Major 2020 update OSCP/PWK training
In October 2020 Offensive Security and TSTC will bring you the updated OSCP/PWK Live Classroom Training for the first time in Europe. In this blog Offensive Security explains what's changed and what's completely new in the 2020 course.
Door Offensive Security
What has changed in the OSCP / PWK 2020 update?
The 2020 PWK overhaul more than doubles the amount of course content and adds 33% more lab machines to provide you with even more practice and experience.
What's new in PWK for 2020?
Bash Scripting: While we still recommend having some experience prior to starting the course, we’ve expanded and separated the Bash scripting portion of the Getting Comfortable with Kali Linux module to ensure students get even more time with Bash.
Introduction to Buffer Overflows: This module contains detailed explanation of the principles behind buffer overflow attacks and introduces the student to the x86 architecture, program memory, and CPU registers.
Active Directory Attacks: Learn Kerberos and NTLM attacks, and lateral movements.
PowerShell Empire: This module introduces students to PowerShell Empire and the use of its modules to assist with local privilege escalation and lateral movements.
Other Dedicated lab machines: You’ll be provided with three dedicated lab machines for the exercises (Windows 10 client, Windows 2016 Active Directory, Debian client).
Labs: New machines are available, increasing the total number to 75. Moreover, almost all the previous targets have been updated with new operating systems and exploitation vectors. The shared networks now also contain Active Directory with different configurations.
Walkthrough: The previous version of PWK has a theoretical network to demonstrate a full penetration testing scenario. In the update, we’ve developed a hands-on mini-network in which the student will be able to reproduce the steps provided with a book and video walk-through.
Extra exercises: Get more practice with the new exercises under Extra Miles.
What's updated for 2020?
The entire course has been updated. The most notable updates are included below.
Modules Practical Tools: Added PowerShell and PowerCat.
Passive Information Gathering: We cover more OSINT, as well as using Shodan and Pastebin.
Privilege Escalation: We added content on local information gathering techniques, enumerating firewall rules, as well as bypassing UAC and several privilege escalation examples on Windows and Linux.
Client Side Attacks: Learn more about HTA attacks, Microsoft Word macros, object linking and DDE embedding.
Web Application Attacks: A deeper dive on traditional web attack vectors, including exploiting admin consoles, XSS, directory traversal vulnerabilities, SQL injections and more.
Password Attacks: Expanded material for online, offline and in-memory based password attacks.
Port Redirection and Tunneling: New and expanded exercises on tunneling, pivoting, and port redirection. Students will now be able to practice these techniques using their three dedicated virtual machines, before applying their new-found knowledge in the shared labs.
Metasploit: Increased coverage on the Metasploit framework. Covering auxiliary modules, exploits, payloads, scanners, meterpreter, post-exploitation, automation, and more!
Other Labs: Targets have been updated, so if you need more practice on fresh exercises, we recommend giving these a try.2 jaren geleden