I’ve been developing the new CyberWar 2014 course for a while and I’ve decided to run a beta version of the class. This should give you guys a sneak peak at next year’s material and give me some debugging opportunities.
This course picks up where the wildly successful courses “Advanced Penetration Tester: Pentesting High Security Environments”, and “CyberWar: Emulating Advanced Persistent Threat” left off. The focus of this class is “Taking Intrusion Detection System (IDS) evasion, and Anti-virus bypass to the next level.”
- Per student request there will be absolutely NO Windows 2000, no Windows XP, Vista, or Server 2003 in the entire course. Only Windows 7, Windows 8, Server 2008, Server 2012 and new flavors of Linux.
- Students attack a network of fully patched, and hardened hosts. Each target computer will be running a Host-Based Intrusion Detection System (HIDS), updated Anti-Virus, and a logging agent that reports to a Security Information and Event Management (SIEM) solution.
- There will also be a Network Intrusion Detection System (NIDS), a web content filtering proxy, and a stateful inspection firewall as well.
- The students will have access to the consoles of all of the security appliances. Students will be able to see in real time the events triggered by the HIDS, NIDS, Proxy, and the logs so the students can learn exactly what attacks and defenses really work in today’s high security environment.
Students that are Network/System Administrators with three or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.
It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips and tricks that will help them better attack high security environments.
CyberWar 2014 Outline
Day 1: Attacking From the Outside
- Attacking Hardened Web Applications
- Advanced Methods of identifying SQLI/XSS
- Bypassing Common Web Application Security Mechanisms
- Client-Side Filtering
- Alphanumeric Filtering
- Magic Quotes
- ASP.NET Request Validate
- Bypassing Common Security Products
- IDS Signature Evasion
- Dealing with Web Application Firewalls
Day 1’s Mission:
Attack a mock company’s heavily protected external web applications from the outside
Day 2: Bypassing Anti-Virus & HIPS
- Bypassing Popular Anti-Virus
- Windows Defender
- Bypassing Popular HIPS
- McAfee HIPS
- Symantec EndPoint Protection
Day 2’s Mission:
Bypass the most common host-based security products
Day 3: DLL/Process Injection, SRP/Applocker Bypass
- DLL Injection
- Process Injection
- Bypassing SRP and AppLocker
Day 3’s Mission:
Bypass Group Policy Objects, Software Restriction Policy, and HIPS
Day 4: Advanced Host & Network Enumeration
- Attacking Windows 7 and 8
- Advanced Post-Exploitation
- Attacking 2008/2012 Active Directory
- Advanced Network Enumeration
- Data-Mining 2008/2012 Active Directory with security settings enabled
Day 4’s Mission:
Students will be tasked with gaining access to a highly protected network, finding and stealing critical data and exfiltrating that data without being detected.
Pressure will added to the training environment by constantly changing the environment and its defensive mechanisms at irregular intervals.
Day 5: The Mother Of All CTFs
Get your sleep the night before, eat your Wheaties the morning of because you are about to participate in what will be the toughest CTF around.
This is an online course that will run from August 12th – 16th (Live Online) 10am – 2pm
Course Costs (Note: This is a beta class so the cost will go up next time we run it)
First 10 applicants can signup for $300 USD – click here to see if you can be one of the first 10 signups.