The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. This is a condensed version of a two day course. In this workshop we will focus on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.
Requirements: Some familiarity with basic penetration testing concepts will be helpful, but is not absolutely required. Proficiency using a command line and search engine in conjunction to solve problems is highly recommended to enjoy the class. Access to both an OSX and Linux laptop or virtual machine with internet connection is required to access labs and complete course content. The recommended setup is an OSX laptop with a Kali or Ubuntu Virtual Machine. If you are unable to meet this requirement you can still take and enjoy the class but please be advised that approximately 20% of the course’s hands-on lab content will require a Mac OS system. It is advised to have VMWare Fusion or VMWare Workstation installed in advance.
Outline:
- Perimeter Breach
- Public Credential Reuse Tricks
- Targeted Social Engineering and Spear Phishing
- Social / Physical
- Malware Considerations
- Escalation
- Post Exploitation 101
- Userland Password Stealing Techniques
- Application Secret Stealing Techniques
- 2FA Bypass Techniques
- AWS Post Exploitation
- Lateral Movement
- Lateral Movement Path Visualization
- Credential Harvesting Techniques
- Piggybacking Users to Bypass 2FA
- Tunneling and Proxying
- Continuous Dis-integration Techniques
- Persistence