Offensive Infrastructure Exploitation
COURSE ABSTRACT
Offensive Infrastructure Exploitation is an action-packed hands-on class giving attendees a chance to perform real-world exploitation on corporate infrastructure scenarios.
The training is intended for both absolute beginners and pentesters alike, and starts with the basics of networking, gradually moving to topics such as scanning, enumeration, exploitation and post exploitation, all of which are accompanied with practical lab exercises in a CTF style format.
Offensive Infrastructure Exploitation is a result of years of pentesting experience, compromising some of the highly secure targets combined into one practical and hands-on class.
Since the class is extremely practical, expect to pop a lot of shells during the attack. The training class has a number of targets and you’ll be exploiting both Windows and Linux platforms.
The training class also involves topics including Exploiting private networks, Writing own python exploits, Shellcoding for customizing exploits, attacking Databases and more. The class also gives attendees a hands-on experience with “popular” vulnerabilities such as Shellshock, Heartbleed, POODLE and more.
Offensive Infrastructure Exploitation has been taken by 1000+ security professionals and red team members worldwide to begin and advance their pentesting and exploitation skills.
This course is for you if you want to pentest and exploit infrastructure using cutting edge techniques. The training includes 50+ labs and 30+ challenges which are inspired by real world vulnerabilities and case studies.
Topics covered
course outline
After the class, the attendees will be able to:
- Perform Information Gathering, Network Scanning and Enumeration
- Write own Python scripts for pentesting and web info gathering
- Shellcoding and customizing existing shellcodes
- Learn to use Metasploit for real-world exploitation
- Pentest Linux based systems
- Exploit vulnerable binaries, service misconfigurations, weak file permissions etc.
- Pentesting Windows with UAC Bypass
- Use Powershell for Post-Exploitation
- Pentesting Routers and SNMP interfaces
- Buffer Overflows, MITM, Server Side attacks and Client based exploitation
- Using Port forward and tunneling in real-world pentests
- Web app attacks including XSS, Injections, RCE, File uploads and more.
- Attacking CMS - Wordpress, Drupal and Joomla
- Database Hacking - MySQL, SQL Server, MongoDB, Postgres and Oracle
- Additional real-world exploitation (SSL 2.0, Poodle, JWT, Heartbleed and more)
- Write Python scripts/tools and modify public available exploit code as per requirement in pentest process
- Perform Antivirus evasion, UAC bypassing and firewall bypassing using tunneling techniques
And more.
All the above mentioned topics are taught with an extremely hands-on lab based practical sessions.
Additional Information
What students will be provided with
- Multiple vulnerable machines and applications in the whole network
- Hosted VMs for testing and training labs
- Over 50 labs and 30+ challenges to solve
- Training materials – presentation materials and lab examples
- Custom tools and scripts
- Additional reading materials
Who can attend this course
- Penetration Testers Security Consultants Web Developers
- QA testers
- Web Application Tester
- System administrators
- IT Security professionals with a technical background IT managers
- System architects
- Bug Bounty Hunters
VERSIONS
- 3-days Pentesters Edition
- 5-days Bootcamp Edition
ABOUT THE TRAINER
Vikram Salunke is the founder of VMaskers, and a professional pentester. He has led 100+ pentests over the past years, compromising highly sensitive corporate infrastructures. His primary responsibilities in his recent job roles were to look after Infrastructure security, manage security automation and build internal tools to fight security attacks.
He has also previously worked in various domains including Reverse Engineering, Fuzzing, Source Code Auditing and Mobile application security research. He has also previously spoken and trained at numerous security conferences including CanSecWest, OWASP AppSec, CHCon, NolaCon and more.