Introducing Mike Saunders’ riveting YouTube video “Roll for Stealth: Intro to AV EDR Evasion”! In October 2022, his talk at Wild West Hackin’ Fest in Deadwood, SD was recorded and is now available to demystify the often intimidating challenge of dodging detection from modern security software
The course progresses from basic to very advanced practical OSINT techniques that you can use in your investigative routine. No special software, operating system, or paid licenses are required. Bookmarks for all tools and websites used will be provided for quick access.
Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents.
Do you want to level up your cloud penetration testing skills? The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this training course, hacking concepts will be introduced for each of those services.
In this training course, we will examine the different types of penetration testing engagements and take a deep dive into establishing a repeatable testing methodology for executing quality tests. We will look at some tools of the trade to understand what they are doing under the hood, identify what separates a great finding from a good finding in reports, and really zero in on establishing your own methodology!
Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.
This hands-on course covers a variety of offensive tools, such as Nmap, Recon-ng, Metasploit, Proxychains, Responder, and many more. Through a series of practical labs, you will gain experience in using these tools to assess the security of systems and networks.
In addition to learning how to use these tools effectively, you will also explore the ethical considerations surrounding offensive tooling, how to responsibly use these tools to protect sensitive information, and prevent cyber attacks.
This 16-hour course is a quick jumpstart on the Linux command-line. Start from the basics and work all the way up to command-line programming. Short learning modules and lots of practical hands-on activities will put you on the road to Linux command-line mastery. And electronic copies of everything are yours to take home, so you can continue the learning even after class is over.
The course simulates real world attack scenarios with a focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities.
We cover topics like AD enumeration, what tools to use, domain privilege escalation, gaining credentials, Kerberos based attacks (Golden ticket, Silver ticket and more), and Delegation abuse. The training will be conducted in a hands-on manner, with participants performing various exercises and simulations to understand how attackers can compromise Active Directory environments.
Modern Webapp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. This course doesn’t worry about where a student falls on the imaginary scale of beginner to expert but instead focuses on finding and exploiting the kinds of issues found in real webapps today, based on the instructor’s many years of ongoing experience in testing real webapps today.