null Bangalore Humla 07 April 2018 Post Exploitation with PowerShell Empire (Getting started) Register

Saturday April 07 2018 09:30 AM Humla Bangalore

Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Post Exploitation with PowerShell Empire (Getting started) by Riyaz Walikar
Note: The session details including schedule are available below.

Post Exploitation with PowerShell Empire (Getting started)

Registrations open on April 2nd at 06:00 AM and registrations close on April 4th 08:00 PM

The following 2 steps complete your registration. Both steps need to be completed.
1. Click on the Register button on this site and confirming registration on the next page
2. Answer the questions on this Google form. The champion will select a pre-determined number of participants based on the responses to the questions
https://goo.gl/WXw6xD


Only the final selected participants will be sent a confirmation email with the venue details. This email will be sent by Thursday April 5th 8:00 PM. The selected participants are expected to complete all of the pre-requisites as mentioned below:

After registration, if you realise you cannot make it to the session, please un-register yourself using the "Cancel Registration" button so that your seat can be given to someone else.

Please read the following instructions carefully. This will enable us to have a smooth, hassle free session.

Important Dates:

  • Date of the event: 7th April 2018, Saturday
  • Timings: 9:30 AM - 6:00 PM
  • Registrations open: 2nd April 6:00 AM, Monday
  • Registrations close: 4th April 8:00 PM, Wednesday
  • Emails to selected participants will be sent by: 5th April, 8:00 PM, Thursday
  • Venue: Location will be shared with the selected participants via email

Introduction:

This will be a completely hands on session on getting started with Post Exploitation of Windows environments using PowerShell Empire. We will begin by compromising a Windows developer machine using a web exploit and then moving on to doing system and post exploitation using Empire.

At a bare minimum, the following topics will be covered:

  1. Setting up a vulnerable lab to practice Empire
  2. Setting up a simple vulnerable Windows domain environment
  3. Empire console
  4. Listeners, Stagers, Agents and Modules
  5. Mimikatz (Creds and Kerberos Golden Ticket)
  6. Situational Awareness
  7. Privilege Escalation
  8. Collection
  9. Lateral Movement
  10. Possible DC compromise and credential dumping from NTDS

Hardware Pre-requisites (Mandatory)

  • A system capable of running Virtual Box. You can use VMWare but the champion will not troubleshoot any issues.
  • Atleast 8 GB of RAM
  • Atleast 30 GB of free space on any drive

Software Pre-requisites and configurations (Mandatory)

The following pre-requisites are mandatory. The class cannot start without this being completed.

  • VirtualBox (Any version higher than 5.2.7). Please install this and come before the session. VMWare will not be supported.
  • Kali Linux installed as a Virtual Box VM. 64 or 32 bit. You can download the virtual box pre-created image directly from (https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/) or setup a new machine using the ISO.
  • Install PowerShell Empire in the Kali VM (https://github.com/EmpireProject/Empire/wiki/Quickstart)
  • Windows 10 Enterprise installed as a Virtual Machine (https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise)
  • Windows Server 2016 as a Virtual Machine (https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016)
  • Download and install XAMPP on the Windows 10 Enterprise Virtual machine (https://www.apachefriends.org/xampp-files/5.6.34/xampp-win32-5.6.34-0-VC11-installer.exe)
  • Download the latest version of WordPress (https://wordpress.org/download/) and move it to the Windows 10 Enterprise VM. Do not install it. Just download the zip file.

Virtual Machines Network configurations (Mandatory)

Set the following IP addresses to the virtual machines and ensure they are able to ping each other. The network interface type would be "Host Only Adapter" in VirtualBox.

  • Host laptop/desktop - 192.168.56.1
  • Kali Linux - 192.168.56.10
  • Windows 10 Enterprise - 192.168.56.20
  • Windows Server 2016 - 192.168.56.100

Reading up before the class

  • Empire Documentation (http://www.powershellempire.com/)
Date Saturday April 07 2018
Chapter Bangalore
Registrations 63
Max Registrations Unlimited
Event Type Invite Only
Start Time 09:30 AM
End Time 06:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
Post Exploitation with PowerShell Empire (Getting started) Riyaz Walikar 09:30 AM 06:00 PM

Venue

This is an invite only event. If you are selected you will receive further information via e-mail.