Training

7 Minute Security is currently featuring the following training opportunities (custom options are also available – contact us for more information):

Upcoming Sessions

July 16-18, 2024!  Click here for more information.

This is a hands-on, instructor-led course focused on teaching you how to find, exploit and defend against common Active Directory weaknesses. Here’s a 3 minute overview of the course:

What is it?

Light Pentest LITE is a 3-day course, with each class session being 4 hours long. This training consists of live (via Zoom), hands-on, instructor-led sessions focused on teaching you how to find, exploit and defend against common Active Directory weaknesses!

You will be given access to a “real” corporate network and a Windows virtual machine that is pre-loaded with all the tools and scripts you need to be successful during the course. We will work through a series of objectives together, with the ultimate goal of “owning” the entire enterprise!

Agenda

Day 1

  • Introductions – an overview of the course, rules of engagement, housekeeping, etc.

  • Tour of your student virtual machine – specifically the folder full of hacking tools and other goodies we will dig heavily into during the training

  • An overview of Active Directory – what it is, what it does, and why it (unfortunately) has a ripe attack surface

  • “Kerberoasting” and “ASREPRoasting” attacks

  • Cracking password hashes with Hashcat

  • Privilege escalation – our first task as hackers will be to break out of the “shell” of being a limited user and escalate to local admin! We will tackle that in a few different ways, including (but not limited to):

    • AMSI (Antimalware Scan Interface) bypasses

    • Unquoted service path abuse

    • SeriousSAM / HiveNightmare attack

Day 2

  • Sniping cleartext passwords from GPOs with the MS14-025 vulnerability

    Active Directory attack path enumeration using PowerShell and BloodHound

  • Capturing and cracking password hashes from “Kerberoastable” and “ASREPRoastable” accounts

  • Abusing network protocols to capture and crack account credentials with Inveigh and Hashcat

  • Exploiting Group Policy objects that have weak passwords and misconfigurations


Day 3

  • Dumping all domain credentials with Mimikatz

  • Setting credential “traps” and pass-the-hash attacks with CrackMapExec

  • Scraping system passwords from memory with Mimikatz

  • Exploiting unconstrained delegation to impersonate Domain Administrators!

Testimonials

Here’s what some of our students say about Light Pentest LITE:

“7 Minute Security’s Light Pentest LITE training gave me much-needed context around pentesting techniques for Active Directory. Brian is an excellent and efficient instructor. He’s great at using metaphors and storytelling to teach, increasing both enjoyment and retention. He explains his pentesting methods in terms of real-world situations that his team has encountered and how their usefulness has changed over time. The materials he provides are excellent too, and I find myself referring back to them often. Overall a great class that directly applies to the real world!”

“The ‘7 Minute Security Light Pentest LITE’ class, led by the incredible instructor Brian Johnson, was an absolute delight! Over three days, four hours each day, we had a hands-on learning experience at a perfect pace. Brian’s expertise and engaging teaching style made the class both educational and entertaining. With real-life examples and clear explanations, nobody was left behind. We immediately applied what we learned through practical exercises. If you’re curious about pentesting, don’t miss this informative and fun class led by Brian. It’s an unforgettable learning experience in just a short time!” – Tim, Cybersecurity Analyst

This session – offered either in-person or online – is aimed to arm employees with a good mix of general security knowledge to help them be more secure at work and home. Here’s what the session covers:

Outline

Topics covered include in this presentation include:

  • Picking awesome passwords – strategies to pick a stronger hacker-resistant passwords, walkthrough of using password vaults, as well as an overview of places you should not store your password!

  • Defending your digital identity – monitoring your online identity for hacks/breaches, and freezing your personal credit so attackers don’t abuse it

  • Multi-factor authentication – what it is, how to use it, and why it makes your account 99.9% less likely to be compromised

  • Safe computing practices – how to better secure and care for your home and/or work machine

  • Backups – building a backup strategy, and why you can never have too many copies of your important information 🙂

  • Kill your curiosity – tips for sniffing out phishy emails, and tools to scrutinize links before you click them

  • Securing the home office – ways to keep your computer and work data safe and private

How is training delivered?
Remote training sessions are preferred at this time, but in-person sessions are possible. Contact us to discuss further.

Where can I see some of the past presentations 7 Minute Security done?
To get a feel for our speaking/training style, we welcome you to check out our YouTube videos or listen to our podcast.  Or, better yet, come see us live virtually or at an in-person event near you!

What skills do I need to take your Light Pentest LITE (Live Interactive Training Experience)?
A solid familiarity with the Windows 10 OS, networking, command line, PowerShell and Active Directory is preferred – but not required. We’ve had folks from all walks of career life (blue team, red team, developers and even hobbyists) take and enjoy this course.

I’m interested! Where can I get more information, like pricing?!
Please drop us a line or give us a call and let’s chat!