The main activity of the course is a project where students attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, password cracking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.
Additionally, students are tasked with the development and testing of a new vulnerability exploit.
After completed course, the student should be able to
• establish resources to support offensive security operations,
• perform reconnaissance and discovery to plan operations,
• access credentials, such as account names, passwords and access tokens,
• achieve initial access to networks and systems,
• execute malicious code on remote devices,
• establish command and control capabilities to communicate with compromised systems,
• elevate privileges on systems to gain higher-level permissions,
• persist on networks by maintaining access across interruptions,
• move laterally, pivoting through the computing environment,
• avoid detection by network defenders,
• collect and exfiltrate data from computing environments,
• assess the security of computer systems, applications, and services,
• carry out legal and ethical security testing.
