This course is the result of nearly two decades of experience training at BlackHat and will advance your ability to understand and compromise organisational networks. We've taken the methodologies we use for our external and internal network penetration testing and distilled them to a fast-paced and immersive two days.
It has a narrative starting with understanding your target, moving through initial compromise, then post exploitation and lastly going after the crown jewels.
- Introduction to a hacking methodology
- How learning the trade and not just the tricks will allow you to think through a threat model to find the gaps in an organisation's defences.
- Intelligence -Organisation OSINT.
- How Google and investor reports can guide your attack.
- Common and not so common sources of information on organisations.
- How to turn passwords dumps and pastebins into searchable directories.
- How technologies such as DNS, Whois, BGP and certificate transparency can be used to find an organisation's targets.
- Advanced service identification and gotchas to speed up enumeration across large networks.
- Methods of stealthy or passive fingerprinting.
- Vulnerability Identification and Exploitation
This course is ideal for those wanting to learn how hackers are gaining access to networks, penetration testers who are new to network penetration testing, and/or those who wish to brush up on effective ways to pwn companies from the net and internally.
Technical understanding of at least Windows, Linux or macOS with familiarity of at least one command line of these.
Understanding of organisational networks and security.
At a minimum, students need a computer with a web browser they are comfortable using. As all the practicals are hosted in the cloud and the class web portal is used to deliver content.
If possible, students should bring a laptop with Kali Linux either installed or running in a VM under a user with administrative rights. This lets students set up their environment to take home with them and can make the course a little more comfortable.
Students will be given:
- Access to our web class portal containing slides, practicals, walkthroughs, tools and prerequisites. This is accessible after the training.
- Access to your own individual lab with numerous targets and capabilities, used for the practicals.
Subject matter experts from SensePost/Orange Cyberdefense