Enterprise Attack: Initial Access
Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been diligently researching ways to bypass the toughest defenses. Long gone, hopefully, are the days of tossing an HTA payload laced with a PowerShell download cradle at an organization with a “Free iPad” ruse and watching the computer screen fill with incoming agents.
An offense-in-depth approach may be applied to offensive practitioners looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, and border hosts while many of them are tied to the internal network in some way.
This course aims to help offensive practitioners successfully exercise their client’s environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper-hand on offensive assessments.
Course Overview
This exciting course focuses on using the latest offensive attack methodology against an enterprise spanning cloud and on-premise targets with an Azure-centric focus.
Beginning from an unprivileged external adversary, students will use cutting-edge techniques to gain access via cloud services and phishing.
Students will learn various password spraying techniques to access target services while attempting to avoid detection.
Students will build infrastructure to host various payloads using unique services to bypass common proxy configurations and network restrictions.
Students will also utilize Command and Control frameworks and payloads for compromising target hosts with both common and obscure communications channels for implants.
Students will simulate gaining entry to an enterprise through various ingress channels using novel techniques.
Students will utilize Elastic EDR to exercise offensive payloads.
Skill level for students
The course is a beginning to intermediate level course designed to introduce new topics and techniques to both offensive security newcomers and professionals alike. The course is structured to walk students through the different phases of an attack against an enterprise with a hybrid cloud and on-premise environment. The labs are simple in design and are created for students to reproduce in the environment they’ve created during the course.
Expectations:
- Familiar with basic command operation from a terminal interface or command line.
- Familiar with using a Linux or Windows environment.
- Familiar with using a virtual machine environment.
- A strong desire to learn exciting and unique offensive TTPs.
Prerequisites
It is suggested to complete the setup 48 hours prior to the first day of class as some components may take up to 24 hours to enable.
Required:
- Computer capable of running 1 or 2 Windows VMs.
- Subscription to Azure (Free subscriptions will work and may be available from Microsoft)
- Elastic 14 day trial (Free No CC required).
- Free edg.io account.
- Amazon AWS Account (Optional for IP rotation).
- Credit Card Required and Personal Information Required to sign up.
- For using Amazon API Gateway.
Communications
- In-course communications utilize the course channels in Antisyphon discord.