Offensive methodologies, vulnerability exploitation, defense evasion and post-exploitation techniques for security professionals.
Passive and active information gathering. Subdomain, email, technology enumeration and external attack surface mapping.
Web vulnerability exploitation (OWASP Top 10), network services, applications and operating systems with Metasploit and custom exploits.
Persistence, privilege escalation, lateral movement, credential dumping and data exfiltration in compromised environments.
Privilege escalation techniques on Linux and Windows. SUID, cron jobs, token impersonation, DLL hijacking and more vectors.
Setup and management of Command & Control infrastructure. Redirectors, domain fronting, OPSEC and covert communications.
Techniques to evade antivirus, EDR and security solutions. Obfuscation, packing, process injection and AMSI bypass.