OS Exploits

As a security operations person, you'll need to employ various Windows exploitation techniques to attack vulnerable target software and services. This course covers the various intelligence gathering techniques used for conducting offensive security operations against a Windows-based network to identify possible vulnerabilities. You'll start by examining open source intelligence (OSINT) gathering techniques and sources before conducting your own OSINT investigation. Next, you'll explore the use of social media and other tools for finding targets for social engineering exercises. You'll then examine common Windows services and their ports and tools for conducting basic enumeration. Moving along, you'll practice network scanning for open ports, scanning a Windows-based system, and enumerating data. Lastly, you'll explore various tools used in the Kali hacking environment, the use of Metasploitable, and common locations to find Windows exploits.

As a security operations person, you'll need to tailor your methods to suit the operating system your working with. This course covers some of the core competencies required to conduct offensive security operations against a Windows environment. Throughout this course, you'll learn how to recognize the differences between various Windows versions. You'll examine the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in a Windows environment. You'll then learn about the MITRE ATT&CK framework and how it relates to Windows intrusions and identify the different Windows logging mechanisms. Next, you'll practice using event logging, basic PowerShell commands, and the Windows Registry. You'll then explore how the Windows hashing algorithm works and practice cracking an NTLM hash value. Lastly, you'll investigate different data artifacts within Windows and outline how best to work with Active Directory and Kerberos.

When carrying out security operations in a Windows environment, you need to know what kind of attacks, exploits, and vulnerabilities to look out for. This course covers two of the most common services used to attack a Windows-based network - SMB and PsExec - along with some popular attack methodologies. You'll start by examining SMB permissions and default settings. You'll then explore tools to enumerate SMB shares and data. Next, you'll investigate how to identify SMB vulnerabilities and recognize SMB attacks. You'll then conduct different SMB exploits, including brute force and denial of service attacks. You'll move on to outline how PsExec works and use it to execute remote commands. Finally, you'll practice exploiting PsExec using various tools, including the EternalBlue exploit.

To protect an operating system, you must first know how to exploit it. This course covers some of the standard Windows services that have known exploits available for them, which can be used in offensive security operations against a Windows environment. You'll start by enumerating data from a Windows-based FTP server before practicing methods used to attack FTP services. You'll then learn how to attack IIS-based systems. Next, you'll examine the RPD protocol and learn methods of attacking the Windows RDP service. Finally, you'll investigate how WMI works and learn to exploit WMI on a Windows-based machine. This course involves conducting brute force attacks, reverse shells, and using the BlueKeep security vulnerability.

When an organization uses systems that are no longer serviced and supported and therefore, do not receive security updates, they expose themselves to serious security attacks. To ensure a healthy network ecosystem, security operations personnel must be aware of the vulnerabilities these systems are exposed to. In this course, you'll explore how to conduct offensive security operations against legacy Windows-based systems. You'll learn to recognize older versions of Windows, identify common exploits for these older versions, and scan Server 2008 for vulnerabilities. You'll then learn how to enumerate Server 2008, exploit legacy systems, and gain a reverse shell on a legacy system. You'll then learn how to recognize common third-party applications and vulnerabilities and how to exploit them. Finally, you'll learn how to identify and avoid a honeypot.

As a penetration tester, it's vital that you are familiar with advanced methods of conducting offensive security operations against Windows environments. In this course, you'll learn to recognize common post exploitation activities within a Windows environment and how to configure an advanced persistent threat. You'll start by learning how to escalate privileges, use a DLL injection attack, pivot between systems, and crack user credentials. You'll then examine how to use PowerView to enumerate information and use BloodHound to 'walk the dog' and gain domain admin privileges. Finally, you'll learn how to clean up post attack to cover your tracks, create an advanced persistent threat, and use a ransomware attack to lock a system.

Analyzing kernel vulnerabilities requires an environment to carry out the reproduction of exploits. Being able to quickly and securely stage an operating system is essential. In this course, you'll explore virtual environments and stage systems using QEMU. You'll develop an approach to setting up virtual environments for the Linux kernel, complete with network support. You'll install Linux kernels by version and compile Linux kernels from scratch. Next, you'll investigate architectural considerations, emulate architectures in QEMU, and gather system info from your staging environment. Finally, you'll examine vulnerability considerations that might affect the virtual environment itself and identify safeguards for protecting your computing environments when carrying out exploit analysis. By the end of this course, you'll be able to launch an instance of Alpine Linux, configure networking options, and emulate an Alpine Linux ARM variant within a QEMU environment.

Navigating the space between userland and kernel and how it impacts how programs reside and execute inside of an operating system can lead to a better understanding of how it's exploited. Being able to debug, disassemble, and dump programs are essential to finding vulnerabilities. In this course, you'll investigate the structure of the Linux kernel, system calls, and program interfaces by running, debugging, and disassembling code. You'll explore how programs fit in memory and how they are protected and executed. You'll debug and disassemble code into its assembly for inspection. Next, you'll explore the GNU C implementation of the standard library and interface using syscalls and the Linux system call table. Finally, you'll explore how programs and scripts are executed and how they are segmented in memory.

String vulnerabilities are at the core of a wide range of exploits. Being able to recognize, debug, and fix unsafe string manipulation code is essential to avoiding vulnerabilities. In this course, you'll explore how string code can be written safely and how strings vulnerabilities are exploited. You'll look at the most common format string vulnerabilities in the C programming language and what it means to overflow a string buffer. You'll debug string exploits, including vulnerabilities introduced by common string output and manipulation functions. Next, you'll correct common errors, check strings for safety, loop over strings, and see what happens when unsafe strings are executed in a program. Finally, you'll describe how code can be injected via strings and how strings can be returned safely.

Memory and pointer vulnerabilities come from a number of common programmer mistakes. Being able to recognize, debug, and fix unsafe memory allocation and access errors is essential to avoiding vulnerabilities. In this course, you'll explore how memory and pointer vulnerabilities arise and how they lead to program errors and exploits. You'll look at how memory is allocated and accessed in a typical C program. You'll investigate what causes heap and stack overflows, use-after-free (UAF) vulnerabilities, and out-of-bounds access errors. In addition, you'll recognize dangling pointers, NULL dereferences, and off-by-one loops. Finally, you'll delve into how coding errors lead to corrupted memory and arbitrary code execution.

The baseline of security for any computer system is a defense against known exploits and attacks. In this course, you'll learn how to employ the core pentesting tools to help validate that your systems and software are secure against known attacks. You'll start by learning how to leverage the capabilities of Metasploit by using its basic commands, payloads, and options. You'll then explore Metasploitable, Commix, as well as Exploit Database, SearchSploit, and the Linux Exploit Suggester. Next, you'll learn how to use RouterSploit and ShellNoob to carry out tests. Finally, you'll examine how to use SQLMap to explore how SQL injection attacks are formed and how to protect against them.

Vulnerabilities vary by architecture and family of processor. Recognizing the processor implementations and the differences that lead to an exploit is essential. In this course, you'll explore different classes of vulnerabilities based on the computing environment. You'll learn about the architectural differences and system implementations that lead to race conditions, shellcode and out-of-order execution vulnerabilities. You'll explore mitigations and protections to prevent stack smashing, use-after-free, and integer vulnerabilities. Next, you'll examine contemporary exploits such as Spectre and Meltdown and mitigations provided by Write XOR Execute (W^X). Finally, you'll investigate protections to prevent privileged escalation and exploiting processes and tasks.

Final Exam: OS Exploits will test your knowledge and application of the topics presented throughout the OS Exploits track of the Skillsoft Aspire OS Exploits Journey.