Practical Windows Exploitation
Enterprises are suffering from massive cyber security attacks because of vulnerable systems and misconfigured Services . Almost every business in the world is using Windows operating system in the internal environments; due to automation in various tasks as windows make our life easier.
Many businesses have built their IT infrastructure around Microsoft solutions, and have deployed all forms of Windows over time. Furthermore, many have developed their own apps with Microsoft technology .
So it’s easy to understand that Windows OS’s are of the utmost importance to these businesses.Over the years businesses have locked themselves in with Microsoft that they have become completely dependent of it. Even if they don’t have full use for all the features a given Windows version offers, they have no other choice than buying and deploying, unless the apps have become legacy in which case they are stuck on running EOL’ed versions. On the other side their are multiple issues may arise if these systems are not following security guidelines and due to dependency on the windows many business suffer with malware and services based attacks.
Practical windows exploitation is a complete course for windows privilege escalation in corporate environments. The candidate will start learning from basics such as how services and permission working, advanced commands of windows for enumerating the target . Instructors will Showcase practical demonstrations of actual exploitation of various services & privilege escalation methodologies of windows services and systems like vulnerable windows services , stored credentials , memory exploitation and credential recover and many more .
Practical windows exploitation is an instructor-led online & classroom training that helps students to directly engage with the trainer and learn to configure and exploit the vulnerable Windows System machines to practice & enhance the technical skills to the next level.
In short Practical windows exploitation is a course that will cover up beginner to advanced exploitation and post-exploitation methodologies that helps anyone to audit and pentest the corporate environments during an assessment.
who should attend this training?
- Freshers & Students
- Ethical hackers
- System Administrators
- Network Administrators
- Network Auditors
- Security Professionals
why should i take this training?
Windows Exploitation is a fascinating topic for the pentesters as many pentesters are not focusing on this platform but this is the most critical part as organisation’s are using mostly windows environments. Enhance your Enterprise Pentesting skills with this excellent training.
prerequisite of the training ?
The person should familiar with basic computer operations
What is the duration of the training ?
It’s an Instructor-led online training and the total duration of the training is 15 hours.
Detailed syllabus
WINDOWS FUNDAMENTALS
- Introduction to Windows Ecosystem
- This module is based on Windows architecture
- Windows Security Identifiers
- Advanced system commands and use cases
- Windows Firewall and Defender primer
- PowerShell System commands and use cases
WINDOWS COMMON INSECURITIES
- AMSI primer
- Registry Insecurities and Modification
- Common issues with Hot Fixes, RDP, SMB, WebDAV
- SAM essentials and windows auth issues
- Schedule task and service path issues Â
- Windows DLL concepts and Hijacking basics
PRACTICAL WINDOWS ENUMERATION
- Hunting Windows platform for vulnerabilities
- File transfer foundations for pentesters
- Manual Enumeration of various services
- Living of the land techniques
- Impacket tools baseline
-  Service Enumeration with automated  methodsÂ
practical WINDOWS EXPLOITATION
- External facing web apps for initial accessÂ
- Kernel exploitation techniques
- Vulnerable file permissions
- DLL Hijacking attacks
- Registry path ManipulationÂ
- Vulnerable Services takeover
- Elevated Privilege with access tokens
- In Memory Exploitation and evasion
- Scheduled task and autoruns for persistence
Persistence techniques
- Password exfiltration techniques
- Schedule task persistence
- Autoruns for persistence
- Service modification for persistence
- Socks Proxy for persistence
- Creating backdoor accounts for the persistence
Defense and Report Writing
- Windows security baseline guidelines
- System hardening with CIS benchmarks
- Hardening AutomationÂ
- Guidelines to prepare an VA report
- Guidelines to prepare an VAPT report
- Guidelines to prepare an Security Hardening Report
- What’s Next !
TESTIMONIALS
What People Are Saying
Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .