Advanced Infrastructure Hacking

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration).

============== Course Outline ============== Note: This is a fast paced version of the original 4 day class, cut down to 2 days. To fit the entire training material within 2 days, some of the exercises have been replaced by demos which will be shown by the instructor. Students will receive FREE 1 month lab access to practice each exercise after the class. Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. While prior pentest experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial. The following is the syllabus for the class: Day 1: * IPv4/IPv6 Basics * Host Discovery & Enumeration * OSINT & Asset Discovery * Hacking Application and CI Servers * Oracle Database Exploitation * Windows Vulnerabilities and Configuration Issues * Windows Desktop 'Breakout' and AppLocker Bypass Techniques * A/V & AMSI Bypass Techniques * Offensive PowerShell Tools and Techniques * Local Privilege Escalation * Post Exploitation Tips, Tools and Methodology * An Introduction into Active Directory Delegation * Pivoting, Port Forwarding and Lateral Movement Techniques Day 2: * Linux Vulnerabilities and Configuration Issues * User/Service Enumeration * File Share Hacks * SSH Hacks * Restricted Shells Breakouts * Breaking Hardened Webservers * Local Privilege Escalation * MongoDB, TTY, Reverse tunneling * Post Exploitation * VLAN Hopping * Docker breakout * Kubernetes vulnerabilities * Hacking VoIP * Exploiting Insecure VPN Configurations

Presenters:

  • Anant Shrivastava - NotSoSecure
    Anant Shrivastava is an information security professional with 9+ years of corporate experience and expertise in Network, Mobile, Application and Linux Security. He is the Regional Director for the Asia Pacific Area for NotSoSecure Global Services and has trained about 600 delegates at various conferences (Blackhat all 3 editions, Nullcon, g0s, c0c0n, ruxcon). Anant also leads the Open Source project Android Tamer (www.androidtamer.com) and CodeVigilant (www.codevigilant.com). His work can be found at anantshri.info

Links:

Similar Presentations: