Description

In this module, participants will learn about Windows operating systems in general, system management, folder structure, and the concept of exploitation.

Technical content

• Windows Fundamental Components
  o Common Windows Versions
  o Domain vs. Workgroup Environment
  o System Built-in Services
  o Network Configurations
  ▪ Internet Connection State (Public or Private)
  o Security Components
  ▪ The Windows-Firewall
  ▪ Windows Defender
  ▪ Antimalware Scan Interface (AMSI)
  ▪ Local Security Policy
  o CMD and Batch Scripting
  o Windows Server Concepts

Description

Windows systems are vulnerable and have many security breaches. It is the lack of knowledge of the average user regarding security. The flaws found from time to time in the operating system and the various types of software installed on it, are causing Windows to be a lucrative target, so hackers can take advantage of this and use it to manipulate the user and succeed in their malicious actions. In this module, we will exploit Windows through various methods.

Technical content

• Gathering Information
  o Enumerating Windows Services
  SMB
  LDAP
  Kerberos
  IIS
  NetBIOS
  RPC
  o Domain Enumeration
• Attacking the Host
  o Basic Metasploit Modules
  o Preforming Known Exploits
  BlueKeep
  EternalBlue
  o Cross Forest Attacks Using Domain Trust
  o Macro and Hardware-Based Attacks
  o Post exploitation Phase
  Domain Privilege Escalation using DNSAdmin
  Kerberos Ticket Harvesting and Kerberoasting
  Dumping Passwords from the Memory
  Lateral Movement Throughout the Domain
  Domain Persistence using DCShadow

Description

PowerShell is a built-in shell, available on every supported version of Microsoft Windows, which provides incredible flexibility & functionality to manage the Windows system. In this module, we will learn various techniques to use PowerShell as a Red-Team tool in the Windows environment, and how to understand and leverage this capability of the PS platform to gain and maintain access in this environment.

Technical content

• Introduction to PowerShell Scripting
  o What is PowerShell
  o Using ISE, help system, cmdlets, and syntax of PowerShell
  o Scripting Basics
  o Advanced Scripting
  Working with Pipeline, Files, Functions, Objects, Jobs, and Modules
  Improving Performances
  Executing Policies with Scripts
  Command Injection
  • PowerShell as Offensive Tool
  o Recon and Scanning
  Gathering Information about the Network
  Vulnerability Scanning and Analysis
  Strategies
  Avoiding Detection
  Tools Written/Integrated with PowerShell
  o Exploitation
  Brute Forcing
  Client-Side Attacks
  Using Existing Exploitation Techniques
  Porting Exploits to PowerShell – When and How
  Human Interface Device
  Getting Foothold on the System
  o Use Management Tools to Attack Systems
  o Writing Shells in PowerShell
  o Pivoting to other Machines using PowerShell
  Gaining Control of WinRM and WS-Man Sessions

Description

Microsoft Windows has been the primary target for attacks; thus, it has security measures that can help you prevent and avoid them if possible, such as Windows updates, encryption services, and secure connections. In this module, you will learn how to detect and defend against attacks and breaches, and how to avoid them from the start using Windows features and applications

Technical content

• Windows Server Hardening
  o Proper Active-Directory Structure
  o Crafting GPO
  ▪ Blocking App Installation
  ▪ Restricting Access to Command-Lines
  ▪ Registry and Run Access Control
  ▪ Hard-Drive and USB Blocks
  o Patches and WSUS
  o Shared-Folders as Drives
• Host Hardening
  o DEP – Identifying and Handling Suspicious Files
  o Restricting User’s Environment
  ▪ Block User Desktop
  ▪ Store User-Profile Online
  ▪ Lock Local Users
  o Hardening Network Settings
  o BitLocker and Tamper-Resistance
  o Custom Access-Control
  ▪ System Internals Suite
  ▪ Understanding Event Viewer
  ▪ Sysmon as a Service