Penetration Testing/Hacking Infrastructure

A 4 Day on Client Site or Public course delivered by a CREST Certified CHECK Team Leader

 

A Black Hat USA 2015 Course

Delivered by a CHECK Team Leader

Bootcamp Style Intensive Training

Infrastructure, Networks and Apps

Course Overview                                                                       

All the Penetration courses require the delegates to have  technical knowledge and experience. Cyber Management Alliance offers ‘Hands-On Hacking’ course in the infrastructure and network areas. 

We provide training for two levels:

  • Intermediate Track (Beginner to intermediate level experience)
  • Advanced Track (In depth)

Our no ‘surprises’ approach is based around formal and informal communication throughout, keeping attendees part of the class discussions , capture the flag events, and revisiting the previous modules where necessary.

These courses can be customized as per client requirements however the standard daily format of the training is

  • Module Presentation and training from the instructor
  • Followed by class discussions which are encouraged by the trainer to help everyone
  • Capture the flag (CTF) exercises at the end of each module

Course Objectives:

  • We aim to push the attendees to work towards becoming skilled penetration testing professionals.
  • Dedicated labs are provided to all attendees in order to ensure that every attendee works at his/her own speed to truly perfect their develop skills 
  • Improve your skills with this 100% practical training course

Infrastructure Training - Hands-On Hacking               

What is it?

It's a must have course for every well rounded security professional in order to understand the nitty gritty of the hacking world. Pen testing is a continuous process where you need to keep evolving and staying up to date with the latest and the greatest techniques in the field.

This security training course is a 'bootcamp' style intensive course that runs for 4 days (can be customized upon request) taking the attendees through the world of Windows, Linux, Applications, Network components (VoIP systems, VPN) and VLAN hacks. Since it's a fully hands on course, you will be breaking systems from day 1 and end up compromising everything in the lab by beer o’clock (last day). It’s the same course that was run at Black Hat USA 2015:

https://www.blackhat.com/us-15/training/advanced-infrastructure-hacking.html

What is the class difficulty level?

Based on audience level, this course is taught in two different    classes:

  • Intermediate Track (Beginner to intermediate  level experience) – 2   days
  • Advanced Track (In depth) – 3 or 4 days based on client requirement/audience skill-set.

This course covers real world scenarios, and discusses techniques that can be used by the attendees to improve their skill-set and prepare for professional pen test certifications. 

What are the pre-requisites for attendees?

  • Intermediate Track - Networking and OS knowledge is essential
  • Advanced Track – Basic VA/PT (penetration testing) knowledge/experience is necessary

 

What are the logistical requirements for onsite training?

A training room equipped with internet and a  projector.

All coursework is performed in the designated labs. Each attendee is provided with a VPN setup in order to connect to the labs. You only need a laptop and ensure that you have admin/root

Who teaches this course?

Each of the above classes is covered by a CREST Certifed CHECK Team Leader with over 9 years professional penetration testing experience (Ex-employers include Deloitte, IRM, NCC Group) along with training at the world's leading hacking conference (Black Hat). 

All attendees are provided with class course documents, along with lab challenges and solutions. Industry best practices will be shared throughout the challenges, including tips via Capture The Flag events. Complete module answers are either provided in the class on the same day, or emailed afterwards.

Features:

  • Dedicated labs for training and practise
  • 100% Practical
  • Hands on training
  • Black Hat 2015 Course
  • CHECK Team Leader Instructor
  • Course Material
  • Capture the flag style challenges
  • Best practices from an expereinced tutor
  • Access to labs post training for up to 2 months

 

Pen Test Training Brochure Download

 

Course Outline

  New Call-to-action

Day  1

Day 1 : Laying the foundation
● Basics - network and security concepts from TCP/IP basics to port scanning.
● Essentials Workshop consisting of Enumeration, Password Attacks – Different techniques
● Windows (Networking, Protocols Basics, Attacks ) and Linux Basics, Database Hacking (MySQL, PostgreSQL)
● Hands-On Training
Day 2: Hacking Windows
● Metasploit Framework Coverage
● Anti-Virus Evasion
● Challenging Your Windows fu - Exploitation and Post Exploitation Tricks and Techniques
● Client Side Attacks (Custom payloads including backdoors, third party - Adobe, Java, Browser based attacks)
● Local Privilege Escalations – For e.g. MS14-058
● Hacking Windows Domains (Windows and Kerberos Hacking) – For e.g. MS14-068
● Collecting the crown jewels - Password Dumping Techniques (Safely and dangerously!)
Day 3: Hacking Linux
● Assessing Linux/Unix Services
● Service Enumeration (Finger, Rservices, etc)
● SSH and NFS Hacks
● Kernel Vulnerabilities
● SGID/SUID Hacking
● Insecure File Permissions
● Local Privilege Escalations (service misconfigurations, kernel exploits)
● How to hunt Local Privilege Escalations!
Day 4: Network/Device Components
● VoIP - Enumeration, Exploitation and Post Exploitation
● Remote VPN endpoint hacking
● Switch/Router Vulnerabilities
● VLAN Hopping Attacks
Role play/ Case study
  • SAP Audit
  • SAP Security project

Day 2

SAP security - Segregation of duties conflicts (SoD)
  • Why so popular in SAP audit these days
  • Link back to accounts payables and general accounting practices (common  areas of fraud)
  • Key SAP process controls in accounts payable and accounting processes
  • Effective approaches in cleaning SoD conflicts
  • Role of SAP GRC
Deep dive into SAP sensitive access
  • Concept of sensitive access
  • SAP sensitive access examples
  • Concept of fire fighters accounts
Managing risks in SAP offshore environments
  • SAP security in support arrangements
  • Controlling access from support staff on your SAP system
  • Management reporting on SAP risks - Strategic and Operational
Key SAP configuration security
  • Passwords security
  • Establishing accountability in SAP access management
  • Requirement to SAP landscape and effective change management process
SAP Cyber security
  • Key risks in SAP Cyber Security
  • Risk mitigation approaches
Role play/ Case study
  • SAP risk register
  • Group discussion on SAP Management Essentials
  • testimonial_img.png

    Our instructors penetration testing clients include some of the largest banks in the world. 

    CHECK Team Leader

     

Book your Penetration Testing/Hacking Infrastructure course. 

This course is available as internal training course delivered on client site or alternatively you can attend one of our public courses. Please fill in the form below and one of our team will get in touch to discuss your requirments. 

  • callOr call us on:
  • +44 (0) 203 189 1422