Internal Pentest Training
> Services for your people > Internal Pentest Training
Internal Pentest Training
Secura's internal pentest training course teaches you how attackers compromise office automation network by combining theory with hands-on practice. The goal is not only to gain a greater understanding on what should be secured within such a network but also why mitigation techniques work.
Additionally, the course provides a deeper understanding of what is to be expected from a pentest. Thereby being able to more effectively manage a pentest engagement from either the attacking or defending perspective. The methods taught are techniques on how to perform an effective internal pentest and are based on years of experience and numerous assessments.
Why should you attend?
- Gain insight into how critical vulnerabilities in a corporate network can be exploited.
- Learn how an effective internal penetration test can be performed in an enterprise environment.
- Get do's and don'ts during an engagement from experienced professionals.
- Learn to structure information effectively during the internal penetration test as to gain the most value from an engagement.
During the course an internal penetration test will be performed by the participants while being guided by an experienced penetration tester. This is a very interactive training course with lots of exercises, demonstrations and quizzes to support effective learning. The courseware is also based on gamification meaning that a virtual lab is included in which participants can execute attacks to gain points in a capture the flag setup.
Intended Audience
This training is suitable for:
- Blue team members
- Network administrators
- Automation testers
Required Skills & Expertise
This training is devised for technical personnel. Participants may vary in skill level from no experience to novice in pentesting. A basic understanding of Linux and Windows AD is needed.
Program
The program is divided into several sections, which are given in a two-day course. This course ensures that attendees from novice to advanced beginner can each learn from this course.
Day 1
Time |
Topic |
Description |
9:00 |
Pentest preparation |
|
Pentest methodology |
|
|
10:30 |
Coffee break |
|
Bypassing NAC |
|
|
Performing passive reconnaissance |
|
|
12:00 |
Lunch |
|
Attacking PxE environment |
How to identify PxE services and enumerate deployment files |
|
14:45 |
Coffee break |
|
Performing active reconnaissance |
|
|
Exploiting vulnerable systems |
|
|
17:00 |
Wrap up with questions and answers |
Day 2
Time |
Topic |
Description |
9:00 |
Capturing credentials and relay attack |
|
Exploiting applications |
|
|
10:30 |
Coffee break |
|
Exploitation using CME |
|
|
Post-exploitation enumeration |
|
|
12:00 |
Lunch |
|
Pivoting |
|
|
14:45 |
Coffee break |
|
Gaining elevated privileges |
|
|
17:00 |
Wrap up with questions and answers |
Interested in our Internal Pentest training?
If you are interested in hosting this interactive and tailored workshop at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00or email info@secura.com.
ABOUT SECURA
Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.
Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.