OS Exploits E-Learning Training 

Leer kwetsbaarheden herkennen en verhelpen in Windows- en Linux-systemen.

Een stevige beveiligingsstrategie begint bij het begrijpen van hoe besturingssystemen kunnen worden misbruikt. In deze training duik je diep in de wereld van OS-exploits, waarbij je leert hoe aanvallers bekende kwetsbaarheden in Windows en Linux uitbuiten — en hoe jij ze kunt detecteren, analyseren én mitigeren.

Wat je leert:

• Verzamelen van inlichtingen over kwetsbaarheden
• Analyse van veelvoorkomende exploits in Windows-diensten
• Oplossen van problemen met legacy software
• Technieken voor post-exploitatie en detectie
• Exploit staging en analyse voor Linux-systemen
• Werken met Linux-native penetration tools en beveiligingsarchitecturen

Deze training maakt deel uit van een Agile Learning Kit met e-learning, labs, assessments, mentorhulp en 365 dagen toegang.

Waarom kiezen voor deze opleiding?

• Ontwikkel diepgaand inzicht in besturingssysteembeveiliging
• Leer zowel preventieve als reactieve exploitstrategieën
• Combineer theorie met praktijk in realistische labs
• Behandel zowel Windows als Linux omgevingen
• Inclusief examens, mentorondersteuning en 365 dagen toegang

Wie zou moeten deelnemen?

Deze training is perfect voor:

• Securityprofessionals en ethical hackers
• Systeembeheerders en OS-specialisten
• SOC-analisten en incident responders
• IT’ers die hun OS-beveiligingskennis willen versterken

Deze Learning Kit met meer dan 14 leeruren is verdeeld in drie sporen:

Demo OS Exploits Training

Cursusinhoud

E-learning courses (14 hours +)

Windows Exploits and Forensics: Intelligence Gathering

Course: 1 Hour, 28 Minutes

• Course Overview
• The Open-source Intelligence (OSINT) Methodology
• Conducting an OSINT Investigation
• Social Engineering Target Identification
• Network Scanning for Open Ports
• Conducting an Nmap Scan
• Common Windows Services and Their Ports
• System Scanning and Enumeration Tools
• Conducting a Windows System Scan
• Standard Kali Tools
• Using Metasploitable: Common Commands and Issues
• Windows Exploit Discovery
• Course Summary

Windows Exploits and Forensics : Windows Environments

Course: 1 Hour, 32 Minutes

• Course Overview
• The Security Features and Controls on Windows Hosts
• Windows Server Operating System Types
• Intrusion Detection and Prevention in Windows
• The MITRE ATT&CK Framework and Windows Intrusions
• The Logging Features in Windows
• Viewing Event logging
• The Different Windows Account Types
• Using Windows Commands
• How Windows Permissions Work
• NT (New Technology) LAN Manager (NTLM) in Windows
• Cracking an NTLM Hash
• Using the Windows Registry
• Artifacts Found in Windows OS
• How Active Directory and Kerberos Work
• Course Summary

Windows Exploits and Forensics: SMB & PsExec

Course: 1 Hour, 6 Minutes

• Course Overview
• SMB Permissions and Defaults
• SMB Enumeration
• Enumerating SMB Shares
• Identifying Vulnerabilities in SMB
• SMB Attack Methods
• Conducting an SMB Brute Force Attack
• Conducting an SMB Denial of Service
• Exploiting a System Using SMB Reverse Shell
• How the PsExec Utility Works
• Executing Remote Commands with PsTools
• Executing a Pass the Hash Attack with Mimikatz
• A Background to the EternalBlue Exploit
• Using the EternalBlue Vulnerability to Attack
• Course Summary

Windows Exploits and Forensics: FTP, RDP, & Other Services

Course: 1 Hour, 13 Minutes

• Course Overview
• Windows Service Exploitation
• Enumerating Data from FTP
• FTP Attack Methods
• Conducting a Brute Force Attack on an FTP Server
• IIS with Windows and FTP Clients
• FTP/IIS Reverse Shell
• RDP in a Windows Environment
• RDP Attack Methods
• Enumerating Using RDP
• Exploiting an RDP system Using BlueKeep
• Working with WMI
• Exploiting WMI on a Windows-based System
• Course Summary

Windows Exploits and Forensics: Legacy Systems & Third Party Applications

Course: 58 Minutes

• Course Overview
• Common Attacks on Windows Hosts
• Common Attacks on Windows Servers
• Scanning for Potential Vulnerabilities
• Enumerating Data from Services
• Running an Exploit to Gain Credentials
• Running an Exploit to Gain a Reverse Shell
• Common Third-party Applications in Windows
• Finding Vulnerabilities for Third-party Applications
• Exploiting Third-party Applications in Windows
• Avoiding Honeypots
• Course Summary

Windows Exploits and Forensics: Post Exploitation

Course: 1 Hour, 24 Minutes

• Course Overview
• Privilege Escalation Methods
• Conducting a Basic Privilege Escalation
• Using the DLL Injection
• Pivot between Hosts
• Stealing User Credentials
• Using PowerView to Enumerate Information
• Using BloodHound to Gain Admin Privileges
• Cleanup Methods to Hide Your Tracks
• Cleaning up Post Attack
• APT and Configuration Methods
• Configuring APT after Exploitation
• Using the Nuclear Option to Clean up Post Attack
• Course Summary

Linux Exploits & Mitigation: Staging for Exploit Analysis

Course: 1 Hour, 5 Minutes

• Course Overview
• Leveraging Virtual Environments
• Setting up QEMU
• Launching Linux in QEMU
• Mounting Filesystems
• Compiling Linux Kernels
• Networking under QEMU
• Architectural Considerations
• Emulating Architectures in QEMU
• Saving Machine States
• Monitoring System Info
• Staging Vulnerabilities
• Protecting Staging Environments
• Course Summary

Linux Exploits & Mitigation: Program Essentials

Course: 1 Hour, 21 Minutes

• Course Overview
• Programming in Memory
• Running GDB
• Disassembling a Program
• Dumping Objects
• Protection Rings
• Kernel and Userland Separation
• The GNU C Library
• Using Syscalls with C
• Using Syscalls with Assembly
• Linux System Call Table
• Querying Implemented System Calls
• Executing Programs
• Segmenting Programs
• Course Summary

Linux Exploits & Mitigation: String Vulnerability Analysis

Course: 1 Hour, 10 Minutes

• Course Overview
• Exploiting Strings
• Formatting String Weaknesses
• Overflowing the String Buffer
• Compiling String Weaknesses
• Copying String Weaknesses
• Catching Input Vulnerabilities
• Generating String Weaknesses
• Checking Strings Safely
• Looping Over Strings Safely
• Executing Unsafe Strings
• Injecting Code in Strings
• Returning Strings Safely
• Course Summary

Linux Exploits & Mitigation: Memory and Pointer Vulnerabilities

Course: 1 Hour, 11 Minutes

• Course Overview
• Allocating Memory
• Overflowing the Heap
• Dangling Pointers
• Dereferencing NULL
• Exploiting the Heap
• Using After-free
• Overflowing the Stack
• Accessing Out-of-bounds
• Looping Off-by-one
• Corrupting Memory
• Executing Arbitrary Code
• Exploiting Out-of-bounds
• Course Summary

Linux Exploits & Mitigation: Penetration Tools

Course: 1 Hour

• Course Overview
• Exploring Metasploit Commands
• Running a Vulnerable Environment
• Exploiting a Vulnerable Web Service
• Scanning SMTP
• Exploiting Vulnerable File Sharing
• Uploading Injections
• Searching for Exploits
• Detecting Exploits
• Scanning with RouterSploit
• Inspecting Opcodes
• Converting Shellcode
• SQL Injection
• Course Summary

Linux Exploits & Mitigation: Linux Exploit Architecture

Course: 57 Minutes

• Course Overview
• Avoiding Kernel Race Conditions
• Executing Shellcode
• Out-of-order Execution
• Integer Vulnerabilities and Prevention
• Compiler Warnings for Security and Stability
• Stack Smashing Mitigations
• Use-after-free Consequences
• Spectre and Meltdown Vulnerabilities and Mitigation
• Write XOR Execute (W^X)
• Considerations and Mitigations to Vulnerabilities and Exploits
• Privilege Escalation Targets
• Processes and Tasks Exploits
• Course Summary

Assessment: OS Exploits

Will test your knowledge and application of the topics presented throughout the OS Exploits courses.

Practice Lab: OS Exploits (estimated duration: 7 hours)

Perform OS exploits such as system event auditing, testing for RDP vulnerabilities, constructing  a MSFvenom injection payload, and running a virtual environment. Then, debug and disassemble a program, catch common vulnerabilities, and recognize the dangers with pointers.