Evasion Techniques and Breaching Defenses: General Course Information
About the PEN-300 Course.
Provided Material.
Overall Strategies for Approaching the Course.
About the PEN-300 VPN Labs.
About the OSEP Exam.
Operating System and Programming Theory
Programming Theory.
Operating System and Programming Theory.
Client-Side Code Execution with Office.
Client-Side Code Execution with Office
Will You Be My Dropper.
Phishing with Microsoft Office.
Keeping Up Appearances.
Executing Shellcode in Word Memory.
PowerShell Shellcode Runner.
Keep That PowerShell in Memory.
Talking to the Proxy.
Client-Side Code Execution with Windows Script Host
Creating a Basic Dropper in JScript.
JScript and C#.
In-memory PowerShell Revisited.
Process Injection and Migration
Finding a Home for Our Shellcode.
DLL Injection.
Reflective DLL Injection.
Process Hollowing.
Introduction to Antivirus Evasion
Antivirus Software Overview.
Simulating the Target Environment.
Locating Signatures in Files.
Bypassing Antivirus with Metasploit.
Bypassing Antivirus with C#.
Messing with Our Behavior.
Office Please Bypass Antivirus.
Hiding PowerShell Inside VBA.
Advanced Antivirus Evasion
Intel Architecture and Windows 10.
Antimalware Scan Interface.
Bypassing AMSI With Reflection in PowerShell.
Wrecking AMSI in PowerShell.
UAC Bypass vs Microsoft Defender.
Bypassing AMSI in JScript.
Application Whitelisting
Application Whitelisting Theory and Setup.
Basic Bypasses.
Bypassing AppLocker with PowerShell.
Bypassing AppLocker with C#.
Bypassing AppLocker with JScript.
Bypassing Network Filters
DNS Filters.
Web Proxies.
IDS and IPS Sensors.
Full Packet Capture Devices.
HTTPS Inspection.
Domain Fronting.
DNS Tunneling.
Linux Post-Exploitation
User Configuration Files.
Bypassing AV.
Shared Libraries.
Kiosk Breakouts
Kiosk Enumeration.
Command Execution.
Post-Exploitation.
Privilege Escalation.
Windows Kiosk Breakout Techniques.
Windows Credentials
Local Windows Credentials.
Access Tokens.
Kerberos and Domain Credentials.
Processing Credentials Offline.
Windows Lateral Movement
Remote Desktop Protocol.
Fileless Lateral Movement.
Linux Lateral Movement
Lateral Movement with SSH.
DevOps.
Kerberos on Linux.
Microsoft SQL Attacks
MS SQL in Active Directory.
MS SQL Escalation.
Linked SQL Servers.
Active Directory Exploitation
AD Object Security Permissions.
Kerberos Delegation.
Active Directory Forest Theory.
Burning Down the Forest.
Going Beyond the Forest.
Compromising an Additional Forest.
Combining the Pieces
Enumeration and Shell.
Attacking Delegation.
Owning the Domain.
Trying Harder: The Labs
Real Life Simulations.
Wrapping Up.