Penetration Testing for Systems and Network Admins The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to: 1. Perform a comprehensive penetration test against Active Directory environments. 2. Spot a bad penetration test. We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.

Class Schedule:
Day 1:
    - What does a good pen test look like?
    - Pre-assessment activities
    - Passive and active information gathering
    - Vulnerability analysis in an Active Directory environment
    - Exploitation
Day 2
    - Post exploitation
    - Lateral movement
    - Domain privilege escalation
    - Reporting

Instructor BIO:

Qasim “Q” Ijaz is a Director of Offensive Security at Blue Bastion Security. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “dry” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics.

Byron Roosa is a Senior Security Consultant at Blue Bastion Security. He has spent the last five years performing a wide variety of application and network security assessments for clients ranging from small startups to cabinet-level federal agencies. Byron’s particular areas of interest include web application security testing and design, dynamic and static malware analysis, and embedded systems development.