OS Exploits E-Learning

A key component in hardening security for you organization is understanding operating system exploits and how to remediate problems. In this Learning Kit, you will learn about common Microsoft and Linux exploits and tools and techniques to address these vulnerabilities. In this journey you will learn about intelligence gathering, learn about common exploits in Windows environments and associated services, how to issues with legacy software and techniques for post exploitation activities in a Windows system. Similarly for Linux environments, you will learn how to stage for exploit analysis, key vulnerabilities for Linux systems and daemons, penetration tools native to Linux to help identify vulnerabilities, and architectures with Linux to help deal with exploits. After completing this learning, you will be able to address vulnerabilities for both Linux and Windows environments.

Learning Kits are structured learning paths, mainly within the Emerging Tech area. A Learning Kit keeps
the student working toward an overall goal, helping them to achieve your career aspirations. Each part takes the student step by step through a diverse set of topic areas. Learning Kits are
made up of required tracks, which contain all of the learning resources available such as Assessments (Final Exams), Mentor, Practice Labs and of course E learning. And all resources with a 365 days access from first activation.

This Learning Kit, with more than 14 hours of online content, is divided into the following tracks:

Course content

E-learning courses (14 hours +)

Windows Exploits and Forensics: Intelligence Gathering

Course: 1 Hour, 28 Minutes

• Course Overview
• The Open-source Intelligence (OSINT) Methodology
• Conducting an OSINT Investigation
• Social Engineering Target Identification
• Network Scanning for Open Ports
• Conducting an Nmap Scan
• Common Windows Services and Their Ports
• System Scanning and Enumeration Tools
• Conducting a Windows System Scan
• Standard Kali Tools
• Using Metasploitable: Common Commands and Issues
• Windows Exploit Discovery
• Course Summary

Windows Exploits and Forensics : Windows Environments

Course: 1 Hour, 32 Minutes

• Course Overview
• The Security Features and Controls on Windows Hosts
• Windows Server Operating System Types
• Intrusion Detection and Prevention in Windows
• The MITRE ATT&CK Framework and Windows Intrusions
• The Logging Features in Windows
• Viewing Event logging
• The Different Windows Account Types
• Using Windows Commands
• How Windows Permissions Work
• NT (New Technology) LAN Manager (NTLM) in Windows
• Cracking an NTLM Hash
• Using the Windows Registry
• Artifacts Found in Windows OS
• How Active Directory and Kerberos Work
• Course Summary

Windows Exploits and Forensics: SMB & PsExec

Course: 1 Hour, 6 Minutes

• Course Overview
• SMB Permissions and Defaults
• SMB Enumeration
• Enumerating SMB Shares
• Identifying Vulnerabilities in SMB
• SMB Attack Methods
• Conducting an SMB Brute Force Attack
• Conducting an SMB Denial of Service
• Exploiting a System Using SMB Reverse Shell
• How the PsExec Utility Works
• Executing Remote Commands with PsTools
• Executing a Pass the Hash Attack with Mimikatz
• A Background to the EternalBlue Exploit
• Using the EternalBlue Vulnerability to Attack
• Course Summary

Windows Exploits and Forensics: FTP, RDP, & Other Services

Course: 1 Hour, 13 Minutes

• Course Overview
• Windows Service Exploitation
• Enumerating Data from FTP
• FTP Attack Methods
• Conducting a Brute Force Attack on an FTP Server
• IIS with Windows and FTP Clients
• FTP/IIS Reverse Shell
• RDP in a Windows Environment
• RDP Attack Methods
• Enumerating Using RDP
• Exploiting an RDP system Using BlueKeep
• Working with WMI
• Exploiting WMI on a Windows-based System
• Course Summary

Windows Exploits and Forensics: Legacy Systems & Third Party Applications

Course: 58 Minutes

• Course Overview
• Common Attacks on Windows Hosts
• Common Attacks on Windows Servers
• Scanning for Potential Vulnerabilities
• Enumerating Data from Services
• Running an Exploit to Gain Credentials
• Running an Exploit to Gain a Reverse Shell
• Common Third-party Applications in Windows
• Finding Vulnerabilities for Third-party Applications
• Exploiting Third-party Applications in Windows
• Avoiding Honeypots
• Course Summary

Windows Exploits and Forensics: Post Exploitation

Course: 1 Hour, 24 Minutes

• Course Overview
• Privilege Escalation Methods
• Conducting a Basic Privilege Escalation
• Using the DLL Injection
• Pivot between Hosts
• Stealing User Credentials
• Using PowerView to Enumerate Information
• Using BloodHound to Gain Admin Privileges
• Cleanup Methods to Hide Your Tracks
• Cleaning up Post Attack
• APT and Configuration Methods
• Configuring APT after Exploitation
• Using the Nuclear Option to Clean up Post Attack
• Course Summary

Linux Exploits & Mitigation: Staging for Exploit Analysis

Course: 1 Hour, 5 Minutes

• Course Overview
• Leveraging Virtual Environments
• Setting up QEMU
• Launching Linux in QEMU
• Mounting Filesystems
• Compiling Linux Kernels
• Networking under QEMU
• Architectural Considerations
• Emulating Architectures in QEMU
• Saving Machine States
• Monitoring System Info
• Staging Vulnerabilities
• Protecting Staging Environments
• Course Summary

Linux Exploits & Mitigation: Program Essentials

Course: 1 Hour, 21 Minutes

• Course Overview
• Programming in Memory
• Running GDB
• Disassembling a Program
• Dumping Objects
• Protection Rings
• Kernel and Userland Separation
• The GNU C Library
• Using Syscalls with C
• Using Syscalls with Assembly
• Linux System Call Table
• Querying Implemented System Calls
• Executing Programs
• Segmenting Programs
• Course Summary

Linux Exploits & Mitigation: String Vulnerability Analysis

Course: 1 Hour, 10 Minutes

• Course Overview
• Exploiting Strings
• Formatting String Weaknesses
• Overflowing the String Buffer
• Compiling String Weaknesses
• Copying String Weaknesses
• Catching Input Vulnerabilities
• Generating String Weaknesses
• Checking Strings Safely
• Looping Over Strings Safely
• Executing Unsafe Strings
• Injecting Code in Strings
• Returning Strings Safely
• Course Summary

Linux Exploits & Mitigation: Memory and Pointer Vulnerabilities

Course: 1 Hour, 11 Minutes

• Course Overview
• Allocating Memory
• Overflowing the Heap
• Dangling Pointers
• Dereferencing NULL
• Exploiting the Heap
• Using After-free
• Overflowing the Stack
• Accessing Out-of-bounds
• Looping Off-by-one
• Corrupting Memory
• Executing Arbitrary Code
• Exploiting Out-of-bounds
• Course Summary

Linux Exploits & Mitigation: Penetration Tools

Course: 1 Hour

• Course Overview
• Exploring Metasploit Commands
• Running a Vulnerable Environment
• Exploiting a Vulnerable Web Service
• Scanning SMTP
• Exploiting Vulnerable File Sharing
• Uploading Injections
• Searching for Exploits
• Detecting Exploits
• Scanning with RouterSploit
• Inspecting Opcodes
• Converting Shellcode
• SQL Injection
• Course Summary

Linux Exploits & Mitigation: Linux Exploit Architecture

Course: 57 Minutes

• Course Overview
• Avoiding Kernel Race Conditions
• Executing Shellcode
• Out-of-order Execution
• Integer Vulnerabilities and Prevention
• Compiler Warnings for Security and Stability
• Stack Smashing Mitigations
• Use-after-free Consequences
• Spectre and Meltdown Vulnerabilities and Mitigation
• Write XOR Execute (W^X)
• Considerations and Mitigations to Vulnerabilities and Exploits
• Privilege Escalation Targets
• Processes and Tasks Exploits
• Course Summary

Assessment: OS Exploits

Will test your knowledge and application of the topics presented throughout the OS Exploits courses.

Practice Lab: OS Exploits (estimated duration: 7 hours)

Perform OS exploits such as system event auditing, testing for RDP vulnerabilities, constructing  a MSFvenom injection payload, and running a virtual environment. Then, debug and disassemble a program, catch common vulnerabilities, and recognize the dangers with pointers.