Hacking Enterprises – 2022 Edition
Where
This is not the same address as the conference! Same building but different entrance.
Söder Mälarstrand 57
118 25 Stockholm
Day 1 (2022-09-13)
| 8.30 – 09.00 | Registration & breakfast |
| 9.00 – 12.00 | Training |
| 12.00 – 13.00 | Lunch |
| 13.00 – 15.00 | Training |
| 15.00 – 15.30 | Coffee break |
| 15.30 – 17.00 | Training |
Day 2 (2022-09-14)
| 8.30 – 09.00 | Registration & breakfast |
| 9.00 – 12.00 | Training |
| 12.00 – 13.00 | Lunch |
| 13.00 – 15.00 | Training |
| 15.00 – 15.30 | Coffee break |
| 15.30 – 17.00 | Training |
Updated for 2022, this immersive hands-on course will allow you to fully compromise a simulated enterprise covering a multitude of TTP’s. The training is based around modern operating systems (including Windows 11), using modern techniques and emphasizing the exploitation of configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.
Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users to gain access to new networks, in turn bringing new challenges including IPv6 exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, OOB persistence mechanisms and much more!
We also like to do things with a difference. You’ll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, whether an attacker or defender, to understand the types of artefacts your attacks leave and how you might catch or be caught in the real word.
We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training!
Content
- Day 1
- MITRE ATT&CK framework
- Overview on using the in-LAB ELK stack
- Offensive OSINT
- Enumerating and exploiting IPv6 targets
- Pivoting, routing, tunneling and SOCKS proxies
- Application enumeration and exploitation via pivots
- Linux living off the land and post exploitation
- C2 infrastructure and beacons
- Exploitative phishing against our simulated enterprise users
- Living off the land tricks and techniques in Windows
- Day 2
- P@ssw0rd and p@ssphras3 cracking
- Windows exploitation and privilege escalation techniques
- Windows Defender/AMSI and UAC bypasses
- Situational awareness and domain reconnaissance
- RDP hijacking
- Bypassing AWL (AppLocker, PowerShell CLM and Group Policy)
- Extracting LAPS secrets
- Lateral movement for domain trust exploitation
- WMI Event Subscriptions for persistence
- Out of Band (OOB) data exfiltration
- Domain Fronting
Audience
- This training is suited to a variety of students, including:
- Penetration testers / Red Team operators
- SOC analysts
- Security professionals
- IT Support, administrative and network personnel
Student Requirements
- Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
- Students will need to have access to VNC, SSH and OpenVPN clients on their laptop (these can be installed at the start of the training)
Extras
We realize that training courses are limited for time and therefore students are also provided with the following:
- Completion certificate
- 14-day extended LAB access after the course finishes
- 14-day access to a CTF platform with subnets/hosts not seen during training!
- Discord support channel access where our security consultants are available
Previous Training Locations
The 2021 version (and prior) training has been given at the following conferences. We’re also currently selling seats at Black Hat USA 2022.
- BruCON (Virtual – April 2022)
- Hack in Paris (Virtual – November 2021)
- TROOPERS (Virtual – October 2021)
- Black Hat USA (Virtual – August 2021)
- BruCON (Virtual – April 2021)
- TROOPERS (Virtual – March 2021)
- X33fcon (Virtual – March 2021)
- X33fcon (Virtual – November 2020)
- Black Hat Asia (Virtual – September 2020)
- Wild West Hackin’ Fest (Virtual – September 2020)
- Black Hat USA (Virtual – August 2020)
- BruCon Spring Training (Virtual – June 2020)
- Wild West Hackin’ Fest (Virtual – March 2020)
- 44CON (June 2019)
- Nolacon (May 2019)
- Wild West Hackin’ Fest (October 2019)
Trainer Profiles
Will (@Stealthsploit) co-founded In.security in 2018. Will’s been in infosec since 2008 and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
Owen (@rebootuser) is a co-founder of In.security, a specialist UK based cyber security consultancy offering technical and training services.
Owen has a strong and varied background in numerous information technology fields, dating back to 2003. In the latter decade he has held roles and been involved in projects predominately focused around offensive and adversarial techniques; the insight from which has been key in keeping up-to-date with current trends to ensure skills remain sharp in an ever changing and developing field.
Owen has provided technical training to a variety of audiences at bespoke events and numerous security conferences. He keeps projects at https://github.com/rebootuser.