Overview
PEN500 – Pentesting & Network Exploitation exposes students to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks.
Topics expose students to a variety of recon, discovery, scanning, enumeration, exploitation, post-exploitation, pillaging, covering one’s tracks and persistence.
Target Audience
Penetration testers looking to broaden their overall penetration testing skill set, network engineers, system administrators, developers.
Objective
Provide in-depth exposure and hands-on practice with all facets of 802.3 hacking, vulnerability research, pivoting, exploitation, password/hash cracking, post-exploitation pillaging and methods of setting up persistence on a victim’s network.
Topics
Day 1 introduces students to host target analysis. Topics include Linux command line, bash scripting and simple programming to enumerate, attack and exploit Linux hosts later in the course. Once Linux is complete, students begin learning basic through intermediate Windows Command Line skills, PowerShell cmdlets and the PowerShell attack framework called PowerPreter.
Students learn how to conduct basic service scans and exploit vulnerable hosts on internal networks through hands-on challenges that force them to replicate a real-world penetration test. They learn how to map, discover and exploit web applications, which requires the tester to understand how they communicate and the role the server plays in the relationship. Students learn how to conduct reconnaissance against a web server, followed by mapping its architecture. They’re also challenged with discovering vulnerabilities and misconfigurations for follow-on exploitation.
Students learn how to simulate an insider threat and escape restricted environments by abusing native services and functionality. Students then move to routed attacks against clients that have NAT devices, firewalls and DMZs deployed. They learn how to exploit a variety of web-facing services and gain access to the DMZ. Once in the DMZ they are asked to pillage the hosts and find additional information to assist in pivoting deeper into the network and into network segments that don’t touch the web directly.
On Day 4 students learn how to create and host malicious binaries on their own webserver to facilitate network penetration with purpose-built shellcode. Building on techniques and access gained into the DMZ, students are challenged to burrow further into the victims network by adding routes and pivoting into internal network segments by exploiting additional victims. Having exploited a variety of hosts throughout the network deploying persistence is then taught to maintain hard earned access.
Day 5 deals exclusively with hands-on challenges. Using all the skills, techniques and tools learned during the previous four days to lay waste to the company’s network and computers, students will be tasked with owning “the CEO’s” computer, and stealing as much sensitive information from the notional corporation as possible. The company’s computers contain a wide variety of PII, corporate information and intellectual property for the taking. Can they own the CEO’s box? Can they gain access to and modify the company’s firewall settings?
