. Teams will gather all flags with as few hints as possible within the time allotted. Multiple hints will be given for each flag to the point of walking the student through the process required for success. The scoreboard will be displayed throughout to help motivate students to attempt to obtain flags with the least number of hints.
This course is over 60% hands-on. Students will:
- Execute an Open Source Intelligence Process
- Discover Hosts and Services Within a Realistic Network Environment
- Identify Potential Vulnerabilities Using Popular Tools
- Crack Passwords That are Hashed Using Different Methods
- Practice Multiple Post-Exploitation Techniques
- Gain Proficiency With an Exploitation Framework
- Perform Several Web Application Attack Vectors
- Compromise Sensitive Information on Simulated Production Systems
- Engage in an Immersive, Interactive Capstone Exercise
Although no specific courses are required, students should have some level of experience with Microsoft Windows and Linux operating systems as well as a basic understanding of TCP/IP Networking.
