Training Abstract
 

The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to:

 

1. Perform a comprehensive penetration test against Active Directory environments.

2. Spot a bad penetration test. 

 

We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting. 

​

Class Schedule:

​

Day 1:

 

• What does a good pen test look like?

• Pre-assessment activities

• Passive and active information gathering

• Vulnerability analysis in an Active Directory environment

• Exploitation

​

Day 2

​

• Post exploitation 

• Lateral movement

• Domain privilege escalation

• Reporting

​

A Note to Prospective Students: 

​

An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Windows administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, and what HTTP GET and POST requests look like. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based. 

 

Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. A VirtualBox image of customized Kali Linux will be provided. Instructors will not provide support for VMWare, Parallels, Hyper-V, or other virtualization platforms. 

 

Lab connectivity guide and Kali Linux image will be provided to students a week before the class. 

​

Trainer Bio

​

​

​

​

​

​

Qasim Ijaz, Director of Offensive Security, Blue Bastion Security

​

Qasim "Q" Ijaz is the Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.