Internal Pentest Training Course (2 days)

The internal pentest course is an instructional course combining theory and hands-on training. The topics cover all pentesting activities from start to finish. Methods taught are up-to-date techniques on how to perform an effective internal pentest, based on years of experience and numerous investigations.

We will explain how to create structure during a pentest, how to use tooling and techniques to enumerate, exploit and post-exploit a network.

The upcoming secure programming training is planned for 31 October & 1 November 2019 and open to join.

Save your seat

Intended Audience

This training is devised for technical personnel with varying skill levels and specialties. To attend this training course a basic understanding of Linux and Windows AD is recommended.

  • Blue team members.
  • Pentesters.
  • Automation testers.

Program

The program is divided into several sections, which are given in a two-day course. This course ensures that attendees from novice to advanced beginner can each learn from this course.

Day 1

  • Pentest preperation
    • What you need to know before you start.
    • Rules of engagement.
    • Do’s and don'ts during a pentest.
  • Pentest methodology
    • How to perform a structured pentest.
  • Bypassing NAC
    • MAC spoofing.
  • Performing passive reconnaissance
    • Analysing network traffic to identify weaknesses.
      • Exercise: capturing and anaylsing network traffic.
  • Attacking PxE environment
    • How to identify PxE services and enumerate deployment files.
      • Exercise: enumerating PxE deployment files.
  • Performing active reconnaissance
    • Performing (effective) network and vulnerability scans. (fierce) Nmap Nessus
    • Fingerprinting the active directory domain.
    • Enumerating available services (HTTP, SMB, FTP, NFS).
      • Exercise: reverse DNS / port and vulnerability scans / fingerprinting AD.
  • Exploiting vulnerable systems
    • Metasploit intro.
      • Exercise: Compromising systems

Day 2

  • Exploiting network protocols
    • Responder / relay attacks.
      • Exercise Responder.
  • Exploiting Applications
    • Exploit a vulnerable webserver
  • Exploitation using PowerShell Empire / CME
    • Empire and CME intro.
      • Exercise: compromising systems using powershell/cmd.
  • Post-exploitation enumeration
    • Authenticated domain enumeration.
    • Authenticated enumeration of available services.
  • Pivoting
    • Metasploit Advanced.
      • Routing, socks proxy.
    • ProxyChains intro.
      • Exercise pivoting.
  • Gaining elevated privileges
    • Abusing local administrative permissions.
      • MimiKatz / Sysinternals.
  • Exercise: Compromising the network

Learning objectives

  • Learn how to perform an effective internal pentest, based on years of experience and numerous investigations.
  • Learn how to think like a hacker
  • Learn how to use tooling and techniques to enumerate, exploit and post-exploit a network

Register now!

  • Location: Amsterdam
  • Date: 31 October & 1 November 2019
  • Costs: EUR 700 per person excl. VAT, including lunch

 Save your seat  More information

View all SecurAcademy Training Courses

@ Secura 2019
Webdesign Studio HB / webdevelopment Medusa