BlackOps you say?
At SensePost we have quite a range of courses in our Hacking by Numbers series. We feel each one has its own special place. I’ve delivered almost all the courses over the years, but my somewhat biased favourite is our relatively new BlackOps Edition. Myself (Glenn) and Vlad will be presenting this course at BlackHat Vegas in July.

Where Does BlackOps fit in?
Our introductory courses (Cadet and Bootcamp) are meant to establish the hacker mindset – they introduce the student to psychological aspects of an attacker, and build on that to demonstrate real world capability. BlackOps is designed for students who understand the basics of hacking (either from attending Bootcamp/Cadet, or from other experience) and want to acquire deeper knowledge of techniques. We built the course based on our 12 years of experience of performing security assessments.

But really, what’s the course about?
This course is aimed at those who’ve been penetration testing for a while, but still feel a bit lost when they’ve compromised a host, or network and want to know the best possible approach to take for the next step. All of the labs in this course come from real life assessments, with the final lab being a full-blown social engineering attack against an admin with pivoting, exfiltration and the works. Specifically, we’re going to cover the following topics:

1. Introduction to Scripting
A hacker who can automate a task is an efficient and effective attacker.

2. Advanced Targeting
A hacker who can quickly and effectively identify targets is a successful attacker. We’ll be looking at non-standard techniques for identifying targets, such as mDNS, IPv6, and even Pastebin.

3. Compromise
You may know how to roll a generic metasploit payload, but we’ll be looking at some lesser utilised approaches to compromis. From WPAD injection, to rogue routers in IPv6, to good old smbrelay attacks.

4. Privilege Escalation
Following on somewhat succinctly, how do you elevate your privileges after compromising a box? Everyone wants to be root or enterprise admin.

5. Pivoting
Once you’ve compromised a lowly developer’s test server on the edge of the network, or the receptionist PC, how do you bounce through that box to get to the good stuff, three DMZs deep? We’ll show you how.

6. Exfiltration
A good hacker knows that finding the jewels is only half the battle – smuggling them out can be just as hard. We’ll look at how we can use non-standard communication channels to exfiltrate data out of a compromised network. Company X has just deployed a really expensive DLP solution, but you really need to get this data out, how do you bypass it?

7. Client Side Attacks
The weakest layer of the OSI stack – the human. Made über popular over the past 18 months, this is Unit 61398 in action.

8. Camouflage (new for Vegas 2013!)

During the infiltration phase of any attack, a hacker will ultimately need to try and execute code on the target system – whether achieved by means of phishing, payload delivery through an exploit or social engineering – running the code on the target system is the ultimate goal of most cyber attacks in the wild. What this means is that an attacker will need to be capable of  bypassing any host-based protection software deployed on the target system for successful exploitation.
This module will run you through the techniques, methods and software currently used by the those targeting large corporates to achieve AV immunity in under any circumstances.

Each module of the above modules is followed by a practical lab to allow you to practise your newly acquired skills. The course finishes with a Capture-the-Flag, with a grand prize. Honestly, this final lab is enjoyable and guaranteed to bring a smile on your face whilst doing it.

We’re looking forward to sharing out knowledge, experience, and passion for security with you. Please sign up here.

-Glenn & Vlad