Advanced Evasion Techniques and Breaching Defenses (OSEP)

$8495

5 days

2024-10-21

Enroll

Essential Skills Gained

Custom exploit development.

Bypassing modern security defenses.

Exploiting authentication and authorization flaws.

Attacking Active Directory and cloud environments.

Format

5 day course with lecture and hands-on labs.

Audience

Pentesters.

Web Application Developers.

Application Security Analysts.

Application Security Architects.

SOC Analysts.

Blue team members.

Description

Enroll
Download PDF

Evasion Techniques and Breaching Defenses: General Course Information

  • About the PEN-300 Course.

  • Provided Material.

  • Overall Strategies for Approaching the Course.

  • About the PEN-300 VPN Labs.

  • About the OSEP Exam.

Operating System and Programming Theory

  • Programming Theory.

  • Operating System and Programming Theory.

  • Client-Side Code Execution with Office.

Client-Side Code Execution with Office

  • Will You Be My Dropper.

  • Phishing with Microsoft Office.

  • Keeping Up Appearances.

  • Executing Shellcode in Word Memory.

  • PowerShell Shellcode Runner.

  • Keep That PowerShell in Memory.

  • Talking to the Proxy.

Client-Side Code Execution with Windows Script Host

  • Creating a Basic Dropper in JScript.

  • JScript and C#.

  • In-memory PowerShell Revisited.

Process Injection and Migration

  • Finding a Home for Our Shellcode.

  • DLL Injection.

  • Reflective DLL Injection.

  • Process Hollowing.

Introduction to Antivirus Evasion

  • Antivirus Software Overview.

  • Simulating the Target Environment.

  • Locating Signatures in Files.

  • Bypassing Antivirus with Metasploit.

  • Bypassing Antivirus with C#.

  • Messing with Our Behavior.

  • Office Please Bypass Antivirus.

  • Hiding PowerShell Inside VBA.

Advanced Antivirus Evasion

  • Intel Architecture and Windows 10.

  • Antimalware Scan Interface.

  • Bypassing AMSI With Reflection in PowerShell.

  • Wrecking AMSI in PowerShell.

  • UAC Bypass vs Microsoft Defender.

  • Bypassing AMSI in JScript.

Application Whitelisting

  • Application Whitelisting Theory and Setup.

  • Basic Bypasses.

  • Bypassing AppLocker with PowerShell.

  • Bypassing AppLocker with C#.

  • Bypassing AppLocker with JScript.

Bypassing Network Filters

  • DNS Filters.

  • Web Proxies.

  • IDS and IPS Sensors.

  • Full Packet Capture Devices.

  • HTTPS Inspection.

  • Domain Fronting.

  • DNS Tunneling.

Linux Post-Exploitation

  • User Configuration Files.

  • Bypassing AV.

  • Shared Libraries.

Kiosk Breakouts

  • Kiosk Enumeration.

  • Command Execution.

  • Post-Exploitation.

  • Privilege Escalation.

  • Windows Kiosk Breakout Techniques.

Windows Credentials

  • Local Windows Credentials.

  • Access Tokens.

  • Kerberos and Domain Credentials.

  • Processing Credentials Offline.

Windows Lateral Movement

  • Remote Desktop Protocol.

  • Fileless Lateral Movement.

Linux Lateral Movement

  • Lateral Movement with SSH.

  • DevOps.

  • Kerberos on Linux.

Microsoft SQL Attacks

  • MS SQL in Active Directory.

  • MS SQL Escalation.

  • Linked SQL Servers.

Active Directory Exploitation

  • AD Object Security Permissions.

  • Kerberos Delegation.

  • Active Directory Forest Theory.

  • Burning Down the Forest.

  • Going Beyond the Forest.

  • Compromising an Additional Forest.

Combining the Pieces

  • Enumeration and Shell.

  • Attacking Delegation.

  • Owning the Domain.

Trying Harder: The Labs

  • Real Life Simulations.

  • Wrapping Up.

Your Team has Unique Training Needs.

Your team deserves training as unique as they are.

Let us tailor the course to your needs at no extra cost.