Aperçu du cours
Course Description : SEC560 provides in-depth knowledge and practical skills to perform enterprise penetration testing effectively and ethically.
Prérequis
- Familiarity with basic network and system administration concepts
- Experience with common operating systems (Windows, Linux)
- Basic understanding of computer networking and protocols
- Recommended: Experience with common security tools and techniques
Objectifs pédagogiques
- Plan and prepare for an enterprise penetration test effectively
- Perform reconnaissance to aid in social engineering, phishing, and informed attack decisions
- Scan target networks using advanced tools to identify hidden systems and targets
- Gain initial access safely and effectively through password guessing
- Exploit target systems in multiple ways to measure real business risk
- Execute extensive post-exploitation activities
- Use privilege escalation techniques on Windows and Linux systems
- Conduct internal reconnaissance to identify additional targets
- Perform lateral movement and pivoting to extend access
- Crack passwords using modern techniques
- Manage compromised hosts with multiple Command and Control frameworks
- Attack the Microsoft Windows domain
- Execute Kerberos attacks
- Conduct Azure reconnaissance and attacks
- Develop and deliver high-quality penetration test reports
Public ciblé
- Security Engineer
- Penetration testers
- Ethical hackers
- Blue Team Member
- Red Team Member
Programme de formation
-
Day 1: Introduction to Enterprise Penetration Testing
-
Overview of penetration testing methodologies
-
Setting up a penetration testing environment
-
Information gathering and reconnaissance
-
Threat modeling and attack planning
-
-
Day 2: Scanning and Enumeration
-
Scanning target networks using various tools
-
Identifying open ports, services, and vulnerabilities
-
Enumerating network resources and users
-
Target selection and prioritization
-
-
Day 3: Exploitation and Post-Exploitation
-
Password guessing and initial access
-
Exploiting vulnerabilities to gain access
-
Expanding access through post-exploitation techniques
-
Privilege escalation on Windows and Linux systems
-
-
Day 4: Internal Reconnaissance and Lateral Movement
-
Internal network reconnaissance
-
Identifying additional targets and attack paths
-
Lateral movement techniques
-
Pivoting within the network
-
-
Day 5: Advanced Attacks
-
Password cracking techniques
-
Command and Control (C2) frameworks
-
Attacking the Microsoft Windows domain
-
Kerberos attacks (Kerberoasting, Golden Ticket, Silver Ticket)
-
-
Day 6: Azure and Reporting
-
Azure reconnaissance and attacks
-
Azure AD password spraying attacks
-
Executing commands in Azure with compromised credentials
-
Developing and delivering penetration test reports
-