Corporate Laboratories 2016 - practical training in the field of information security

In the modern realities of the digital world, you need to have relevant knowledge in the issue of information security to build the most effective protection of infrastructure. For this, it is necessary to have the knowledge and skills of how to build protection systems, and practical experience of compromising modern information systems.

As part of the Corporate Laboratories program, we consider modern attack scenarios and countermeasures, as well as a combination of old attack vectors to create new compromise scenarios. The theoretical part of the training program correlates with a specially created laboratory to consolidate the skills acquired in practice.

In corporate laboratories, we try to cover the spectrum of modern threats - from perimeter attacks (web, network resources, social engineering), to post-exploitation - privilege elevations, advancement techniques inside a compromised system and concealment of traces. The final stage should be the detection of attacks, carrying out activities aimed at fixing the attack, eliminating its consequences and collecting evidence.
')
As an example, our specialists have prepared several short videos, revealing interesting techniques from the field of practical information security.

Combined attacks on web applications

An attack on a network infrastructure usually starts from the outer perimeter, and the company's website or web application becomes one of the first attack targets.

Sometimes a combination of seemingly simple vulnerabilities can lead to serious consequences. In this video, we will look at how Cross Site Request Forgery and Cross Site Scripting can be combined to launch an attack on a web application.

PowerShell Empire Post-Operation Framework Review

After gaining access to one of the machines on the network, attackers can try to elevate privileges and try to use the attacked machine as a springboard for moving inside the network or for collecting critical data.

The video is a practical example of working with the PowerShell Empire framework. Immediately after receiving the agent, an attempt is made to bypass the UAC, then, after receiving another agent (with changed privileges), the module is loaded into the victim’s RAM, which is the mimikatz implementation, which allows you to extract sensitive data (hashes) from the local SAM database. Finally, the module is used to pin on a compromised system, which adds a new local user and adds it to the local administrators group.

Post-operation of Linux systems

The share of Linux machines, both in the corporate environment and in the private sector, becomes significantly weighty, therefore, the vector of attacks on these systems has increased significantly in recent years.

This video shows one of the simplest post-operation options for a network consisting of two Linux systems. The following applications / scripts are shown: Linux_Exploit_Suggester - analyzes the system in which it is running. From the database of current vulnerabilities receives information about the vulnerabilities of the system (for OS and kernel). Brootkit - a simple rootkit, written in bash, RopeADope - cleaning log files, sucrack - a utility for brute-force passwords for local users.

Analysis of the infected workstation

For one reason or another, a computer may be infected with malware and it may be necessary to carry out measures to identify and analyze it (for example, to collect evidence or to conduct cybercrime investigations).

This video describes the techniques for identifying malicious software (Zeus Bot) in the image of an infected machine using the Volatility Framework.



The experience of our employees allows us to effectively increase the level of knowledge of specialists trained in corporate laboratories , and their format (20% of webinars and 80% of practice) allows us to build the learning process as efficiently as possible.