RSS:2023 Hands-On Training (Day 1) :: Rochester Security Summit

RSS:2023 Hands-On Training (Day 1)

Penetration Testing for Systems and Network Admins

Qasim Ijaz
October 25, 2023 10:00 am - 2:50 pm

The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to:

We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.

A Note to Prospective Students:

An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Windows & Linux administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, how to manage users in Active Directory, and what HTTP GET and POST requests look like. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based.

Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. Please download Kali Linux from https://www.kali.org/get-kali/#kali-platforms and set it up to ensure the following tools are installed:

We will provide a precompiled version, though compiling one yourself will provide good practice. Bonus points if you get it past Defender by obfuscating it through https://github.com/mkaring/ConfuserEx.