Windows Post Exploitation w/ Kyle Avery
Instructor: Kyle Avery
Includes: Six months of complimentary access to the BHIS Antisyphon Cyber Range, certificate of participation
Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. Students will learn several modern techniques to operate in a way that minimizes opportunities for detection.
This course goes beyond teaching popular tactics, techniques, and procedures. Students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently.
After taking this course, Students will have:
- Insight into modern post-exploitation techniques for Windows environments
- An enhanced ability to make informed decisions to achieve objectives in a target environment
- Hands-on experience with modern tools and techniques related to post exploitation
WHO SHOULD TAKE THIS COURSE
- Red teamers
- Penetration testers
- Anyone interested in the thought processes and techniques of adversaries
AUDIENCE SKILL LEVEL
Beginners will do well in this course if they are self-motivated and willing to ask questions. The lab documents will walk students through each exercise with specific instructions, and the instructor will be available to answer any questions they may have.
Intermediate and experienced students may find that they were not familiar with some techniques or had not considered some OPSEC implications. Each lab includes a “Next Steps” section with related research topics that students can explore to further their understanding.
Basic programming knowledge and an understanding of core security concepts are all students need in order to follow along with the course material. Students would benefit from penetration testing experience, but it is not required.
WHAT EACH STUDENT SHOULD BRING
- High-speed Internet connectivity
- A computer that can run a Windows 10 virtual machine—a minimum of 50 GB storage, 4 GB memory, and 2 vCPUs is recommended for the VM
WHAT STUDENTS WILL BE PROVIDED WITH
Students will receive a copy of the slides for the course, a script with instructions to create their own virtual machine, and step-by-step walkthroughs for each of the labs.
TRAINER & AUTHOR
Kyle Avery has been tinkering with computers for his entire life. Growing up, he and his dad self-hosted game servers and ran their own websites. He formally studied system administration and compliance at university but spent his free time learning offensive security techniques. Kyle’s hobbies include Hack The Box, homelabbing, and catching the latest drama on infosec Twitter. In 2020 he got his dream job at BHIS, working alongside talented professionals to help companies better understand and secure their networks.