Hands-on Hacking Advanced

Course duration : 3 days of pure hacking and feeling "1337"

Group size : 12 participants maximum

Target audience : System administrators, information security specialists and -managers and any other IT personnel that is not afraid of the shell or command prompt

Pre-requisites : Prior HOHE participation is required to take this course to ensure minimum same level of skill-set

Price : 3 days, 1800 EUR + VAT/ 1 participant

Information and registration:  info@clarifiedsecurity.com

Next public training courses

Contents of the course

Hands-on Hacking Advanced (HOHA) is a follow-up to our Hands-on Hacking Essentials (HOHE) course. While HOHE is an eye-opening “shock therapy” training mostly for defenders, HOHA introduces more of the attacker and red teaming perspective.

With HOHA course we deliver 3 days of first-hand, pure hacking experience where a large „Network Takeover” scenario takes a center stage.

Day 1 - Warm-up scenario. Introduction to C2 frameworks using Tuoni .

Iron Argon Development – a company “Network Takeover ” scenario of fully patched and properly configured networks. After initial reconnaissance of the target domain and public facing services we gain an initial foothold by sending phishing e-mail. Using in memory execution of different tools we gather information from infected workstation and set up persistence.

Day 2 - Iron Argon Development – a company “Network Takeover ” scenario (continues)

Explanation of common .NET offensive tools for enumeration. Using Python and Tuoni API we enhance our C2 user experience. Explanation of kerberoasting. Side mission to recover domain accounts passwords from kerberoasted hashes with Hashcat. Enumeration of AD using Bloodhound. Discovering next targets and potential attack paths from Bloodhound. Lateral movement using different tunneling and C2 features inside the organization network. Bypassing applocker restrictions to execute our malware.

Day 3 - Iron Argon Development – a company “Network Takeover ” scenario (continues)

We continue moving around inside the network, elevating our privileges using common misconfiguration. We steal kerberos ticket from the owned system and implant it into memory to gain more access inside the domain. ADCS misconfigurations are common and Iron Argon Development network is not an exception here. We abuse ADCS misconfiguration to gain even more access inside the domain and then laterally move with new permissions inside the isolated development network segment relaying our C2 traffic via SMB beacon. Side mission to take over other servers including source code repository and backdoor the ransomware.

Trainers

Trainers are Taavi Sonets , Karl Raik and Mihkel Raba .

Taavi Sonets Taavi Sonets

Taavi joined the team in April 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving User Simulation Team Workflow in the Context of Cyber Defense Exercise. Taavi is the main trainer of our Hands-on Hacking training series (HOHE, HOHE FU, HOHA).

Karl Raik Karl Raik

Karl joined the team in September 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving Web Attack Campaign overview in Cyber Defense Exercises. Karl is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.

Mihkel Raba Mihkel Raba

Mihkel joined the team in May 2018 as a Web application pentester. He studied telecommunications in Tallinn University of Technology. After that he has spent almost two decades of building secure networks and developing software. Mihkel is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.

Course objectives

During the 3 days hands-on training experience the participants should build upon HOHE training in understanding of current attacker tool-sets, attack types and methods. By experiencing the attacker mindset and point of view via hands-on exercises the participants will use Tuoni C2 and other tools from a Red Teaming perspective in order to understand what it takes in terms of individual skills to be a red team member.

Delivery

We can deliver on-site at group pricing anywhere in the world where good broadband connection is available. Ask us for the group pricing or for times and locations of our public courses which are currently available directly or via partners in Estonia: BCS Koolitus , Nordic Koolitus .