Course: Windows Exploits and Forensics

As a security operations person, you'll need to employ various Windows exploitation techniques to attack vulnerable target software and services. This course covers the various intelligence gathering techniques used for conducting offensive security operations against a Windows-based network to identify possible vulnerabilities.

You'll start by examining open source intelligence (OSINT) gathering techniques and sources before conducting your own OSINT investigation. Next, you'll explore the use of social media and other tools for finding targets for social engineering exercises. You'll then examine common Windows services and their ports and tools for conducting basic enumeration.

Moving along, you'll practice network scanning for open ports, scanning a Windows-based system, and enumerating data. Lastly, you'll explore various tools used in the Kali hacking environment, the use of Metasploitable, and common locations to find Windows exploits.

As a security operations person, you'll need to tailor your methods to suit the operating system your working with. This course covers some of the core competencies required to conduct offensive security operations against a Windows environment.

Throughout this course, you'll learn how to recognize the differences between various Windows versions. You'll examine the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in a Windows environment. You'll then learn about the MITRE ATT&CK framework and how it relates to Windows intrusions and identify the different Windows logging mechanisms.

Next, you'll practice using event logging, basic PowerShell commands, and the Windows Registry. You'll then explore how the Windows hashing algorithm works and practice cracking an NTLM hash value. Lastly, you'll investigate different data artifacts within Windows and outline how best to work with Active Directory and Kerberos.

When carrying out security operations in a Windows environment, you need to know what kind of attacks, exploits, and vulnerabilities to look out for. This course covers two of the most common services used to attack a Windows-based network - SMB and PsExec - along with some popular attack methodologies.

You'll start by examining SMB permissions and default settings. You'll then explore tools to enumerate SMB shares and data. Next, you'll investigate how to identify SMB vulnerabilities and recognize SMB attacks. You'll then conduct different SMB exploits, including brute force and denial of service attacks.

You'll move on to outline how PsExec works and use it to execute remote commands. Finally, you'll practice exploiting PsExec using various tools, including the EternalBlue exploit.

To protect an operating system, you must first know how to exploit it. This course covers some of the standard Windows services that have known exploits available for them, which can be used in offensive security operations against a Windows environment.

You'll start by enumerating data from a Windows-based FTP server before practicing methods used to attack FTP services. You'll then learn how to attack IIS-based systems. Next, you'll examine the RPD protocol and learn methods of attacking the Windows RDP service. Finally, you'll investigate how WMI works and learn to exploit WMI on a Windows-based machine.

This course involves conducting brute force attacks, reverse shells, and using the BlueKeep security vulnerability.

When an organization uses systems that are no longer serviced and supported and therefore, do not receive security updates, they expose themselves to serious security attacks. To ensure a healthy network ecosystem, security operations personnel must be aware of the vulnerabilities these systems are exposed to.

In this course, you'll explore how to conduct offensive security operations against legacy Windows-based systems. You'll learn to recognize older versions of Windows, identify common exploits for these older versions, and scan Server 2008 for vulnerabilities. You'll then learn how to enumerate Server 2008, exploit legacy systems, and gain a reverse shell on a legacy system. You'll then learn how to recognize common third-party applications and vulnerabilities and how to exploit them. Finally, you'll learn how to identify and avoid a honeypot.

• As a penetration tester, it's vital that you are familiar with

• advanced methods of conducting offensive security operations
• against Windows environments. In this course, you’ll learn to
• recognize common post exploitation activities within a Windows
• environment and how to configure an advanced persistent threat.
• You’ll start by learning how to escalate privileges, use a DLL
• injection attack, pivot between systems, and crack user
• credentials. You'll then examine how to use PowerView to enumerate
• information and use BloodHound to 'walk the dog' and gain domain
• admin privileges. Finally, you'll learn how to clean up post attack
• to cover your tracks, create an advanced persistent threat, and use
• a ransomware attack to lock a system.