This course aims to teach that no threat is quite as impactful as physical access! Both experienced pen tester and average defender alike will take both new tools and valuable insight away with them. A hands-on practical one day course where you will learn by doing, building your tools and platform that you will take away with you. Practice in our safe environment against targets in a lab designed to support your development.
The course arms pen testers with the tools necessary to progress your assessment through physical access. We will equip you with the tools needed to perform various Human Interface Device (HID) attacks, Password hash capture from locked machines, SSL HSTS defeat, HTTP cache poisoning and even Tempest intercept! You will also be given the chance to test your newly built attack and experiment with your own attacks against targets in our safe environment.
This course also gives users, Security managers and Risk managers keen insight to how physical attacks are performed. What the impact is and how to mitigate and protect against them.
This course is designed for IT professionals and technical managers who want to understand physical attacks and how best to address them. The course will also be of benefit to IT systems analysts, designers and software developers.
There are no specific pre-requisites for this course. However a general understanding of development practices and a broad understanding of current threats would be desired. There are group exercises, and instructor led ‘hands-on’ labs within each module of this course. Delegates can observe the instructor demonstrations or engage fully with each hands-on lab, subject to experience.
The intended audience for this course is primarily Project Managers, Business Analysts, Junior Developers and Designers. Plus anyone with an interest in building and maintaining secure systems lifecycle.
Note: This course is not designed for the experienced software developer and does not cover hands-on coding.
Delegates will learn how to:
- How to evaluate, reduce, monitor and secure the physical attack surface (PAS)
- Prepare, plan and conduct physical attack surface attacks
- About human interface device attacks (HID), practical generation and deploying payloads
- Insights surrounding common network attacks, Inc. wired, wireless and USB
- Understand and carry out common pen test tooling and automation techniques
- Create, build and deploy a network attack platform (to take away with you post course)
- Post exploitation tasks and instrumentation - practical cracking
- Discover the secrets of Tempest attacks, overcoming range limitations and build a Tempest VM Lab
- What are physical attacks?
- Evaluating the physical attack surface
- Reducing the physical attack surface
- Monitoring the physical attack surface
- Securing the physical attack surface
Human Interface Device attacks (HID)
- What are HID attacks, why attack a HID?
- Equipment needed
- Payload Generation
- Payload Delivery
- Wireless HID Demo
- Live Demo
- Build HID Workshop
- Deploy HID Workshop
Network Interface attacks
- What are network attacks
- Ethernet, WiFi, USB
- Why Network attacks?
- Tool installation and automation
- Build network attack platform (NAP) workshop
- Deploying a network attack platform
- Post exploitation - cracking
- Pass The Hash and Kerberos Golden Ticket
- What is Tempest?
- Building Tempest VM Workshop
- Deploying Tempest
- Overcoming range limitations workshop