You will enjoy it! The course teaches strategy and advance techniques for performing internal infrastructure penetration testing in highly secure Windows infrastructure. Our course has been developed around professional penetration testing and security awareness in the business and IT fields. To make sure that all participants gain the necessary infrastructure security concepts and knowledge, our classes have an intensive hands-on labs format.
We have gathered knowledge from top worldwide known experts and combine their skills to prepare unique content allowing you to prepare for performing penetration testing or read team exercise for your organization.
Every exercise is supported with lab instructions and multiple tools, both traditional and specialized. CQURE trainers recommend students have some knowledge of security concepts, such as operating system services and architecture. However, all required concepts will be covered throughout the course.
Paula says: Penetration Test combines a lot of components that make a test to be a bit more professional. Starting with report templates, attitude, being legal and first steps, ending up with great tools and techniques. This course is fun but with a value!
Pen-testers, read teamers, Windows network administrators, security professionals, systems engineers, IT professionals, security consultants and other people responsible for implementing infrastructure security.
Module 1: Evolution of Hacking
• Evolution of vulnerabilities
• Persistent Threats
• Malware evolution
• Modern Attack Techniques
Module 2: Penetration testing methodology
• Reconnaissance
• Enumeration
• Exploitation
• Privilege escalation
• Lateral movement
• Persistency
• Reporting and cleanup
Module 3: Reconnaissance and enumeration
• Open Source Intelligence
• Google Hacking
• DNS enumeration
• Network scanning
• Service discovery
• IPS/IDS consideration and handling
• 802.1x bypass
Module 4: OS Security and elevation of privileges
• Services Security
• Permissions and Privileges
• Offline Attacks
• DPAPI Attacks with custom CQURE Tools
• Cached Logons Attacks with custom CQURE Tools
• Exploiting a lack of access controls
• Application whitelisting bypass
Module 5: Identity attacks and lateral movement
• Pass-The-Hash Attacks
• Pass-The-Ticket Attacks
• Kerberoasting
• DCSync
• DCShadow
• Smb Relay
Module 6: Common service attacks
• Microsoft SQL Server attacks
• PKI misconfiguration detection and attacks
• Compromising Web Server
• Active Directory Security
• Print server security
Module 7: Tampering with Communication
• Wireless Protocols Security
• NetBIOS Spoofing
• SMB Security
• LLMNR
• HTTP/HTTPS
Module 8: AV bypass and evasion techniques
• Malicious Files Execution
• Anti-antimalware techniques
• Non-exe Malware
• File-less malware techniques
• SIEM and PAM consideration
Module 9: Legal Issues
• Paperwork
• Reporting
• Responsibility
• White hat ethics
Join our public courses in our Hong Kong facilities. Private class trainings will be organized at the location of your preference, according to your schedule.