Attacking like a criminal network
The course objectives are to teach students how to hack like a russian criminal network; strong offensive focus drawing on the techniques employed in recent industry hacks. Strong with regards to new vulnerabilities (current year - 3 years) and how to use them to their full potential. From deploying Dridex and Betabot to maintaining access and harvesting data, this course takes you through the TTP's used by criminals.
Understanding Criminal Market Approaches
Criminal markets have grown at an alarming rate. From financial fraud classes on offer in Brasil, to Russian botnet masters renting out expertise and infrastructure for those wishing to start a career in cyber crime, the tactics, techniques and procedures (TTP's) used by attackers today go beyond simply getting lucky with SQLi in an HTML form.
Our Master course is about emulating such attackers in gaining access to all areas of the OSI layer, including 8 (the human). From initial footprinting of a target environment, to building up an attack pattern based on architecture choices, to targeting humans and gaining an initial foothold into the network using phishing campaigns and techniques used by APT actors.
Tactics, Techniques and Procedures Taught.
Gaining command execution on boxes is a key stage in the attack chain. This module discusses AV evasion techniques, privilege escalation for Linux, Windows and OS X. The art of pivoting through a network is taught, along with efficent ways of owning Microsoft domains. This also includes stealth Tactics, Techniques and Procedures (TTP's)
Students will be versed in the art of:
- Multi-vector client-side attack vectors (host, network, application and mobile) and compromise.
- Running and maintaining a successful botnet campaign (Betabot)
- Payload construction & AV evasion
- Privilege escalation and persistence.
- Data harvesting and extrusion.
- Post exploitation under Windows, OS X and Linux.
- Lateral network movement.
SensePost Training Portal
We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.