Mar 29, 2024  
2019-2020 Course Catalog 
    
2019-2020 Course Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CVF 2130 - Advanced Windows Hacking

Credits: 3
Hours/Week: Lecture 2 Lab 2
Course Description: This course build on the topics covered in CVF 2086 and CVF 2088. The focus of this class is on how to identify and abuse weaknesses found in Windows environments. Case scenarios include learning about Windows Active Directory enumeration, privilege escalation methods, Windows credential abuse, lateral movement in a Windows environment, PowerShell attacks, and how cybercriminals maintain persistence in a Windows environment. Hands-on labs will be used to throughout this course.
MnTC Goals
None

Prerequisite(s): CVF 2086  with grades of C or higher OR instructor consent.
Corequisite(s): None
Recommendation: None

Major Content
1. Windows and Active Directory Enumerations

  1. Group Policies
  2. Shares
  3. Users/Accounts
  4. System Files
  5. Open Ports
  6. Automated Discovery Tools

2. PowerShell Attacks

  1. Invoking Expressions
  2. Bypassing Protections
  3. Evading Logs
  4. PowerShell Attack Tools

3. Windows Privilege Escalation Methods

  1. Unquoted Service Paths
  2. Accessibility Features
  3. Application Shimming
  4. DLL Hijacking

4. Windows Credential Attacks

  1. Group Policy Preferences
  2. Unattended Instalattions
  3. Password Hashes
  4. Mimikatz
  5. Shares
  6. Kerberos
  7. Domain Controller Syncs

5. Windows Environment Lateral Movement

  1. Common Remote Protocols
  2. SMB Replay Attacks
  3. Malicious Shares
  4. Shared Web Roots

6. Windows Man in the Middle Attacks

  1. NBNS/LLMNR Spoofing
  2. Windows Proxy Auto Discovery
  3. Active Directory DNS Spoofing

7. Windows Persistence Methods

  1. Scheduled Tasks
  2. DLL Hijacking
  3. Services
  4. Logon Scripts
  5. Backdoor Accounts

Learning Outcomes
At the end of this course, students will be able to:

1. identify critical vulnerabilities in Active Directory and how they could be abused.

2. identify critical vulnerabilities in Windows Operating Systems and how they could be abused.

3. articulate how to remediate critical vulnerabilities in Windows environments.

4. identify tools and resources needed to simulate advanced Windows attacks to test security controls.

5. explain the value of simulating and testing advanced Windows attacks in a corporate environment.

6. create robust vulnerability/simulation documentation.

7. identify security gaps in a Windows environment through testing.

8. execute Windows privilege escalation techniques.

9. explain how native Windows configurations and protocols can be abused in man in the middle attacks.

10. explain integrated Windows environment can be abused by an adversary to laterally access sensitive data.

11. apply PowerShell techniques for Windows attacks.

12. use Windows operating systems to maintain access while remaining hidden.

13. discover and examine Windows environments to find and abuse weaknesses.
Competency 1 (1-6)
None
Competency 2 (7-10)
None


Courses and Registration



Add to Portfolio (opens a new window)