SEC560 - Enterprise Penetration Testing
Formation créée le 07/09/2023. Dernière mise à jour le 29/01/2025.
Version du programme : 1
Version du programme : 1
Type de formation
Formation présentielleDurée de formation
42 heures (6 jours)SEC560 - Enterprise Penetration Testing
Course Description : SEC560 provides in-depth knowledge and practical skills to perform enterprise penetration testing effectively and ethically.
Objectifs de la formation
- Plan and prepare for an enterprise penetration test effectively
- Perform reconnaissance to aid in social engineering, phishing, and informed attack decisions
- Scan target networks using advanced tools to identify hidden systems and targets
- Gain initial access safely and effectively through password guessing
- Exploit target systems in multiple ways to measure real business risk
- Execute extensive post-exploitation activities
- Use privilege escalation techniques on Windows and Linux systems
- Conduct internal reconnaissance to identify additional targets
- Perform lateral movement and pivoting to extend access
- Crack passwords using modern techniques
- Manage compromised hosts with multiple Command and Control frameworks
- Attack the Microsoft Windows domain
- Execute Kerberos attacks
- Conduct Azure reconnaissance and attacks
- Develop and deliver high-quality penetration test reports
Profil des bénéficiaires
Pour qui
- Security Engineer
- Penetration testers
- Ethical hackers
- Blue Team Member
- Red Team Member
Prérequis
- Familiarity with basic network and system administration concepts
- Experience with common operating systems (Windows, Linux)
- Basic understanding of computer networking and protocols
- Recommended: Experience with common security tools and techniques
Contenu de la formation
Day 1: Introduction to Enterprise Penetration Testing
- Overview of penetration testing methodologies
- Setting up a penetration testing environment
- Information gathering and reconnaissance
- Threat modeling and attack planning
Day 2: Scanning and Enumeration
- Scanning target networks using various tools
- Identifying open ports, services, and vulnerabilities
- Enumerating network resources and users
- Target selection and prioritization
Day 3: Exploitation and Post-Exploitation
- Password guessing and initial access
- Exploiting vulnerabilities to gain access
- Expanding access through post-exploitation techniques
- Privilege escalation on Windows and Linux systems
Day 4: Internal Reconnaissance and Lateral Movement
- Internal network reconnaissance
- Identifying additional targets and attack paths
- Lateral movement techniques
- Pivoting within the network
Day 5: Advanced Attacks
- Password cracking techniques
- Command and Control (C2) frameworks
- Attacking the Microsoft Windows domain
- Kerberos attacks (Kerberoasting, Golden Ticket, Silver Ticket)
Day 6: Azure and Reporting
- Azure reconnaissance and attacks
- Azure AD password spraying attacks
- Executing commands in Azure with compromised credentials
- Developing and delivering penetration test reports
Équipe pédagogique
Professionnel expert technique et pédagogique.