Dark Side Ops: Custom Penetration Testing

pro

Dark Side Ops: Custom Penetration Testing

Black hat hackers penetrate enterprise networks in the flash of an eye, ravage endpoints for sensitive data, and silently exfiltrate the keys to your kingdom without ever popping an AV alert, flagging the SIEM, or being blocked by the proxy. Dark Side Ops: Custom Penetration Testing enables participants to “break through” to the next level by removing their dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom tool development leveraging the latest in API abuse and advanced code execution techniques. Participants are provided with hands-on experience into the black hat techniques currently used by hackers to bypass network-based enterprise intrusion detection and prevention systems (IDS/IPS), layer 7 web proxies, and data loss prevention (DLP) solutions. The custom approach doesn’t stop there. Participants learn advanced evasion techniques of corporate host-based countermeasures including antivirus and application white-listing solutions by developing, compiling, and deploying custom backdoors, payloads, and persistence deep into protected enterprise networks.

At the end of this course students will be able to:

  • Build custom payload droppers, beaconing backdoors, and interactive shells.
  • Conduct highly targeted and sophisticated custom client-side and social engineering
    attacks.
  • Escalate workstation and network privileges without an exploit.
  • Bypass defensive host and network defense countermeasures such as anti-virus applications, firewalls, IDS, IPS, SIEMs, and strict egress filtering.
  • Establish custom, stealthy persistence in a target network.
  • Pivot undetected throughout a network like a pro using port redirection, tunneling, and proxying.
  • Exfiltrate data from a target network using custom applications and network monitoring evasion techniques.
  • Compile and deploy an advanced, custom HTTP beaconing payload developed internally by the trainers and used regularly on engagements to effectively infiltrate company networks.

Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and social engineering exploitation techniques. To reinforce the knowledge provided by the instruction, participants will complete labs throughout the day, where the coding skills, custom payload delivery, and advanced pivoting techniques from course intrusion will all be necessary.

Go custom or go home!


Contact Us