Penetration Testing for Systems and Network Admins The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to: 1. Perform a comprehensive penetration test against Active Directory environments. 2. Spot a bad penetration test. We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.

Class Schedule: Day 1: - What does a good pen test look like? - Pre-assessment activities - Passive and active information gathering - Vulnerability analysis in an Active Directory environment - Exploitation Day 2 - Post exploitation - Lateral movement - Domain privilege escalation - Reporting

Instructor BIO:

Jake Nelson is a Senior Security Consultant at Blue Bastion Security. He comes from Linux and Unix administration background. Jake has worked in a variety of industries and has been pentesting for the last 3 years. Teaching students has been a favorite part of his previous jobs and that has resulted in helping to teach clients how to better secure their networks.

Byron Roosa is a Senior Security Consultant at Blue Bastion Security. He has spent the last five years performing a wide variety of application and network security assessments for clients ranging from small startups to cabinet-level federal agencies. Byron’s particular areas of interest include web application security testing and design, dynamic and static malware analysis, and embedded systems development.