contact@ascent-formation.fr +33 9 75 75 37 81 LinkedIn
Visitez notre site web
Logo de l'organisme de formation

La formation au coeur de l'avenir technologique

Représentation de la formation : SEC560 - Enterprise Penetration Testing

SEC560 - Enterprise Penetration Testing

Formation présentielle
Durée : 42 heures (6 jours)
Durée :42 heures (6 jours)
HT
S'inscrire
Durée :42 heures (6 jours)
HT
S'inscrire
Durée :42 heures (6 jours)
HT
S'inscrire

Formation créée le 07/09/2023. Dernière mise à jour le 29/01/2025.

Version du programme : 1

Programme de la formation

Course Description : SEC560 provides in-depth knowledge and practical skills to perform enterprise penetration testing effectively and ethically.

Objectifs de la formation

  • Plan and prepare for an enterprise penetration test effectively
  • Perform reconnaissance to aid in social engineering, phishing, and informed attack decisions
  • Scan target networks using advanced tools to identify hidden systems and targets
  • Gain initial access safely and effectively through password guessing
  • Exploit target systems in multiple ways to measure real business risk
  • Execute extensive post-exploitation activities
  • Use privilege escalation techniques on Windows and Linux systems
  • Conduct internal reconnaissance to identify additional targets
  • Perform lateral movement and pivoting to extend access
  • Crack passwords using modern techniques
  • Manage compromised hosts with multiple Command and Control frameworks
  • Attack the Microsoft Windows domain
  • Execute Kerberos attacks
  • Conduct Azure reconnaissance and attacks
  • Develop and deliver high-quality penetration test reports

Profil des bénéficiaires

Pour qui
  • Security Engineer
  • Penetration testers
  • Ethical hackers
  • Blue Team Member
  • Red Team Member
Prérequis
  • Familiarity with basic network and system administration concepts
  • Experience with common operating systems (Windows, Linux)
  • Basic understanding of computer networking and protocols
  • Recommended: Experience with common security tools and techniques

Contenu de la formation

  • Day 1: Introduction to Enterprise Penetration Testing
    • Overview of penetration testing methodologies
    • Setting up a penetration testing environment
    • Information gathering and reconnaissance
    • Threat modeling and attack planning
  • Day 2: Scanning and Enumeration
    • Scanning target networks using various tools
    • Identifying open ports, services, and vulnerabilities
    • Enumerating network resources and users
    • Target selection and prioritization
  • Day 3: Exploitation and Post-Exploitation
    • Password guessing and initial access
    • Exploiting vulnerabilities to gain access
    • Expanding access through post-exploitation techniques
    • Privilege escalation on Windows and Linux systems
  • Day 4: Internal Reconnaissance and Lateral Movement
    • Internal network reconnaissance
    • Identifying additional targets and attack paths
    • Lateral movement techniques
    • Pivoting within the network
  • Day 5: Advanced Attacks
    • Password cracking techniques
    • Command and Control (C2) frameworks
    • Attacking the Microsoft Windows domain
    • Kerberos attacks (Kerberoasting, Golden Ticket, Silver Ticket)
  • Day 6: Azure and Reporting
    • Azure reconnaissance and attacks
    • Azure AD password spraying attacks
    • Executing commands in Azure with compromised credentials
    • Developing and delivering penetration test reports
Équipe pédagogique

Professionnel expert technique et pédagogique.