For direct assistance contact us! +91-9999508202 [email protected]

offensive ctf 

 Offensive CTF training fill the gaps between tools , techniques and procedure used by pentesters during engagements .  Offensive CTF training covers Critical infrastructure security issues, Internal & external Network Penetration testing, Hunting critical web app threats, and Overall database security audit of an enterprise at its best level.

We are focusing on the overall development of a candidate, so in the initial stage of the training, we will focus on fundamental concepts of administration of Linux, customization of Linux environment as per need, detailed understanding of Windows systems.

Next stage, we focuses on PowerShell scripting methodologies  and Web application critical attack hunting .

Finally, its time of hands-on practice, we will cover up the methods of evading the defenses ,linux  and windows assessments , Active directory lateral movement  and various post-exploitation techniques with industry-focused real-time use-cases.

We have also introduced buffer overflow in thick client applications .This concept is crucial as per secure software development guidelines & product quality. 

Overall Offensive CTF  training will help you to understand the configurational and poor polices implementation issues in the organisations . Also this training will improve your KRA/KPA to get more benefits in Job.

OFFENSIVE CTF

REAL LIFE CASE STUDIES

INSTRUCTOR-LED SESSIONS

INDUSTRY DRIVEN CERTIFICATION

DAILY ASSIGNMENTS

STUDENT LEARNING KIT

 

syllabus

syllabus

Offensive CTF - CTF1337 1
module 1 : environment setup and Enumeration primer
  • Pentesting standards and ROE guidelines
  • Prod environments vs Compliance centric environments 
  • Linux Advanced Commands & Usages
  • Hashing and brute forcing techniques
  • Types of shells & Restricted Privileges
  • Automated and Manual service enumeration
  • Scanning primer for pentesters
  • File transfer anatomy
  • Windows Server Administration essentials.
Offensive CTF - CTF1337 2
module 2 : linux systems beyond configuration Issues
  • Linux Sudoers misconfigurations
  • SUID  & SGID implementations issues
  • Cron Jobs  and wildcard misconfigurations
  • Docker Implementations issues
  • File access and capabilities misconfigurations
  • Kernel and software vulnerabilities
  • Other Beyond Linux Insecurities
  • Secure system hardening guidelines
Offensive CTF - CTF1337 3
module 3 : windows systems beyond configuration ISSues
  • Windows System Commands and usages
  • Windows Registry Insecurities
  • Hot Fixes and vendor nutral software issues
  • Stored credentials exfiltration
  • Authentication and poor password security implementations
  • Envriourmental Access control and poor permissions
  • Insecure service implementations
  • Path related misconfigurations
  • DLL hijacking possibilities 
  • Beyond misconfiguration issues
Offensive CTF - CTF1337 4
module 4 : Critical web based attacks
  • Web application architecture and web fundamentals
  • Poor implementation of web servers
  • Authentication bypass and sqli attacks
  • Session Hijacking and broken access control
  • Encodings for RCE
  • Sql injection to RCE
  • Command Injection to RCE
  • Local FIle inclusion to RCE
  • Remote File inclusion to RCE
  • File upload to RCE
  • SSRF and XML to RCE
  • Multiple CMS Critical attacks and Remote code execution .
  • Defense in depth
Offensive CTF - CTF1337 5
module 5 : Powershell for Pentesters
  • Powershell basics
  • Powershell cmdlets usage
  • Powershell file handling and Downloading data
  • Powershell shellcode and droppers
  • Powershell execution in restricted environments
  • Windows API interaction with powershell
  • AMSI service protections and bypassing methodologies
  • Automating the Enumeration and data exfiltration with powershell .
Offensive CTF - CTF1337 6
module 6 : AV evasion and C2 for pentesters
  • Understanding of AV scanning engines and EDR platforms
  • Automated shellcode development tools  
  • Process Injections for system takeover
  • Encoding Operations for evasion
  • Shellcode development with automation to evade protections
  • Custom shellcode and drooper development for bypassing the protections
  • Common C2 configurations and setup
  • Metasploit and Covenant as C2 for pentesters
  • Empire and Posh-c2 for pentesters
Offensive CTF - CTF1337 7
module 7 : linux Server & database privilege escalation
  • Poor implementation of database in environments
  • Database misconfigurations
  • User defined function issues
  • Database to RCE
  • Exploiting the databases for privilege escalation
  • Detailed linux enumeration and exploitation
  • Exploit modification and troubleshooting the errors
  • Linux post exploitation recipes 
  • System hardening and Configuration review procedures
Offensive CTF - CTF1337 8
module 8 : Active directory lateral movement & windows privilege escalation
  • Traditional Pentesting vs Assume Breach based Assessments
  • Windows services enumeration and exploitation
  • Exploit troubleshooting and fixation
  • Windows post exploitation attacks to system takeover
  • Active Directory Implemantation overview
  • Kerberos authentication procedure
  • Domain enumeration primer
  • Stored credentails and services issues in AD
  • Kerberosting and ADCS attacks
  • Escalating group policies and OU for lateral movements
  • AD Services and service account poor implementations
  • Lateral movement for Domain Administrator Access
  • Data exfiltration and Complete Takeover
  • Windows and AD defense in depth
Offensive CTF - CTF1337 9
module 9 : tunnelling , port forwording & pivoting
  • Restricted environments mindmap
  • Tunneling / pivoting fundamentals
  • Port knocking attacks
  • Exploit local services with port forwarding
  • Maitaining access with tunnelling / pivoting
Offensive CTF - CTF1337 10
module 10 : buffer overflow and Exploit Modification
  • Assembly basics
  • Understanding the debuggers
  • Stack based buffer overflow attacks
  • SEH based buffer overflow attacks
  • Custom exploit development for buffer overflow
  • Defences agaist buffer overflow attacks
  • Fixing Public exploits for reverse shells
Offensive CTF - CTF1337 11
module 10 : reporting
  • Report writing essentials 
  • Guidelines to write an assessment report
  • Automation in report writing
  • Do and Donts in various Report writing procedures 
who should attend this training?
  • Blue Team professionals
  • SOC Analysts
  • Incident Reposnders
  • Security Professionals
  • System Administrators
  • Network Administrators
  • Network Engineers
  • Database admins
  • End point security professionals
  • Security Auditors
why should i take this training?

Advanced persistent threats are increasing day by day because of weak Access control policies and administration. To address all of the issues in the overall infrastructure of the organization we have designed this core advanced training for corproate professionals .

prerequisite of the training ?

The candidate should be skilled in basic Linux operations, Active directory services, and common databases .

OR

Certcube Associate Pentester level Knowledge

what is the total duration of the training ?

Its an Instructor-led online training and the total duration of the training is 75-80 hours.

How man sessions will be organized in a week?

There are two training slots for weekdays: –

1. Monday, Wednesday, and Friday.

2. Tuesday, Thursday, and Saturday

Session duration – 1.5 to 2-hour session

Evening Slots are available for working professionals.

Weekend Batches are also available for a group of professionals.

 

How to register for offensive CTF ?

Please drop a mail at [email protected] or call/WhatsApp on  +919999508202.

offensive CTF enquiry form 

4 + 2 =

Our clients

Testimonials

The Online Sessions are more practical based than theory ,the course “Offensive CTF” highly up-to dated which includes all the basics to Core practical topics.The faculty have wider experience in Corporate Sector which gives the students a major plus point to know about the corporate sectors .This course is totally worth to do if you want to upgrade yourself at corporate level and learn bits and bytes of professional pentesting.
Ekansh

Cyber security Consultant, Accenture

if you want to improve your skills in CyberSecurity
I strongly recommend you to study with Mr.Naresh
i did the CTF course with him , It was such a great experience .

Reyan

MS Cyber Security, Malaysia University

together Let’s Create the future

1 + 7 =