Powershell for Penetration Testers

From March 14, 2016 to March 15, 2016

IMPORTANT NOTICE: TRAINING CANCELED!

Dear TROOPER,

Much to our regret we must inform you that the TROOPERS16 Training "Powershell for Penetration Testers by Nikhil Mittal" will NOT take place because of unforeseen visa issues. The decline of Nikhil's visa was quite surprising for him (and us) given he's been presenting and running trainings at TROOPERS for many years now. We are sorry he will be unable to participate in this year.

We kindly apologize for any inconvenience and offer to all already registered attendees the following options to choose from:

We will work on "getting Nikhil to Germany" for a this training during 2016 and will keep you posted as the dates/times once they are fixed!

Sincerely,

Your TROOPERS Team

PowerShell for Penetration Testers

Overview

PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It could interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows network. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell.

This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests done by the instructor. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase. Some of the techniques (see the course content for details), implemented using PowerShell, used in the course: * In-memory shellcode execution using client side attacks. * Exploiting SQL Servers (more than executing commands) * Using Metasploit payloads with no detection * Active Directory trust mapping, abuse and Kerberos attacks. * Dump Windows passwords, Web passwords, Wireless keys, LSA Secrets and other system secrets in plain text * Using DNS, HTTPS, Gmail etc. as communication channels for shell access and exfiltration. * Network relays, port forwarding and pivots to other machines. * Reboot and Event persistence * Bypass security controls like Firewalls, HIPS and Anti-Virus.

The course is a mixture of demonstrations, exercises, hands-on and lecture. The course also has a live CTF which attendees could try with and after the training.

Attendees would be able to write own scripts and customize existing ones for security testing after this training. This training aims to change how you test a Windows based environment.

Course Content

What would the attendees gain?

  1. PowerShell Hacker’s Cheat Sheet, access to the online CTF, solutions to exercises, sample source code, Lab manual, Lab machines (VM) , updated tools and extra slides explaining things which could not be covered.
  2. The attendees would learn a powerful attack method which could be applied from day one after the training.
  3. The attendees would understand that it is not always required to use a third party tool or non-native code on the target machine for post exploitation.
  4. The attendees would learn how PowerShell makes things easier than previous scripting options on Windows like VB.

Prerequisites

  1. Basic understanding of how penetration tests are done.
  2. Basic understanding of a programming or scripting language could be helpful but is not mandatory.
  3. An open mind.

System Requirements

A Windows 7 or later system with 4 GB RAM, with Administrative access and ability to run PowerShell scripts. Ability to run VMware virtual machines.

Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.

He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.

He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more. He blogs at http://www.labofapenetrationtester.com/