IT-Security Training for Administrators
Online course with own LAB environment for practical hacking exercises
Chapter Overview: Security Training for IT Administrators
The APT Kill Chain
Reconnaissance: Reconnaissance of the target area through research and scans.
LAB exercise Scan of the environment with nmap and construction of the infrastructure map of the LAB.
Analysis: Detection of weak points with Nessus Report and development of the attack strategy.
Exploit Linux: Intrusion into Linux systems.
LAB exercise SSH Brute-Force with Hydra.
Exploit Windows: Intrusion into Windows systems.
LAB exercise Eternalblue (NSA Tool) with Metaspoit.
Lateral Movement: Take over of further systems and extension of rights up to Domain Admin.
LAB exercise 'Pass the Hash' with mimikatz and access to domain controllers with psexec.
Patching & Hardening: LAB exercise exploitation of Shellshock with meterpreter on Linux.
- Patch your systems promptly
- Harden your systems
Secure Administration: LAB exercise usage of captured Linux passwords on other systems.
- Use different passwords
- Stick to RBAC and the principle of least privileges
- End RDP sessions properly (with explanation of RDP hopping)
- Use Password Manager, avoid hardcoded passwords
Detection & Response
Detection / Vulnerability Management: 'Detection is a must nowadays'.
- Introduction of the different detection instruments (NIDS, SIEM, EDR).
- Explanation SOC / CERT.
- Fix detected vulnerabilities promptly.
- Be vigilant yourself and watch out for anomalies.
In an emergency: correct behavior in an emergency with/without CERT.
- Isolate the systems
- Do not change system status
- Clearly document what you are doing.