The participants know the most prevalent security issues in typical company networks. They learn about the most important IT security principles, attacker tools and methodologies and are able to gain hands-on experience and train their skills in realistic attack scenarios. The participants understand how attackers proceed, what tricks they use and which vulnerabilities are commonly exploited. They are able to check their company independently for weak spots and can introduce and apply the corresponding countermeasures. In this course, network and system administrators learn how to protect and defend their infrastructure against realistic attacks according to current standards and best practices.
- Information Gathering (Google, Website, whois, Subdomain Enumeration, Certifcate Transparency, DNS)
- Network Discovery with nmap (host and service discovery)
- Network sniffing (tcpdump, Wireshark)
- Vulnerability scanning (Nessus)
- Exploitation (shells, metasploit, ExploitDB)
- Privilege escalation in Windows and Linux (PowerSploit, LinEnum, Mimikatz)
- Lateral movement (Pass the Hash, Responder, NTLM Relay)
- Active Directory security (BloodHound, PingCastle)
- Command and Control Frameworks
Demarcation: This course primarily treats attacks on the network and system levels. The attacks on web applications are covered in the Web Application Security courses. Analysis and monitoring of logs will be treated in the courses on forensics and APT analysis.
The exercises will be done on www.hacking-lab.com as well as in a local lab environment. Following the course, the Hacking-Lab environment is available to the participants for 30 days more.
- Security Officers
- Network Administrators/Engineers
- System Administrators (Unix/Linux/Windows)
- Firewall Administrators/Engineers
- Active Directory Engineers
- Familiarity with command lines (Windows PowerShell, Linux Bash)
- Basic knowledge of network protocols (TCP/IP)