Stealth Penetration Testing with Advanced Enumeration
1h 2mAdvanced2022-08-04
Authors

Malcolm Shore
Cybersecurity Expert, Former Director of GCSB
Course details
Once you’re proficient with basic ethical hacking techniques, you may be wondering about your next play. Advanced skills in evasion become increasingly necessary when you’re entering and operating on more complex systems. In this course, instructor Malcolm Shore shows you techniques to become a savvier penetration tester and take a big leap in your ethical hacking career.
Explore strategies to avoid detection and minimize your footprint every step of the way—using shells, encoders, and encryptors, living off the land, and leaving no trace. Get practical tips on advanced enumeration with tools like LinPEAS, WinPEAS, and SharpUp, as well as tunneling with an SSH connection to dig deeper into networks, systems, and websites. Malcolm walks you through the steps of safely exfiltrating information, with pointers on how to escalate your privileges along the way.
Explore strategies to avoid detection and minimize your footprint every step of the way—using shells, encoders, and encryptors, living off the land, and leaving no trace. Get practical tips on advanced enumeration with tools like LinPEAS, WinPEAS, and SharpUp, as well as tunneling with an SSH connection to dig deeper into networks, systems, and websites. Malcolm walks you through the steps of safely exfiltrating information, with pointers on how to escalate your privileges along the way.
Skills covered
Penetration TestingSecurity TestingCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Taking the next step in your ethical hacking career
- 02 - What you should know
- 03 - Disclaimer
1. Operating Stealthily
- 04 - Being detected
- 05 - Trying stealthy shells
- 06 - Leaving footprints
2. Living off the Land
- 07 - What is living off the land
- 08 - Using PowerHub
- 09 - Using the PHPSploit shell
3. Advanced Enumeration
- 10 - Stealthy linux enumeration
- 11 - Stealthy Windows enumeration
- 12 - Powering up our escalation
4. Tunneling and Exfiltration
- 13 - Setting up and using an SSH tunnel
- 14 - Exfiltrating data over ICMP
- 15 - Exfiltration via DNS
5. Escalating Privileges
- 16 - Using Baron Samedit to escalate in Linux
- 17 - Escalating through a dirty pipe
- 18 - Escalating through a nightmare
- 19 - Exploiting the Active Domain
Conclusion
- 20 - What's next