In this course, we will understand the basics of Windows processes, virtual memory and different techniques to enumerate processes. Then we will look at the fundamentals of process injection and try out techniques like remote Thread Injection, APC, Thread Hijacking and Process Hollowing.
This course is very practical with code examples to illustrate each technique!
Many organizations deploy private registry servers in their internal/external application development/deployment environment. Unfortunately, most often, these servers are not securely deployed. In this entirely lab based course, we will look at various configurational vulnerabilities in docker registry servers. In these labs we have used common deployment architectures of a registry server and shown how an attacker can get valuable information out of images stored on the server.
Reconnaissance the first and probably most important step of pentesting and red-blue teaming exercises. A well done recon can help prioritize which systems to go behind first and to dedicate more time and resources. In recent times, there has been a lot of technological progress in fields in web development, cloud tech, machine learning etc. which has led to a fundamental change in how networks are created and run. There has also been an introduction of a ton of new network and application components because of this. The focus of this course to help attendees understand these new technologies and components better.
Most of us have used Wireshark either academically or professionally for traffic analysis. Its a great tool for microscopic analysis of what is happening in the network. However, its greatest strength is also its greatest weakness i.e. it is extremely difficult to do macroscopic analysis, create custom reports, extract only certain fields from packets for offline analysis etc. This is where Tshark comes in! Tshark is a command line tool created by the Wireshark team and shares the same powerful parsing engine as Wireshark. It is capable of doing most things we’ve come to love Wireshark for, but with the “from command line” advantage. This makes it ideal for batch analysis, offline processing and routine automation of traffic analysis tasks. In this course, we will explore many of these capabilities. It is assumed you have a basic working knowledge of Wireshark and traffic analysis.
Linux dominates the Server, Embedded and now the Internet of Things (IoT) device market. In recent times, embedded systems and IoT devices in particular have been the weapons of choice in online attacks: botnets like Mirai and Reaper to name a few. Soon the simple attack vectors that these botnets and malware use get patched, it is obvouis that the attacker will move and hide his tools in Kernel mode. This course will teach Red-Blue teams how kernel mode attack kits work and what to go about protecting their systems against it. We will use examples on x86_64, ARM and MIPS based architectures.
This entire course will be run on the latest Linux Kernel 4.15.x. This course is completely hands-on and everything will be taught with practical examples in the form of Kernel Modules written in C. You can however follow this course with a basic knowledge of Linux as we discuss everything from the very basics.
This course is a deep dive into Embedded/IoT firmware where we will start from the very basics – understand the multistage boot process, the kernel and root filesystem, how to build them with a custom toolchain and how they can be compromized with user and kernel mode backdoors/rootkits. We will be using the latest 4.15.x kernel for this course on an ARM architecture board.
