Null offensive hacking hands-on training.
Proposed sessions for this event:
- Post Exploitation with PowerShell Empire (Getting started) by Riyaz Walikar
Post Exploitation with PowerShell Empire (Getting started)
Registrations open on April 2nd at 06:00 AM and registrations close on April 4th 08:00 PM
The following 2 steps complete your registration. Both steps need to be completed.
1. Click on the Register button on this site and confirming registration on the next page
2. Answer the questions on this Google form. The champion will select a pre-determined number of participants based on the responses to the questions
Only the final selected participants will be sent a confirmation email with the venue details. This email will be sent by Thursday April 5th 8:00 PM. The selected participants are expected to complete all of the pre-requisites as mentioned below:
After registration, if you realise you cannot make it to the session, please un-register yourself using the "Cancel Registration" button so that your seat can be given to someone else.
Please read the following instructions carefully. This will enable us to have a smooth, hassle free session.
- Date of the event: 7th April 2018, Saturday
- Timings: 9:30 AM - 6:00 PM
- Registrations open: 2nd April 6:00 AM, Monday
- Registrations close: 4th April 8:00 PM, Wednesday
- Emails to selected participants will be sent by: 5th April, 8:00 PM, Thursday
- Venue: Location will be shared with the selected participants via email
This will be a completely hands on session on getting started with Post Exploitation of Windows environments using PowerShell Empire. We will begin by compromising a Windows developer machine using a web exploit and then moving on to doing system and post exploitation using Empire.
At a bare minimum, the following topics will be covered:
- Setting up a vulnerable lab to practice Empire
- Setting up a simple vulnerable Windows domain environment
- Empire console
- Listeners, Stagers, Agents and Modules
- Mimikatz (Creds and Kerberos Golden Ticket)
- Situational Awareness
- Privilege Escalation
- Lateral Movement
- Possible DC compromise and credential dumping from NTDS
Hardware Pre-requisites (Mandatory)
- A system capable of running Virtual Box. You can use VMWare but the champion will not troubleshoot any issues.
- Atleast 8 GB of RAM
- Atleast 30 GB of free space on any drive
Software Pre-requisites and configurations (Mandatory)
The following pre-requisites are mandatory. The class cannot start without this being completed.
- VirtualBox (Any version higher than 5.2.7). Please install this and come before the session. VMWare will not be supported.
- Kali Linux installed as a Virtual Box VM. 64 or 32 bit. You can download the virtual box pre-created image directly from (https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/) or setup a new machine using the ISO.
- Install PowerShell Empire in the Kali VM (https://github.com/EmpireProject/Empire/wiki/Quickstart)
- Windows 10 Enterprise installed as a Virtual Machine (https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise)
- Windows Server 2016 as a Virtual Machine (https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016)
- Download and install XAMPP on the Windows 10 Enterprise Virtual machine (https://www.apachefriends.org/xampp-files/5.6.34/xampp-win32-5.6.34-0-VC11-installer.exe)
- Download the latest version of WordPress (https://wordpress.org/download/) and move it to the Windows 10 Enterprise VM. Do not install it. Just download the zip file.
Virtual Machines Network configurations (Mandatory)
Set the following IP addresses to the virtual machines and ensure they are able to ping each other. The network interface type would be "Host Only Adapter" in VirtualBox.
- Host laptop/desktop - 192.168.56.1
- Kali Linux - 192.168.56.10
- Windows 10 Enterprise - 192.168.56.20
- Windows Server 2016 - 192.168.56.100
Reading up before the class
- Empire Documentation (http://www.powershellempire.com/)
|Date||Saturday April 07 2018|
|Event Type||Invite Only|
|Start Time||09:30 AM|
|End Time||06:00 PM|
|Name||Speaker||Start Time||End Time||Resources|
|Post Exploitation with PowerShell Empire (Getting started)||Riyaz Walikar||09:30 AM||06:00 PM|