MASTER / BLACKOPS

Provided by

Enquire about this course

About the course

MASTER / BLACKOPS
Intended for existing penetration testers with a solid and technical understanding of penetration testing tools and techniques, this course teaches students how to hack like criminal network operatives. With a strong offensive focus drawing on the techniques employed in recent industry hacks, the student is taught about new vulnerabilities (current year – 3 years) and how to use them to their full potential.

Course outline
Attacking like a criminal network
The course objectives are to teach students how to hack like a russian criminal network; strong offensive focus drawing on the techniques employed in recent industry hacks. Strong with regards to new vulnerabilities (current year - 3 years) and how to use them to their full potential. From deploying Dridex and Betabot to maintaining access and harvesting data, this course takes you through the TTP's used by criminals.

Understanding Criminal Market Approaches
Criminal markets have grown at an alarming rate. From financial fraud classes on offer in Brasil, to Russian botnet masters renting out expertise and infrastructure for those wishing to start a career in cyber crime, the tactics, techniques and procedures (TTP's) used by attackers today go beyond simply getting lucky with SQLi in an HTML form.

Attack Emulation
Our Master course is about emulating such attackers in gaining access to all areas of the OSI layer, including 8 (the human). From initial footprinting of a target environment, to building up an attack pattern based on architecture choices, to targeting humans and gaining an initial foothold into the network using phishing campaigns and techniques used by APT actors.

Tactics, Techniques and Procedures Taught.
Gaining command execution on boxes is a key stage in the attack chain. This module discusses AV evasion techniques, privilege escalation for Linux, Windows and OS X. The art of pivoting through a network is taught, along with efficent ways of owning Microsoft domains. This also includes stealth Tactics, Techniques and Procedures (TTP's)

Students will be versed in the art of:

  • Multi-vector client-side attack vectors (host, network, application and mobile) and compromise.
  • Running and maintaining a successful botnet campaign (Betabot)
  • Payload construction & AV evasion
  • Privilege escalation and persistence.
  • Data harvesting and extrusion.
  • Post exploitation under Windows, OS X and Linux.
  • Lateral network movement.

SensePost Training Portal
We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.

Location
If you wish to have training, please get in touch with our sales team to discuss further.

Enquire

Start date Location / delivery
03 Jul 2019 London Book now

Related article

As we become more reliant on digital technologies, the cyber security industry has grown in order to protect organisations against online attacks. ...