SC420: Hacking & Pentesting Advanced

Agenda:

Legal Foundations and Recon

• Framework Topics and Ethical Aspects
  • Legal framework for penetration testing
  • Liability issues and contract design
  • Ethical guidelines and best practices
  • Logging and developing recommendations

• Recon and Information Gathering
  • OSINT techniques (Open Source Intelligence)
  • Network scanning and enumeration
  • Remote vulnerability analysis

• Introduction to the Scenario
  • Presentation of objectives and framework conditions
  • Working with Metasploit and Cobalt Strike
  • Overview of available tools and resources

Initial Compromise

• Bypassing BitLocker Encryption
  • Analysis of BitLocker configuration
  • Application of TPM sniffing techniques
  • Extraction of Volume Master Key (VMK)

• Obtaining Local Admin Rights
  
  • Exploitation of operating system vulnerabilities
  • Privilege escalation techniques
  • Bypassing User Account Control (UAC)

• Disabling Security Solutions
  • Analysis of installed security software
  • Techniques for bypassing and disabling antivirus and EDR
  • Handling Windows Defender, AMSI and AppLocker

Post-Exploitation and Lateral Movement

• Lateral Movement in the Network
  • Advanced network scanning and enumeration
  • Exploitation of vulnerabilities in network services
  • Pass-the-Hash and other lateral movement techniques

• Attacks on Active Directory, EntraID and other IAM
  • Enumeration of AD structure
  • Bruteforce attacks on Exchange, VNC SSH and RDP
  • Exploitation of misconfigurations
  • Kerberoasting and AS-REP Roasting

• Establishing Persistence
  • Setting up backdoors
  • Creating hidden admin accounts
  • Manipulation of group policies

Windows and Linux Server Hacking

• Privilege Escalation in LDAP and AD Domain
  • Exploitation of permission errors in Linux servers
  • Techniques for obtaining domain admin rights
  • DCSync attacks
  • Exploitation of trust relationships between domains

• Preparation of Golden Ticket Attack
  • Extraction of krbtgt hash
  • Creation and use of forged Kerberos tickets

Finale and Post-Processing

• Execution of Golden Ticket Attack
  • Generation of Golden Ticket
  • Demonstration of complete domain control

• Cleanup and Obfuscation
• Deleting traces and logs
• Removing backdoors and malicious configurations

Final Debriefing

• Discussion of techniques used
• Recommendations for hardening and defense
• Reflection on ethical implications and legal consequences

Objectives:

Target audience:

This course SC420 Hacking & Pentesting Advanced is targeted at administrators and pentesters who already have experience in hacking and are pursuing an operational certification such as OSCP.

The course is well suited as an introduction or continuation of the additional qSkills™ module courses of the Redteam Skills:

• SC415 EC-Council™ Certified Ethical Hacker (CEH Elite)
• SC355 Open Source Intelligence (OSINT) Practitioner
• OT300 OT Pentesting

Prerequisites:

To be able to follow the content and learning pace of the course SC420 Hacking & Pentesting Advanced effectively, we recommend the following prerequisites:

• Participants should have solid knowledge in Windows and Active Directory environments
• Previous penetration testing experience would be a bonus
• Familiarity with C, C++ and PowerShell would also be advantageous, but not necessary.

Description: