Internal Pentest Training

... > Training Courses > Internal Pentest Training

Internal Pentest Training

Secura's internal pentest training course teaches you how attackers compromise office automation network by combining theory with hands-on practice. The goal is not only to gain a greater understanding on what should be secured within such a network but also why mitigation techniques work.

Additionally, the course provides a deeper understanding of what is to be expected from a pentest. Thereby being able to more effectively manage a pentest engagement from either the attacking or defending perspective. The methods taught are techniques on how to perform an effective internal pentest and are based on years of experience and numerous assessments.

Why should you attend?

  • Gain insight into how critical vulnerabilities in a corporate network can be exploited.
  • Learn how an effective internal penetration test can be performed in an enterprise environment.
  • Get do's and don'ts during an engagement from experienced professionals.
  • Learn to structure information effectively during the internal penetration test as to gain the most value from an engagement.

During the course an internal penetration test will be performed by the participants while being guided by an experienced penetration tester. This is a very interactive training course with lots of exercises, demonstrations and quizzes to support effective learning. The courseware is also based on gamification meaning that a virtual lab is included in which participants can execute attacks to gain points in a capture the flag setup.

Intended Audience

This training is suitable for:

  • Blue team members
  • Network administrators
  • Automation testers

Required Skills & Expertise

This training is devised for technical personnel. Participants may vary in skill level from no experience to novice in pentesting. A basic understanding of Linux and Windows AD is needed.

Program

The program is divided into several sections, which are given in a two-day course. This course ensures that attendees from novice to advanced beginner can each learn from this course.

Day 1

Time

Topic

Description

9:00

Pentest preparation

  • What you need to know before you start
  • Rules of engagement
  • Do's and don'ts during a pentest

Pentest methodology

  • How to perform a structured pentest
  • Active Directory introduction

10:30

Coffee break

Bypassing NAC

  • NAC Evasion techniques

Performing passive reconnaissance

  • Analysing network traffic to identify weaknesses

12:00

Lunch

Attacking PxE environment

How to identify PxE services and enumerate deployment files

14:45

Coffee break

Performing active reconnaissance

  • Highlighting protocols which can be used by an attacker
  • Performing (effective) network and vulnerability scans
  • Fingerprinting the active directory domain
  • Enumerating service

Exploiting vulnerable systems

  • Metasploit introduction

17:00

Wrap up with questions and answers

Day 2

Time

Topic

Description

9:00

Capturing credentials and relay attack

  • Responder introduction

Exploiting applications

  • Exploit a vulnerable webserver

10:30

Coffee break

Exploitation using CME

  • CME intro

Post-exploitation enumeration

  • Authenticated domain enumeration
  • Authenticated enumeration of available services

12:00

Lunch

Pivoting

  • Metasploit Advanced - Routing, socks, proxy
  • ProxyChains intro

14:45

Coffee break

Gaining elevated privileges

  • Abusing local administrative permissions

17:00

Wrap up with questions and answers

Interested in our Internal Pentest training?

If you are interested in hosting this interactive and tailored workshop at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00or email info@secura.com.

USP

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.