RECONNAISSANCE, the very first phase of any Risk Assessment Exercise, is often underestimated by many security professionals. Every pentester’s arsenal should, however, include Open Source Intelligence (OSINT) and active reconnaissance for an effective assessment and measure the security posture against real world adversaries. This training not only talks about using OSINT to extract data but also focuses on the significance of this data and how it could be directly enriched and used offensively for attacking and compromising Modern Digital Infrastructures.
We will take a deep-dive into various methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in attack scenarios to get initial foothold in multiple ways within an organisation’s network. The course will cover topics like:
● Mapping the Attack Surface
● Enriching Collected Data
● Cloud Recon
● Employee Profiling
● Practical Social Engineering etc.
Sudhanshu Chauhan is Director at RedHunt Labs and leads the Consultation and Training division. He is the developer of RedHunt OS and one of the core contributors to Datasploit (Open Source OSINT Framework). Sudhanshu has co-authored 'Hacking Web Intelligence', a book on OSINT concepts and techniques. He has been a speaker at various conferences such as Ground Zero Summit, CyberHackathon Bar-Ilan University, BlackHat Arsenal; has delivered training at BlackHat US and Asia, AppSec EU, etc. and is core organizer of @Recon Village.
● Target Scoping and Mapping the Attack Surface:
IP Range, Domain/Subdomain Enumeration, Certificate Transparency, Employee Profiling, Code Repositories, Cloud Recon
● Enriching OSINT Data:
Generating Username/Password, Tech Stack Profiling, Breach Dumps, Metadata Extraction, CSE
● Attacking and Exploitation:
Targeted Credential Spraying, Compromising Business Communication Infrastructure, Attacking Network/Cloud Services
● Practical Social Engineering:
User Profiling, Watering Hole, Campaign Creation and Management, Payload Generation, Delivery Techniques
This fast-paced course will teach you how to leverage bleeding edge toolsets and techniques to conduct effective, in-depth penetration tests on the latest, real world network, web and application components. This highly intense, completely hands-on lab based curriculum has been created by our team of industry leading experts with experience in training thousands of professionals from Fortune 500 enterprises, defense and law enforcement agencies. The class will be conducted on our cloud based, state of the art lab platform where attendees will be doing 10 unique lab exercises in class! Over 90% of class time will be spent on these hands-on, live penetration tests! Apart from the presentation PDFs, lab handouts, workbooks, video solutions, etc. we will also be providing all students 30 Days of free access to our online lab platform after the class! This will ensure you have enough time to revisit the concepts and try the demos again later. The lab exercises will be challenge based and will contain mixed environments using the below components:
● Reconnaissance, Analysis, Data Exfil and Exploitation of: ○ Web servers: Apache, Nginx, Tomcat, Gunicorn, Tornado, Nodejs ○ Caching servers: Memcache ○ Distributed queues and brokers: RabbitMQ, Kafka ○ Datacenter: KVM, Docker, Kubernetes attack vectors ○ NoSQL Databases: MongoDB, CouchDB, ArangoDB, Couchbase ○ Log analysis and SIEM platform attack vectors: ELK, Graylog ○ Attacking VoIP systems: Traffic analysis, decryption and recovery ● Privilege escalation exercises on Linux servers, web and network applications ● Pivoting tools and techniques: double, triple and beyond ● Advanced lateral movement, persistence and data exfiltration ● IoT networks, protocols and exploitation: MQTT, AMQP etc. ● Securing the infrastructure and apps: Hardening techniquesTraining Methodology
In each of the modules listed below, we will understand the basics, learn how to interact with the components and pentest it. Most of the time will be spent doing the lab exercises so the attendees understand all the practical nuances and challenges of applying this knowledge in the real world. All attendees will get to keep their lab access up to 100 days after the training so they can practice later.Prerequisites
● Learn to pentest modern infrastructures, server components and networks
● Gain a deep understanding of how to pentest complex applications running on public-private clouds and server farms
● Try out advanced attacks on a live infrastructure to cement your learning
● Basics of penetration testing
● Familiarity with tools such as Nmap, Metasploit, Burpsuite, Wireshark
● Able to read and understand code written in Python (need not be a proficient programmer)
● Penetration testers
● Red/Blue/Purple teams
● Security researchers, analysts and students with an interest in learning real world advanced pentesting techniques
● Laptop with at least 8GB RAM and administrative access
● Latest version of Google Chrome and Firefox installed
Vivek Ramachandran is the Founder, CEO at Pentester Academy, AttackDefense.com and Hacker Arsenal. He discovered the Caffe Latte attack, broke WEP Cloaking - a WEP protection schema, conceptualized enterprise Wi-Fi Backdoors and created Chellam, the world's first Wi-Fi Firewall. He is also the author of multiple five star rated books which have together sold over 20,000+ copies worldwide and have been translated to multiple languages. Vivek started Pentester Academy in 2013 which now serves thousands of customers from over 90 countries worldwide. He also conducts in-person trainings in the US, Europe and Asia. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Black Hat USA, Europe and Abu Dhabi, Defcon, HITB, Hacktivity, Brucon, SecurityByte, SecurityZone etc. Vivek has over a decade of experience in security and has a keen interest in the areas of Wireless, Mobile, Network and Web Application Pentesting, Shellcoding, Reversing and Exploit Research. He loves programming in Python, C and Assembly.Co-Trainer
Nishant Sharma is a R&D Manager at Pentester Academy and Attack Defense. He is also the Architect at Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. He also handles technical content creation and moderation for Pentester Academy TV. He has 6+ years of experience in information security field including 4+ years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of the art WiFi Intrusion Prevention System (WIPS). He has a masters degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.