Malware background

A Crash-Course on Internal Network Pen Testing

Tuesday, October 08, 2019 - Thursday, October 10, 2019
09:00 AM - 05:00 PM
Allstate @ The Railyard
1414 South Tryon Street, Charlotte, NC, USA

We’ll cover everything you need to know to perform a basic internal penetration test over two days of lecture and lab. The schedule is jam packed, and more than likely you’ll leave without having had the chance to digest all the material or work through all the lab activities. That’s why we include a course

manual and a month of private lab access after the course for you to reference and practice everything we covered in a realistic corporate network.

Who Should Take This Training:

•    Anyone looking to get into penetration testing

•    Entry level penetration testers

•    IT Administrators with an interest in security


While you don’t necessarily need any prior security experience to take this course, you’ll get the most

out of it with a basic grasp of the following:

-       Basic Networking Concepts

-       Windows Active Directory

-       Windows & Linux Command Line

What to Bring:

-       Just a Laptop!

What You’ll Get:

-       One Month of Lab Access

o Each student gets their own lab environment

-       Downloadable course materials

Day 1:

1)    Tools of the Trade

a)     Kali, Nmap, PowerSploit, C2 tools

2)    Methodology

a)    Vulnerability Scan vs Pentest

b)    Attack Chain

3)    Preparing for a Penetration Test

a)    VM and Host configuration

b)    Command and Control Infrastructure

4)    Recon and Vulnerability Discovery

a)    Initial Enumeration and Scanning

b)    Manual Information Gathering

5)    Unauthenticated Entry Points

a)     Tomcat, Jenkins, JBoss, etc

b)    Databases

c)    FTP, VNC, and other services

6)    Local Privilege Escalation

a)    Windows – PowerUp, etc

b)    Linux

7)    Active Directory

a)    Basic AD Enumeration

b)    Extracting domain credentials

8)    Lateral Movement

a)    Methods

b)    Testing and Searching for access

Day 2:

9)    Active Directory Continued

a)     Kerberoasting

b)    Hopping Domains

10) Searching for Target Data

11) Alternative Command and Control

a)    Covenant C2

b)    Advantages of SMB communications

12) Splunk Basics

a)    Interface and feature overview

b)    Threat Hunting

c)    Detection Engineering

Day 3:

13) CTF!

a)    Practice what you’ve learned in a new lab environment

b)    Capture as many flags as you can find!

Instructor Bio’s"

Chris - Chris is an experienced penetration tester with 5 years in the information security industry. He's led a diverse range of red team assessments, from internal networks, to spear-phishing exercises, to web and mobile applications. His areas of interest include exploit development, offensive security training and education, and automation and tool development.

Map of Event Location
Ticket Sales Ended

No tickets are available for this event.

Contact Organizer

Cha-HA - Charlotte Hackers Anonymous