DURATION: 3 DAYS
CAPACITY: 25 pax
SEATS AVAILABLE: SOLD OUT
EUR2599 (early bird)
EUR3199 (normal)
Early bird registration rate ends on the 28th of February
Overview
This fast-paced course will teach you how to leverage bleeding edge toolsets and techniques to conduct effective, in-depth penetration tests on the latest, real world network, web and application components. This highly intense, completely hands-on lab based curriculum has been created by our team of industry leading experts with experience in training thousands of professionals from Fortune 500 enterprises, defense and law enforcement agencies.
The class will be conducted on our cloud based, state of the art lab platform where attendees will be doing 100 unique lab exercises in class! Over 90% of class time will be spend on these hands-on, live penetration tests!
Apart from the presentation PDFs, lab handouts, workbooks, video solutions etc. we will also be providing all students 100 Days of free access to our online lab platform after the class! This will ensure you have enough time to revisit the concepts and try the demos again later.
Key Learning Objectives
- Learn to pentest modern infrastructures, server components and networks
- Gain a deep understanding of how to pentest complex applications running on public-private clouds and server farms
- Try out advanced attacks on a live infrastructure to cement your learning (over 100 labs done in class)
Who Should Attend
- Penetration testers
- Red/Blue/Purple teams
- Security researchers, analysts and students with interest in learning real world advanced pentesting techniques
Prerequisite Knowledge
- Basics of penetration testing
- Familiarity with tools such as Nmap, Metasploit, Burpsuite, Wireshark
- Able to read and understand code written in Python (need not be a proficient programmer)
Hardware / Software Requirements
- Laptop with at least 8GB RAM and administrative access
- Latest version of Google Chrome and Firefox installed
Agenda – Day 1:
Module A: Getting Started
- Modern networks, components and application stacks
- Challenges in testing modern architectures
- Attack surface mapping: Direct and Cloud based
- Tools of the trade used in the training
- Logging onto the class lab
- Warmup lab exercises
Module B: Web Servers
Lab Components: Apache, Nginx, Tomcat, Gunicorn, Tornado, Nodejs
- Evolution of web servers and deployment architectures
- Generic, Application and Framework specific deployment issues
- Server specific misconfigurations
- Application specific misconfigurations
- Enumeration, Data Leakage and Exploitation
- Lab Exercises and case studies
Module C: Caching Servers
Lab Components: Memcached, Amazon Elastic Cache
- Caching server architectures in modern deployments
- Fingerprinting and cache data enumeration
- Direct and App based attack vectors
- Cache poisoning and invalidation attacks
- Serialization attacks via stored cache data
- Attack chaining via applications using cache
- Lab exercises
Module D: Web Frameworks
Lab Components: Ruby on Rails, Django, Nodejs applications
- MVC and web framework architectures
- Language based vulnerabilities (Python, Ruby, JS)
- Framework based vulnerabilities
- Fingerprinting and exploitation
- Web to root strategies
- RCE via webapps
- Lab exercises
Module E: Databases – SQL and NoSQL Based
Lab Components: SQL Databases- MySQL, Postgresql, Sqlite and NoSQL Databases- MongoDB, CouchDB, ArangoDB, Couchbase
- Differences between SQL and NoSQL databases
- Pentesting test cases for SQL and NoSQL
- Injection attacks on NoSQL databases
- Privilege escalation and chaining attacks
- Common misconfigurations and exploitation
- Runtime specific vulnerabilities
- Lab exercises
Agenda – Day 2:
Module F: Distributed Queues and Brokers
Lab Components: RabbitMQ, Celery, Kafka, ActiveMQ
- Queue and Broker Basics: Deployment Architectures
- Enumeration, Data Extraction and Manipulation
- Interacting remotely via clients and libraries
- Attacking authentication and access control mechanisms
- Implementation challenges and misconfigurations
- Exploiting plugins and other 3rd party integrations
- Chaining attacks and escalations
- Use of SASL and SSL
- Lab exercises
Module G : Serverless Apps
Lab Components: AWS Lambda, API Gateways, Google Cloud Functions, Azure Functions
- Understanding Serverless Architectures
- Comparison of security models between serverless providers
- Discovering and Enumerating API endpoints
- Malicious injection in event data fields
- Exploitation via untrusted components
- Data Leakage attacks
- Attack chaining
- Internal infrastructure Pivot
- Lab exercises
Module H : PaaS Platforms
Lab Components: Google App Engine
- PaaS platform pentesting challenges
- Case Study: Google App Engine applications
- Understanding traffic routing and ephemeral instances
- Ndb: Cloud Data Store application based injection attacks
- Cache injection and poisoning attacks
- Namespaces and multi-tenancy boundary attacks
- Lab exercises
Module I: Log Analysis and SIEM Systems
Lab Components: Log analysis and SIEM platform attack vectors: ELK, Graylog
- Limitations of Log analysis and SIEM platforms
- Log collection architectures and attack surface
- Log poisoning attacks
- Compromising the agent
- Attacking the collection infrastructure
- Lab exercises
Module J: Datacenter and Container Technologies
Lab Components: ESX, KVM, Docker, Kubernetes
- Deployment architectures and distributed configuration management
- Fingerprinting and exploiting misconfigurations in ESX and KVM
- Docker and Kubernetes: Resource isolation challenges
- Attacking containerized networks and applications
- Privilege escalation to host system
- Lab exercises
Module K: Cloud Services and Apps
Lab Components: AWS, Azure, Google Cloud Platform
- Configuration flaws in public clouds
- Enumerating public cloud servers and APIs
- Attacking public cloud infrastructures
- Pivoting into VPCs and compromising the internal infrastructures
- Privilege escalation and account takeovers
- Lab exercisers from different public cloud services
Agenda – Day 3:
Module L: VoIP Systems
Lab Components: Asterisk Now, Free PBX, Soft VoIP Phones
- VoIP deployment architectures
- Pentesting VoIP servers
- VoIP traffic analysis: SIP-RTP, SIP over TLS + RTP
- Decrypting VoIP traffic: SIP-SRTP, SIP over TLS + SRTP
- Recovering voice data, messages from VoIP traffic
- Lab exercises
Module M: IoT Network Attacks
Lab Components: Mosquitto, CoAPthon, FreeCoAP, ActiveMQ, Apache Qpid
- IoT backbone network architectures
- Server misconfigurations and Client insecurities
- Attack Surface: MQTT, CoAP, AMQP protocols
- Enumeration, Data Leakage and Exfiltration
- Attacking IoT endpoints via Server compromise
- Remote IoT RCEs and other exploitations
- Lab exercises
Module N: Privilege Escalation and Subverting Defenses
Lab Components: Combination of Servers and Applications
- Post exploitation reconnaissance
- Privilege levels and escalation strategies
- Understanding system defenses and subverting them
- Lateral privilege escalation to other accounts
- Vertical privilege escalation to root
- Lab exercises
Module O : Pivoting and Lateral Movement
Lab Components: Combination of Servers and Applications
- Pivoting, port forwarding and lateral movement
- Single pivot exercises
- Double pivot exercises
- Multi pivot strategies and exercises
Module P: Persistence Techniques
Lab Components: Combination of Servers and Applications
- Network and application backdoors
- Kernel mode backdoors
- Tunneling strategies and tools
- Data exfiltration via covert channels
- Lab exercises
Module Q : Hardening and Course Conclusion
- Hardening strategies for modern infrastructures
- Threat and attack surface modelling
- Course conclusion and next steps
- Accessing labs 100 days after class