Final Exam: OS Exploits

Final Exam: OS Exploits

• apply flags to the gcc compiler to catch string weaknesses by converting warnings into errors
• check input strings for validity and safety
• conduct a Nmap scan of a Windows-based network
• crack an NTLM hash value using several tools
• define what PsExec is and describe how it works
• describe a program's structure in memory in terms of address space layout
• describe common weaknesses and errors made when working with integers and how to prevent them
• describe how coding errors and vulnerabilities lead to corrupting memory
• describe how data and functionality are protected by separating computing resources
• describe how strings are exploited in computer programs
• describe how strings executed dynamically can lead to vulnerabilities
• describe methods for allocating memory
• describe out-of-order execution and related processor concepts and vulnerabilities
• describe safeguards and considerations when running insecure programs in virtual environments
• describe the background of the EternalBlue exploit and outline how it works on Windows systems
• describe the concept of pivoting within a Windows environment and typical end goals
• describe the features of WMI and how it works
• describe the GNU C Library (Glibc) and how it integrates with the Linux kernel
• describe the nature of out-of-bounds write vulnerabilities and their impact
• detect Linux security weaknesses using the Linux Exploit Suggester utility
• disable compiler protections to construct and execute shellcode in C
• enumerate data from an FTP
• establish an approach to using virtual environments to stage exploits
• explore the use of SQL injection attacks and protections against them using SQLMap
• identify common attacks against legacy Windows host-based machines
• identify common attacks against legacy Windows Server-based machines
• identify different Windows Server operating systems and their various uses within the environment
• identify open-source intelligence gathering techniques and sources
• identify what to look for using social media and other tools when finding targets for social engineering exercises
• illustrate the weaknesses caused by string formatting methods
• list various tools and techniques used to enumerate SMB
• modify options used to vary the operation of a Metasploit command
• monitor system information from a staging environment using QEMU Monitor
• name the various user and service accounts within a Windows Active Directory environment
• navigate the basic commands used to prepare exploit tests using Metasploit
• outline how SMB works and how permissions are set
• outline how to find vulnerabilities for third-party applications
• outline how to scan a network for open ports
• outline how to scan a system and name tools used to conduct a basic enumeration
• outline the various methods of attacking FTP services
• outline various methods of attacking SMB
• outline what RDP is and how it works within a Windows environment
• recognize a honeypot and how to avoid falling into their trap
• recognize and avoid looping off-by-one in a C program
• recognize and avoid stack buffer overflows
• recognize various user levels and methods of privilege escalation within Windows
• recognize what an advanced persistent threat (APT) is and methods used to configure them
• run gdb to step through and trace debug a C program
• run objdump and readelf to disassemble and inspect a Linux program
• search for exploits and shellcodes using Exploit Database
• set up QEMU and its dependencies for machine emulation and virtualization
• state various methods of attacking the Windows RDP service
• take and restore snapshots of virtual machines using QEMU Monitor
• targets for exploiting processes and tasks of a running Linux system
• targets for privilege escalation exploits and common privilege control mechanisms
• use a ransomware attack as a quick method to clean up post-attack
• use basic Windows and PowerShell commands
• use CrackMapExec to steal user credentials from a Windows machine
• use the Windows Registry and recognize the different artifacts contained within
• view Windows event logging in action

Final Exam: OS Exploits will test your knowledge and application of the topics presented throughout the OS Exploits track of the Skillsoft Aspire OS Exploits Journey.

Windows Exploits and Forensics : Windows Environments

Windows Exploits and Forensics : Windows Environments

• discover the key concepts covered in this course
• recognize the standard security features and controls placed on Windows hosts
• identify different Windows Server operating systems and their various uses within the environment
• recognize the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) within a Windows environment
• outline the MITRE ATT&CK framework and how it relates to Windows intrusions
• identify the location of command Windows-based logs and the event viewer
• view Windows event logging in action
• name the various user and service accounts within a Windows Active Directory environment
• use basic Windows and PowerShell commands
• outline how NTFS and Active Directory permissions work and some of their common misconfigurations
• describe the hashing algorithm used to store Windows passwords
• crack an NTLM hash value using several tools
• use the Windows Registry and recognize the different artifacts contained within
• list and describe various artifacts created within the Windows operating system
• outline how Kerberos works and some common Active directory misconfigurations
• summarize the key concepts covered in this course

As a security operations person, you'll need to tailor your methods to suit the operating system your working with. This course covers some of the core competencies required to conduct offensive security operations against a Windows environment.

Throughout this course, you'll learn how to recognize the differences between various Windows versions. You'll examine the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in a Windows environment. You'll then learn about the MITRE ATT&CK framework and how it relates to Windows intrusions and identify the different Windows logging mechanisms.

Next, you'll practice using event logging, basic PowerShell commands, and the Windows Registry. You'll then explore how the Windows hashing algorithm works and practice cracking an NTLM hash value. Lastly, you'll investigate different data artifacts within Windows and outline how best to work with Active Directory and Kerberos.

Windows Exploits and Forensics: FTP, RDP, & Other Services

Windows Exploits and Forensics: FTP, RDP, & Other Services

• discover the key concepts covered in this course
• recognize how to exploit common Windows services, such as FTP, RDP, and others
• enumerate data from an FTP
• outline the various methods of attacking FTP services
• conduct a brute force attack against an FTP server
• discover IIS and how it relates to Windows and FTP Clients
• use ASP to gain a reverse shell on a Windows machine
• outline what RDP is and how it works within a Windows environment
• state various methods of attacking the Windows RDP service
• enumerate a Windows machine using the RDP service
• exploit an RDP system using the BlueKeep vulnerability
• describe the features of WMI and how it works
• exploit WMI on a Windows-based system
• summarize the key concepts covered in this course

To protect an operating system, you must first know how to exploit it. This course covers some of the standard Windows services that have known exploits available for them, which can be used in offensive security operations against a Windows environment.

You'll start by enumerating data from a Windows-based FTP server before practicing methods used to attack FTP services. You'll then learn how to attack IIS-based systems. Next, you'll examine the RPD protocol and learn methods of attacking the Windows RDP service. Finally, you'll investigate how WMI works and learn to exploit WMI on a Windows-based machine.

This course involves conducting brute force attacks, reverse shells, and using the BlueKeep security vulnerability.

Windows Exploits and Forensics: Intelligence Gathering

Windows Exploits and Forensics: Intelligence Gathering

• discover the key concepts covered in this course
• identify open source intelligence gathering techniques and sources
• conduct an OSINT investigation on a public document
• identify what to look for using social media and other tools when finding targets for social engineering exercises
• outline how to scan a network for open ports
• conduct an Nmap scan of a Windows-based network
• identify common Windows services and their ports
• outline how to scan a system and name tools used to conduct basic enumeration
• conduct a scan of a Windows-based system and enumerate data
• identify basic tools used within the Kali hacking environment
• use basic commands and recognize common issues within Metasploitable
• recognize common locations to find Windows exploits
• summarize the key concepts covered in this course

"As a security operations person, you'll need to employ various Windows exploitation techniques to attack vulnerable target software and services. This course covers the various intelligence gathering techniques used for conducting offensive security operations against a Windows-based network to identify possible vulnerabilities.

You'll start by examining open source intelligence (OSINT) gathering techniques and sources before conducting your own OSINT investigation. Next, you'll explore the use of social media and other tools for finding targets for social engineering exercises. You'll then examine common Windows services and their ports and tools for conducting basic enumeration.

Moving along, you'll practice network scanning for open ports, scanning a Windows-based system, and enumerating data. Lastly, you'll explore various tools used in the Kali hacking environment, the use of Metasploitable, and common locations to find Windows exploits."

Windows Exploits and Forensics: Legacy Systems & Third Party Applications

Windows Exploits and Forensics: Legacy Systems & Third Party Applications

• discover the key concepts covered in this course
• identify common attacks against legacy Windows host-based machines
• identify common attacks against legacy Windows Server-based machines
• scan a Windows Server 2008 environment for potential vulnerabilities
• enumerate data from services running on Windows Server 2008 hosts
• run an exploit on a Windows Server 2008-based machine to gain user credentials
• run an exploit on a Windows-based machine to gain a reverse shell
• list common third-party applications used in Windows environments
• outline how to find vulnerabilities for third-party applications
• exploit a third-party application and gain access to a system
• recognize a honeypot and how to avoid falling into their trap
• summarize the key concepts covered in this course

When an organization uses systems that are no longer serviced and supported and therefore, do not receive security updates, they expose themselves to serious security attacks. To ensure a healthy network ecosystem, security operations personnel must be aware of the vulnerabilities these systems are exposed to.

In this course, you'll explore how to conduct offensive security operations against legacy Windows-based systems. You'll learn to recognize older versions of Windows, identify common exploits for these older versions, and scan Server 2008 for vulnerabilities. You'll then learn how to enumerate Server 2008, exploit legacy systems, and gain a reverse shell on a legacy system. You'll then learn how to recognize common third-party applications and vulnerabilities and how to exploit them. Finally, you'll learn how to identify and avoid a honeypot.

Windows Exploits and Forensics: Post Exploitation

Windows Exploits and Forensics: Post Exploitation

• discover the key concepts covered in this course
• recognize various user levels and methods of privilege escalation within Windows
• conduct a basic privilege escalation on a Windows machine
• use a DLL injection to escalate user privileges on a Windows machine
• describe the concept of pivoting within a Windows environment and typical end goals
• use CrackMapExec to steal user credentials from a Windows machine
• use PowerView to enumerate information from an exploited Windows machine in order to pivot the attack
• use BloodHound to 'walk the dog', identifying Active Directory security issues and gaining domain admin privileges
• recognize cleanup methods used post exploitation to hide your tracks
• perform post attack cleanup tasks
• recognize what an advanced persistent threat (APT) is and methods used to configure them
• configure an APT on a system after exploitation
• use a ransomware attack as a quick method to clean up post attack
• summarize the key concepts covered in this course

Windows Exploits and Forensics: SMB & PsExec

Windows Exploits and Forensics: SMB & PsExec

• discover the key concepts covered in this course
• outline how SMB works and how permissions are set
• list various tools and techniques used to enumerate SMB
• enumerate SMB information from an active machine
• outline how to identify potential vulnerabilities in SMB
• outline various methods of attacking SMB
• conduct a brute force attack against an SMB service
• conduct a denial of service attack on the SMB service
• exploit a system to gain a reverse shell on a Windows machine
• define what PsExec is and describe how it works
• use PsExec to execute commands on a remote machine
• use Mimikatz to "pass the hash" and steal logon credentials
• describe the background of the EternalBlue exploit and outline how it works on Windows systems
• conduct an attack on a system using EternalBlue
• summarize the key concepts covered in this course

"When carrying out security operations in a Windows environment, you need to know what kind of attacks, exploits, and vulnerabilities to look out for. This course covers two of the most common services used to attack a Windows-based network - SMB and PsExec - along with some popular attack methodologies.

You'll start by examining SMB permissions and default settings. You'll then explore tools to enumerate SMB shares and data. Next, you'll investigate how to identify SMB vulnerabilities and recognize SMB attacks. You'll then conduct different SMB exploits, including brute force and denial of service attacks.

You'll move on to outline how PsExec works and use it to execute remote commands. Finally, you'll practice exploiting PsExec using various tools, including the EternalBlue exploit."