Take stock of recent threats and current infrastructure weaknesses
Understand and experiment with advanced hacking techniques
Understand and experiment with advanced hacking techniques – Learn offensive methods and
Learn offensive methods and sequences in practice
Day 1 morning
❏ Section 1- Preparing and initiating the phases of operation
❏ Introduction and Terminology
❏ Study of operating sequences
❏ Creation of different types of loads for
exploitation
❏ Integrating new Exploits into Metasploit
❏ Different types of connections (Bind, Reverse)
❏ Focus on load types
❏ Practical Work 1 / Creating and integrating a load
Day 1 afternoon
❏ Section 2- Positioning – External Attacker
❏ Introduction to external attacks
❏ Social Engineering (Phishing techniques, Clone authentication page, SPF)
❏ Practical Work 2 / Clone of an authentication page
Day 2 morning
❏ Searching for identifiers on “Leak” databases
❏ Study and exploitation of surrounding Wi-Fi networks
❏ Tutorials / Understanding threats and attacks
(Rubber Ducky, Bash Bunny, Packet
Squirrel, Lan Turtle LAN/3G)
Day 2 afternoon
❏ Section 3- Positioning – Internal Attacker
❏ Introduction to internal attacks
❏ Study of the different Microsoft authentication processes (NTLM, Kerberos)
❏ LSASS memory analysis (NTLM, Kerberos,
Digest SSP, TSPKG, LiveSSP, Credential Guard)
LLMNR & NBT-NS Poisoning (hash cracking,
Relay attack)
❏ Vulnerability identification, Attempt to use common
to use common exploits
❏ Practical Work 3 / LLMNR & NBT-NS relay attack
Day 3 morning
❏ Section 4- Post-Exploitation Phases
❏ Post-Exploitation Enumeration (Wi-Fi Profile Extraction
Wi-Fi profiles, certificate recovery,
Identification of interesting files by
reverse classification)
❏ Obtaining additional identifiers:
❏ Presentation of the “Mimikatz” tools
❏ Extraction of identifiers in memory, hashes from hashes from the SAM database, identifiers
stored in applications)
❏ Practical Work 4 / Extraction of information stored in SAM base and memory
Day 3 afternoon
❏ Presentation of a relational database tool
relational database tool (BloodHound)
❏ Pivoting (Access to internal resources, Access to restricted networks type “ICS” via the mounting of a
proxy socks4a)
❏ Focus on the security of industrial systems
❏ Practical Work 5 / Use of Bloodhound and intrusion on the industrial network
Day 4 morning
❏ Vertical Privilege Escalation (Boot Modification, Exploits, GPP, Misconfiguration)
❏ Horizontal privilege escalation (Remote local access identification, Permission listing
ACLs / AD, Searching for rights delegations,
Pass-the-hash, Pass-the-ticket, Psexec/PsSession)
❏ Practical Work 6 / Pass-the-hash / Pass-the-ticket attacks
Day 4 afternoon
❏ Section 5 – Persistence
❏ Golden Ticket / Silver Ticket
❏ Skeleton Key
❏ Constrained / Unconstrained Kerberos Delegation
❏ DCSync
❏ DCShadow
❏ AdminSDHolder
❏ WMI/COM
❏ DSRM
Day 5
❏ Practical Work 7 / Identification of relevant Active Directory information
Practical Work 8 / Creation of a custom “Golden Ticket
❏ Practical Work 9 / Setting up a DCSync persistence
❏ Practical Work 10 Bonus / Exploiting delegations
System, network, scripting and development knowledge, Active Directory, Powershell, ESD Academy Hackn1 course
Cybersecurity consultant, system/security administrator, software engineer, pentester