Internal Pentest Training Course (2 days)

The internal pentest course is an instructional course combining theory and hands-on training. The topics cover all pentesting activities from start to finish. Methods taught are up-to-date techniques on how to perform an effective internal pentest, based on years of experience and numerous investigations.

We will explain how to create structure during a pentest, how to use tooling and techniques to enumerate, exploit and post-exploit a network.

The next internal pentest training course is planned for 29 and 30 August and is now open for registration. Limited seats available.

Register now to reserve your seat

Intended Audience

This training is devised for technical personnel with varying skill levels and specialties. To attend this training course a basic understanding of Linux and Windows AD is recommended.

  • Blue team members.
  • Pentesters.
  • Automation testers.

Program

The program is divided into several sections, which are given in a two-day course. This course ensures that attendees from novice to advanced beginner can each learn from this course.

Day 1

  • Pentest preperation
    • What you need to know before you start.
    • Rules of engagement.
    • Do’s and don'ts during a pentest.
  • Pentest methodology
    • How to perform a structured pentest.
  • Bypassing NAC
    • MAC spoofing.
  • Performing passive reconnaissance
    • Analysing network traffic to identify weaknesses.
      • Exercise: capturing and anaylsing network traffic.
  • Attacking PxE environment
    • How to identify PxE services and enumerate deployment files.
      • Exercise: enumerating PxE deployment files.
  • Performing active reconnaissance
    • Performing (effective) network and vulnerability scans. (fierce) Nmap Nessus
    • Fingerprinting the active directory domain.
    • Enumerating available services (HTTP, SMB, FTP, NFS).
      • Exercise: reverse DNS / port and vulnerability scans / fingerprinting AD.
  • Exploiting vulnerable systems
    • Metasploit intro.
      • Exercise: Compromising systems

Day 2

  • Exploiting network protocols
    • Responder / relay attacks.
      • Exercise Responder.
  • Exploiting Applications
    • Exploit a vulnerable webserver
  • Exploitation using PowerShell Empire / CME
    • Empire and CME intro.
      • Exercise: compromising systems using powershell/cmd.
  • Post-exploitation enumeration
    • Authenticated domain enumeration.
    • Authenticated enumeration of available services.
  • Pivoting
    • Metasploit Advanced.
      • Routing, socks proxy.
    • ProxyChains intro.
      • Exercise pivoting.
  • Gaining elevated privileges
    • Abusing local administrative permissions.
      • MimiKatz / Sysinternals.
  • Exercise: Compromising the network

Learning objectives

  • Learn how to perform an effective internal pentest, based on years of experience and numerous investigations.
  • Learn how to think like a hacker
  • Learn how to use tooling and techniques to enumerate, exploit and post-exploit a network

View all SecurAcademy Training Courses

@ Secura 2019
Webdesign Studio HB / webdevelopment Medusa