Infrastructure Pentesting Bootcamp (IPB)

DAY 1: Mastering Reconnaissance and Enumeration\n\nModule 1. Reconnaissance Techniques\n\n\n- Review of goals for testing\n- Mastering scanning tools\n- Attacking password authentication\n- Executing initial access techniques\n- Network traffic sniffing and analysis\n- Covert channel delivery and exfiltration\nModule 2: Operating system oriented environment enumeration\n\n\n- Understanding Windows & Linux network architecture\n- Enumerating Windows domains and workstations\n- Identifying high value targets (users, admins, devices etc.)\n- Identifying roles of different machines (Domain Controllers, File Servers, etc.)\n- Utilizing Nmap for operating system-specific scans\n- Accessing sensitive data\nDaily Summary: Discussing possible points of entry and mitigation strategies.\n\nDAY 2: Mastering Hunting for Vulnerabilities\n\nModule 3: Hunting for Vulnerabilities\n\n\n- Discovering live systems\n- Getting information from open ports\n- Misusing typical services NetBIOS, SMB, and other\n- Metasploit and other tools\n- Automation techniques\n- Mastering Powershell / Powersploit\n- Manipulating SMB, RDP, and other protocols for control and data exfiltration\nDaily Summary: Discussing vulnerability management and possible mitigations.\n\nDAY 3: Mastering identity attacks and protocol flows\n\nModule 4: Attacks on NTLM: Execution and Mitigations\n\n\n- Understanding and exploiting NTLM\n- Pass-The-Hash\n- Over-Pass-The-Hash\n- NTLM relay\n- NTLM attacks detections\n- Hardening NTLM authentication\nModule 5: Attacks on Kerberos authentication: Execution and Mitigations\n\n\n- Understanding and exploiting Kerberos\n- Core concepts (tickets, keys, SPN)\n- Authentication flow\n- PKIinit\n- Refreshing PAC\n- Authentication Monitoring\nModule 6: Attacks against Kerberos tickets: Execution and Mitigations\n\n\n- Pass-The-Ticket\n- Silver ticket\n- Golden ticket\n- Keberoasting\nDaily Summary: Discussing identity protection techniques.\n\nDAY 4: Advanced attacks on Active Directory and Entra ID\n\nModule 7: Advanced AD Attacks: Execution and Mitigations\n\n\n- DCSync\n- DCShadow\n- NGC/shadow credentials\n- Advanced persistence techniques\n- Skeleton Key\n- Windows Hello for Business Security,\n- AdminSDholder\n- Offline access attacks\n- Decrypting secrets with DPAPI and DPAPI-NG\n- Attacks against smart card authentication\nModule 8: Azure and Entra ID pivoting\n\n\n- Cloud enumeration\n- On-prem to cloud pivoting\n- Cloud to on-prem pivoting\n- Entra ID security review\n- Stealing Entra ID tokens\n- Entra ID MFA and FIDO2 auditing\n- Entra ID application security\n- Catching signs of attack on-prem and in the Cloud\nDaily Summary: Discussing security features and misconfigurations that help or lead to attacks.\n\nDAY 5: Mastering Enterprise Exploitation, Post-Exploitation and Pivoting\n\nModule 9: Mastering Exploitation of Enterprise Services\n\n\n- Exploiting PKI services\n- Exploiting MSSQL Severs\n- Exploiting IIS\n- Exploiting ADFS\n- Bypassing application whitelisting\nModule 10: Mastering Persistence and Lateral Movement\n\n\n- Techniques for lateral movement recap\n- BITS Jobs\n- Boot or Login Autostart Execution\n- Boot or Login Initialization Scripts\n- Browser Extensions\n- Compromising Software Binary\n- Event-Triggered Execution\n- External Remote Services\n- Hijack Execution Flow\n- Office Application Startup\n- Scheduled Task/Job\n- Server Software Component\n- Traffic Signaling\n- Persistence through Registry keys\n- Malicious services\n- Fileless malware\nDaily Summary: Discussing mitigations and monitoring capabilities.

- Penetration Tester: Experienced in performing authorized simulated attacks to identify vulnerabilities and seeking to deepen your skills in advanced network and system exploitation.\n- Security Analyst: Responsible for monitoring, analyzing, and defending against security threats and looking to enhance your ability to identify and mitigate complex vulnerabilities.\n- IT Professional: Managing and securing IT infrastructure, eager to learn cutting-edge techniques to protect your organization™s assets from sophisticated cyber attacks.\n- Cybersecurity Professional: Focused on safeguarding organizational data and systems, aiming to stay ahead of the latest threats and improve your defensive strategies.\n- Geeks with an IT Background: Excited to start an adventure in the cybersecurity pentesting field, ready to dive deep into hands-on learning and practical application of advanced pentesting techniques.