This course is a deep dive into Embedded/IoT firmware where we will start from the very basics – understand the multistage boot process, the kernel and root filesystem, how to build them with a custom toolchain and how they can be compromized with user and kernel mode backdoors/rootkits. We will be using the latest 4.15.x kernel for this course on an ARM architecture board.
In this Hacker Project we will learn how to create an SMS controlled Pentesting Bot! This bot will be able to run nmap scans on your command from anywhere in the world 🙂
Key concepts you will learn:
MS SQL Server is widely used in enterprise networks. Due to its use by third party applications, support for legacy applications and use as a database, SQL Server is a treasure trove for attackers. It gets integrated with in an active directory environment very well, which makes it an attractive target for abuse of features and privileges.
In this training, we will see that how to attack a SQL Server not only as an individual service but as a part of the enterprise network. We will discuss the mutual trust which SQL Server has with domain, users and how linked SQL Servers can be abused. We will perform enumeration and scanning, privilege escalation and post exploitation tasks like Domain Privilege Escalation, identifying juicy information, Command Execution, retrieving system secrets, lateral movement, persistence and more.
Windows Management Instrumentation (WMI) has been used by Windows administrators for various system management operations since Windows NT. As WMI is often used to automate administrative tasks, it is of equal use for attackers as it is for defenders. It is very helpful to understand WMI and its working to be able to fully utilize its power both for Red and Blue teams.
In this training through demonstrations and hands-on, we will discuss how WMI and CIM can be utilized for offensive as well as defensive security. Different utilities like PowerShell built-in cmdlets, PowerShell scripts, native windows tools and Linux tools will be discussed. Various attacks like enumeration and information gathering, lateral movement, persistence, backdoors, modifying security descriptors etc. will be executed by utilizing WMI. We will also discuss how WMI can be used for agentless monitoring, detection of above mentioned attacks and more.
This course focuses on the tools, techniques and procedures to monitor 802.11ac/n networks. We will be learning about both USB and Access Point hardware, pros and cons, and scalable architectures. We will be looking at different hardware for monitoring ranging in price from $40 to $350 and above, both USB and Access Point solutions.
In today’s secured environments, it is almost impossible for Red-Blue Teams to emulate modern adversarial tactics, techniques and procedures using publicly available 3rd party pentesting products. Powerful adversaries typically develop custom code to ensure stealth and undetectability for as long as possible. This course uses a recipe approach to teach Red-Blue teams to do exactly this. In this module, we will specifically look at different techniques to query Process Listing using a variety of Windows APIs. We will also go in-depth into Windows Tokens, different fields and how to get this programmatically. Finally, we will understand how to read-write process memory.
