3-DAY TRAINING 4 – Red Teaming as a Service: Simulating Blackhat Attacks for Organisations
DURATION: 3 DAYS
CAPACITY: 23 pax
SEATS AVAILABLE: 2
EUR2599 (early bird)
EUR3199 (normal)
Early bird registration rate ends on the 28th of February
Overview
The goal of the training is to give a red teamer’s perspective to hackers and penetration testers who want to up their game of VAPT. We will start first with the fundamental concepts of red teaming and its process followed by differentiating how red-teaming is different than normal pentesting and the benefits of having a red-teaming approach towards application security testing. After this, the training will build upon from the ground up starting with the fundamental concepts of Information Gathering and Recon + various un-common tools and techniques to gather much more information about a target. We will then share red-teaming techniques for VA of Web and Mobile Applications where we will discuss various tools and tricks to find more bugs which will be followed by exploitation and data extraction methodologies. Not only will we be going through various automated tools and manual analysis, but the focus will also be on making the tools work efficiently and effectively by tweaking and debugging them. This will also include multiple case studies of interesting Business Logic vulnerabilities and how to spot them. Then we will cover numerous pivoting and privilege escalation mechanisms that help a red teamer move swiftly inside a corporate network without alerting the SOCs. The training will be packed with tons of real-life case studies we encounter during our staple + BONUS: A step by step case study of how we owned various pharmaceutical devices inside a corporate manufacturing network of a million dollar pharma client who wanted more than VAPT.
Who Should Attend
Intermediate to experienced Pentesters, Bug Hunters, DevOps,Security Researchers, Security Experts and Security Managers/Architects
People who want to introduce red team tactics to their hacking and security methodologies are the main focus of the training as the training is built to give the attendees a red teamers perspective so that they can implement red team approaches (for hackers) or prevent against them (for security managers).
Key Learning Objectives
Red Teaming and its approaches
Setting up a lightweight testing environment for maximum efficiency
OSINT techniques
Hunting for bugs and vulnerabilities that slip past automated scanners
Manual Exploitation of critical vulnerabilities and customizing public tools to work better
Data exfiltration techniques
Network Pivoting
Being stealthy, clean yet efficient while walking inside corporate networks
Interesting Case Studies
Prerequisite Knowledge
VAPT Basics
Network and OS Basics
OWASP Top 10
SANS Top 25
Hardware / Software Requirements
Laptop with Linux (Kali preferred in Virtual Machine) and min 4 GB ram (8 GB if VM)
Working Internet Connection via LAN and WiFi
Basic pentesting tools like Burp Suite (Pro preferred), Sqlmap and scripting engines like python and perl etc
Virtualbox/VMware
Agenda – Day 1:
Introduction
What we do
What is the training going to be about
Lab Setup for real-life red teaming
Red Teaming techniques, methodologies and tricks across phases of VAPT
Real life Case studies, interesting hacks and how they were done
Red Teaming – What and Why
The process
Demand: A complete black box red teaming exercise to test how well the
existing security team is doing
Information: The name of the organisation and the most critical assets
VAPT Process to follow:
Information Gathering and Recon
Asset Mapping and Level 2 Recon
Vulnerability Assessment – P0s and P1s only
Penetration – Find the single most critical point of entry that will
lead us quickest to the HVTs
Escalate pivot Escalate pivot…. till we own everything
Assess the damage on each pawned asset
Lab setup
Environment
OS
Security Configuration
Tools to install
Pro Tips
Information Gathering and Recon
Why
What to gather – Domains, subdomains, IP ranges, server arch, other
online devices, emails, leaked passwords, SSL signatures, Whois, related
organisations, related people, web applications, mobile applications,
development technologies used, etc
How to gather – Automated and Manual Recon
Asset Mapping and Level 2 Recon
Identifying critical assets
Per-asset recon – Port and Service Enumeration, Web App technology
stacks, Server software in use, Mobile app stack, Physical network
architecture, domain history, server hosting history, Employee History
,Social Media Presence etc
Web Application Wreakage
Information gathering on web apps and servers
Subdomain harvesting,Zone Walking
Shodan and Censys
Hunting Directorys
Port and Service Scanning
Public Exploits
Vulnerabilities we will look at:
Uncommon SQLis
Command execution
Code Injection
Shell Uploads
File Inclusions
Business Logic Flaws
Payment Gateway Flaws
Authentication /Authorisation flaws (Vertical And Horizontal)
IDORs
SSRF
XXE
Security Misconfigurations
Brute force/ Rate-limiting Flaws
Attacking CMS – WordPress, Drupal, Joomla
Agenda – Day 2:
Interesting Case Studies and Bypassing Tricky Firewalls
Pivoting From Web apps to Servers and Servers to Network
Gaining server access
SQLi
Shells
File inclusions
Command/Code injection
XXE
Misconfigured Services
Components with vulnerabilities
Lab Setup
Metasploit with DB
Workspaces and importing Nmap scans
Team Server and Armitage
FUD Reverse Shell tricks
Privilege escalation
Local exploits
Exploiting misconfigurations
Poweshell exploitation
Automating Domain Controller takeover
Looting passwords, hashes, tokens and much more
Network Pivoting
Passing the hash
Manual Pivoting
Multi Level Pivoting
Hacking from within
Data Exfiltration techniques
Reporting
Tips to avoid making noise in the network
Case Studies
Agenda – Day 3:
Practice and Doubts
Live Hacking Challenges on Vulnerable Environments