Advanced Infrastructure Security Assessment

Trainer Name: Omair

Title: Advanced Infrastructure Security Assessment

Duration: 4 Days

Dates: Sept. 23, 2021 To Sept. 26, 2021

Time: 10 a.m. To 2 p.m.


Course Content

  • Exploiting network service to gain a foothold
    • Discover network services
    • Try exploitation with public tools
    • Customize public exploit to gain access
  • Pivoting Lab
    • Pivoting using Meterpreter and SOCKS Tunnel
    • Proxy Chains
    • Discovering and exploiting internal network
  • Hacking the Evil Corp
    • Discover apps and services
    • Exploit configuration weaknesses for information gathering Exploit workstations
      • Exploit custom services
  • Windows Domain Exploitation
    • Network discovery and gaining entry to the domain
    • Credential extraction from memory
    • Active Directory enumeration
    • Kerberos attacks
      • Pass the Ticket
      • Kerberoasting
  • Domain privilege escalation
  • Lateral Movement
    • PsExec / WMIExec with Hash / Ticket (PtH / PtT)
    • Golden Tickets
  • Enterprise services exploitation
    • Symantec BackupExec
    • Symantec Messaging
    • Gateway Microsoft Exchange
    • Oracle Database Server

Prerequisites

  • Experience with vulnerability assessment and penetration testing
  • Familiarity with web application security vulnerabilities
  • Basic knowledge of TCP / IP network protocol
  • Familiarity with virtualization tools like VMware / VirtualBox

What To Expect

  • Exposure to infrastructure penetration testing tools and techniques
  • Exploiting enterprise network
  • Live real-life scenarios
  • Multi vector attacks
  • Exploiting configuration vulnerabilities
  • Capture the Flag (CTF) to test skills

What To Bring

  • A laptop with administrator privileges
  • Minimum 50 GB of free hard disk space
  • Minimum 4 GB RAM for virtual machines
  • A Laptop should have an ethernet and wifi capability
  • VM Player or VMWare Workstation installed

 

About the Trainer

Omair has over eight years of experience in penetration testing, vulnerability assessment and network security. He has been responsible for maintaining a secure network for mission critical applications. His area of work includes Vulnerability Assessment, Security Audits, Penetration Test, Source Code Reviews and Trainings.

He was led penetration tester for various clients in the telecom, retail, government and banking sector based in India, Saudi, Morocco, Mauritius, UAE, Kuwait, Oman and Bahrain with a team size varying from 5-8 members.

He has also published security advisories pertaining to various vulnerabilities in commonly used software like Excel, Real Player, Internet Explorer and Chrome. His area of expertise includes Vulnerability Research, Reverse Engineering and Fuzzing. Some of the latest CVE’s reported by him CVE-2015-1240, CVE-2015- 1668, CVE-2015-0043, CVE-2015-0042, CVE-2014-4128, CVE-2014-6354, CVE-2014-4145, CVE-2014- 4050, CVE-2014-1772, CVE-2014-0313, and CVE-2014-0263.

Omair has various industry certification under his name.

  • OSCP Offensive Security Certified Professional
  • CEH Certified Ethical Hacker
  • RHCE Red Hat Certified Engineer
  • VCP VMware Certified Professional
  • JNCIS-JES Juniper Networks Certified Internet Specialist, Enhanced Services
  • JNCIA-EX Juniper Networks Certified Internet Associate, Enterprise
  • IBM Certified System Expert - System x Blade Centre Technical Switching Support V5
  • IBM IBM System x Technical Principles V9
  • HP Accredited Platform Specialist - Proliant ML / DL Servers