Loading Course Schedule...
PT16720
Training Summary
This 5 day course will be focused on advanced exploitation techniques. Course content will include a brief introduction to system exploitation theory and process. Additional content will include advanced topics as delineated below. This course consists of lecture and hands-on exercises practicing these additional techniques.
Prerequisites
Students must be experienced cybersecurity professionals.
Duration
5 Days/Lecture & Lab
Audience
This course is for experienced cybersecurity professionals.
Course Topics
System Exploitation Process
- Replicating the process and architecture of APT attacks
- Attacking fully patched systems
- Buffer Overflows against Windows 2008 Server, Windows 7 clients
- 0 day attacks
- Attacking DMZs and other secured infrastructure
- Port Redirection
- Compromising secured infrastructure
- Using egghunter and meterpreter shellcode
- Metasploit scripting and automation
- NMAP automation
- Running exploits in RAM vs. on disk
- Hiding from IDSs
- Covert Channels
- Privilege Escalation attacks on Windows 7
- Advanced Man In The Middle Attacks
- Traffic Interception
- Hijacking SSL encrypted sessions
- MiTM VoIP attacks
- 0 day vuln discovery process
- Format String attacks
- Windows SEH Stack Overflows
- Writing Windows Shellcode
- Heap Spraying / JIT Spraying
- Fuzzer selection and comparison
- Fuzzing with peachfuzz and SPIKE
- Binary Auditing with IDA Pro
- Portable Executable (PE) Compression and Encoding
- Using a Disassembler
- Anti-disassembling Detection circumvention
- Web app fuzzing
- Advanced SQL Injection
- Cross Site Request Forgery Attacks
- XSS Attacks and XSS Redirection
- RFI and Source Code Injection Attacks
- Proxy cache poisoning