Cyber Warfare
RT420
Table of Contents
Description
This training is an advanced course that covers topics in the Red-Team Cyber Warfare methodologies. The participants will get an in-depth look into the mind of a Black-Hat hacker.
The training includes defense and offense and takes a deep dive into its practical world using the CYBERIUM ARENA simulator. Participants will learn the different information-gathering tools and security bypassing products that can be leveraged to attack against every layer of defense.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
- Self-work at home between lessons
- Repetition of materials, self-learning, performing tasks, etc…
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.
Target audience
IT Professionals and Organizations that would like to embrace Red-Team’s capabilities
Objectives
- Acquiring the knowledge and tools to become a better Red-Team member
- Becoming familiar with a variety of available tools for performing security-related tasks
- Becoming familiar with a variety of attack scenarios
- Understanding different attack possibilities
- Using automation as a Red-Team member
Pre-requisites
- ThinkCyber Level-2 Courses
Syllabus
Description
In this module, participants will learn to act as Red-Team while attempting to gain information about the target using brute-force, to craft discovery tools, and to fingerprint websites. Furthermore, participants will learn to use social engineering skills to trick the target into revealing information and their location.
Technical content
- Advanced Web-Discovery
o DNS Bruting
Amass Sublist3r aiodnsbrute
o Passive Discovery awesome-osint ShodanHat LinkedInt
o Crafting Discovery Tools in Bash
o Using recursebuster
o Cloud AWS S3 Buckets using inSp3ctor
o Fingerprinting Web Applications BlindElephant Red-Team Banner Grabbing Firewall Detection using wafw00f - Gaining Information about the Target
o Advanced Social Engineering Techniques
o The Browser Exploitation Framework (BeEF)
o Tracking user Locations using Google API
o Enumerating Services Extracting Users from SAMBA NetBIOS RPCClent
o Vulnerability Detection and CVE identifying
o Shodan CLI
o Maltego Teeth
Description
This module is all about gaining access at any cost. Participants will learn to build a password list for brute-force wordlist attacks, perform advanced fuzzing, and finally automate the attacks. Also, participants will practice advanced Red-Team attacks over the network using various specialized tools.
Technical content
- Gaining Access
o Creating Password Lists Wordhound Brutescrape Gitrob CUPP Crunch
o Online Brute-Force to Gain Access SSH Bruting using Hydra Burpsuite Intruder RDP Cracking using Crowbar
o Fuzzing Application Fuzzing Protocol Fuzzing File Format Fuzzing Fuzzers Advantages and Limitations
o Crafting Malware from Source using The-ZOO
o Automating the Attack Advanced Features of Metasploit Crafting Scapy Tools Forging RC Scripts Automating Empire’s API using DeathStar - Network Attacks
o Exposed Printers Abuse
o Advanced MiTM Techniques for Red-Teams Using the DHCP Protocol to Gain MiTM Status DNS Proxy Crafting using DNSChef and MiTMProxy
o Catching LLMNR and NBT-NS Credentials using Responder
o DHCP Starvation Usages and Advantages
o Flooding SIP and SDP Invite Protocol using inviteflood
o Advanced DDoS using UFONET-Framework
o Paralyzing Windows Hosts using Default Services
Description
During this module, participants will learn a variety of methods to gain higher access to the exposed target, such as offline brute-forcing, disabling the SSL function, spying over VoIP and WSL, and more.
Technical content
- Escalating Privileges
o Using Meterpreter for Privilege Escalation
o Gaining Passwords Using Offline Brute-Force
▪ John The Ripper
▪ Cain and Abel
▪ L0phtCrack
▪ DaveGrohl
o Privilege Escalation using Vulnerable Services
o Uncovering Hidden Credentials on Windows Server using BloodHound
o Seemless SSL-Striping
o Intercepting and Abusing WSL Service
o Spying on IP-Phones using VoIP-Hopper and ohrwurm
o Red-Team NSE User Enumeration
o Windows and Linux Exploit-Suggesters - Maintaining Persistence
o Crafting Backdoors
▪ Msfvenom
▪ Nishang
o Firewall, IDS and Honeypot Evasion Techniques
▪ Recompiling the Backdoors
▪ Forging Tunnels using the HTTPTunnel Tool
▪ Using SSH to Hide Backdoor Traffic
▪ Using Automater to Identify Honeypots
o Linux Rootkits for Red Teams
▪ Linux Boot Process
▪ Browsing the Kernel Code
▪ Accessing User Space Process Memory
▪ Understanding the Kernel Network Stack
Description
This module will demonstrate to the new Red-Team the usage of advanced techniques to map the exposed network from the inside, and finally, gain control of the main components of the network.
Technical content
- Mapping the Exposed Network
o Advanced Nmap Reports
o Abusing SQL Server Trust
o Trusted Features of PowerShell
o Finding Exposed Targets using CrackMapExec
o Querying Active Directory Advanced ACL/ACE Bloodhound DNS Beacon Empire – Info Module - Taking Over the Network
o Pass-the-Hash
o Harvesting Kerberos Tickets
o Abusing the DCOM application
o Empire – PSInject
o Building a Keylogger
o THP Red-Team Droppers
o Domain-Control Dump
o Advanced Linux Pivoting using mimipenguin
Labs
- Lab 1 Advanced Web-Discovery
- Lab 2 Network Attacks
- Lab 3 Gaining Access
- Lab 4 Privilege Escalation
- Lab 5 Maintaining Persistence
- Lab 6 Pivoting and Tunneling
- Lab 7 Controlling the Network
- Lab 8 Command and Control
- Lab 9 Red-Team PowerShell
- Lab 10 Working with VPNs
- Lab 11 Securing Linux
- Lab 12 Securing Windows
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participants.
Course Group: FOUNDATION
Hands-on / Theory MiX
The following course is incorporates a high level of hands-on labs exercises, as well as real life study cases:Certification
This course prepares the participant to the following certification:
- OSCP (Offensive Security)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
