Penetration Testing for IT Pros: One Day Class
Please join us for our virtual Penetration Testing for IT Pros class on Tuesday, November 14th, 2023!
Find your weaknesses before the hackers do! In order to effectively defend your IT infrastructure, you need to explore your network in the same way as hackers. This practical, hands-on class will teach you to do just that: pentest your own network. Along the way, we’ll cover detailed remediation tips and test out various techniques for stopping attackers and ensuring that your changes work.
We’ll start by hacking from the outside. Learn how attackers gain an initial foothold in your environment. We’ll practice identifying the attack surface, conducting Open Source Intelligence Gathering (OSINT), scanning for vulnerabilities, and using passive reconnaissance tools. Next, we’ll dive into actual exploitation and persistence, including a live demo of VPN hacking, in which we brute-force an IKE shared secret and obtain credentials by performing an SMB egress attack.
In the next phase, students will learn to conduct internal penetration tests. Once a hacker has a foothold in your environment, they will work to move laterally and expand access. Practice hacking your own environment, starting with unprivileged access to a simple workstation. We’ll show you how hackers target active directory, poison traffic, redirect user traffic against key services such as LDAP, gain access to sensitive file shares, and more. Students will poison traffic and capture NTLMv2 hashes to crack offline. We will use Responder in conjunction with NTLMRelayX to relay authentication to actual servers and gain access to other services.
Ultimately, students will execute a full network takeover, escalating privileges from no user access to full domain admin. We will practice techniques for privilege escalation, pass-the-hash attacks, and more.
Once you’ve hacked yourself, it’s time to fix the problems! Throughout class, we’ll discuss various corrective actions that can be used to harden your environment.
The most effective IT defenders have offensive experience. Learn to hack your own network—and fix the issues—in this practical penetration testing class for IT professionals.
Tuesday, November 14th, 2023
- Start: 10AM ET/7AM PT
- End: 7PM ET/4PM PT
$850 Early Bird Registration ends October 20th, 2023
$950 Regular Registration ends November 9th, 2023
$1,050 Late Registration ends Noon MT on November 13th, 2023
Penetration Testing Team Manager & Senior Cybersecurity Consultant
Tom is a seasoned hacker and the winner of many hacking competitions including Wild West Hackin’ Fest, Circle City Con, THOTCON, BSidesLV, and DEFCON. Tom is a seasoned presenter at major security conferences such as DEFCON, BSidesLV, CornCon, and SecDSM and he has led technical training classes for many organizations. In addition, Tom also discovered several vulnerabilities that have been covered in a number of major industry publications. Tom leverages his wealth of experience to support LMG Security’s customers as the Penetration Testing Team Manager and a Senior Cybersecurity Consultant. Prior to working for LMG, Tom was the head of software architecture at Businessolver for nearly 20 years..
Director of Training and Response
Matt Durrin is the Director of Training and Research at LMG Security and a Senior Consultant with the organization. He is an instructor at the international Black Hat USA conference, where he has taught classes on ransomware and data breaches. Matt has conducted cybersecurity seminars, tabletop exercises and classes for thousands of attendees in all sectors, including banking, retail, healthcare, government, and more. He is also the co-author of a new book, Ransomware and Cyber Extortion: Response and Prevention. A seasoned cybersecurity and IT professional, Matt specializes in ransomware response and research, as well as deployment of proactive cybersecurity solutions. Matt holds a bachelor’s degree in computer science from the University of Montana, and his malware research has been featured on NBC Nightly News.