Training

Education is the most powerful weapon which you can use to change the world

Having trained thousands of students on the art of network and application exploitation for the past decade, it's safe to say we enjoy teaching others how to own networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.

Master

Master

Our Master course is aimed at existing penetration testers and people with a solid and technical understanding of penetration testing tools and techniques. Using Nmap, metasploit and getting a webshell should not be new concepts.

Course outline

Attacking like a criminal network

The course objectives are to teach students how to hack like a russian criminal network; strong offensive focus drawing on the techniques employed in recent industry hacks. Strong with regards to new vulnerabilities (current year - 3 years) and how to use them to their full potential. From deploying Dridex and Betabot to maintaining access and harvesting data, this course takes you through the TTP's used by criminals.

Understanding Criminal Market Approaches

Criminal markets have grown at an alarming rate. From financial fraud classes on offer in Brasil, to Russian botnet masters renting out expertise and infrastructure for those wishing to start a career in cyber crime, the tactics, techniques and procedures (TTP's) used by attackers today go beyond simply getting lucky with SQLi in an HTML form.

Attack Emulation

Our Master course is about emulating such attackers in gaining access to all areas of the OSI layer, including 8 (the human). From initial footprinting of a target environment, to building up an attack pattern based on architecture choices, to targeting humans and gaining an initial foothold into the network using phishing campaigns and techniques used by APT actors.

Tactics, Techniques and Procedures Taught.

Gaining command execution on boxes is a key stage in the attack chain. This module discusses AV evasion techniques, privilege escalation for Linux, Windows and OS X. The art of pivoting through a network is taught, along with efficent ways of owning Microsoft domains. This also includes stealth Tactics, Techniques and Procedures (TTP's)

Students will be versed in the art of:

  • Multi-vector client-side attack vectors (host, network, application and mobile) and compromise.
  • Running and maintaining a successful botnet campaign (Betabot)
  • Payload construction & AV evasion
  • Privilege escalation and persistence.
  • Data harvesting and extrusion.
  • Post exploitation under Windows, OS X and Linux.
  • Lateral network movement.

SensePost Training Portal

We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.

Location & Time

Will be discussed

Our courses are delivered publicly by our training partner Blackhat. For further information on the next public course, please visit Blackhat.com. If you wish to have In-house training, please get in touch with our sales team to discuss further.