Windows OS Exploits Proficiency (Advanced Level)

  • 30m
  • 30 questions
The Windows OS Exploits Proficiency benchmark measures whether a learner has had extensive exposure in Windows operation system technologies, practices, and principles, and working experience and exposure to common OS exploits and techniques. A learner who scores high on this benchmark demonstrates professional proficiency in all of the major areas of Windows exploits analysis and tooling.

Topics covered

  • define what PsExec is and describe how it works
  • describe the background of the EternalBlue exploit and outline how it works on Windows systems
  • describe the features of WMI and how it works
  • describe the hashing algorithm used to store Windows passwords
  • discover IIS and how it relates to Windows and FTP Clients
  • identify common attacks against legacy Windows host-based machines
  • identify common attacks against legacy Windows Server-based machines
  • identify common Windows services and their ports
  • identify different Windows Server operating systems and their various uses within the environment
  • identify the location of command Windows-based logs and the event viewer
  • identify what to look for using social media and other tools when finding targets for social engineering exercises
  • list and describe various artifacts created within the Windows operating system
  • list common third-party applications used in Windows environments
  • list various tools and techniques used to enumerate SMB
  • name the various user and service accounts within a Windows Active Directory environment
  • outline how Kerberos works and some common Active directory misconfigurations
  • outline how NTFS and Active Directory permissions work and some of their common misconfigurations
  • outline how to find vulnerabilities for third-party applications
  • outline how to identify potential vulnerabilities in SMB
  • outline how to scan a network for open ports
  • outline how to scan a system and name tools used to conduct basic enumeration
  • outline the various methods of attacking FTP services
  • outline various methods of attacking SMB
  • outline what RDP is and how it works within a Windows environment
  • recognize a honeypot and how to avoid falling into their trap
  • recognize common locations to find Windows exploits
  • recognize how to exploit common Windows services, such as FTP, RDP, and others
  • recognize the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) within a Windows environment
  • recognize the standard security features and controls placed on Windows hosts
  • state various methods of attacking the Windows RDP service