Penetration Testing for Systems and Network Admins w/ Qasim Ijaz & Jake Nelson
October 17 @ 8:30 am – 5:00 pm MDT
Course Length: 16 Hours
Format: In-Person Only
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation.
- In-Person: $1,095
Includes In-Person Conference Ticket
Clicking this button will take you to Cvent to complete your registration.
Course abstract: The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to:
- Perform a comprehensive penetration test against Active Directory environments.
- Spot a bad penetration test.
We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
- What does a good pen test look like?
- Pre-assessment activities
- Passive and active information gathering
- Vulnerability analysis in an Active Directory environment
- Post exploitation
- Lateral movement
- Domain privilege escalation
Who should attend this training and what are the key take aways:
This course is a culmination of the what Blue Bastion’s red and blue teams have done learned helping our clients build comprehensive security programs. We will not only talk about technical and fun hands-on keyboard hacking but will also discuss the boring yet important business side of this field. Students, red and blue teamers alike, will walk-away armed with examples and best-practices related to delivering maximum value out a penetration test. This course is a culmination of the what Blue Bastion’s red and blue teams have done learned helping our clients build comprehensive security programs. We will not only talk about technical and fun hands-on keyboard hacking but will also discuss the boring yet important business side of this field. Students, red and blue teamers alike, will walk-away armed with examples and best-practices related to delivering maximum value out a penetration test.
A Note to Prospective Students:
An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Windows administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, and what HTTP GET and POST requests look like. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based.
Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. Please ensure you have Kali Linux up and running with at least the following tools: impacket-scripts, evil-winrm, Git, Python, BloodHound (bloodhound.py and BloodHound gui), and crackmapexec.
Course Authors & Instructors
Qasim “Q” Ijaz is a Senior Security Consultant at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “dry” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.
Jake Nelson is a Senior Security Consultant at Blue Bastion Security. He comes from Linux and Unix administration background. Jake has worked in a variety of industries and has been pentesting for the last 3 years. Teaching students has been a favorite part of his previous jobs and that has resulted in helping to teach clients how to better secure their networks.
Instructor Twitter Handle: @bluebastion1