CSEC 670: Advanced Penetration Testing and Cyberwarfare

Advanced Penetration Testing is a hands-on course that focuses on attacking and defending highly secured environments such as agencies, financial organizations, federal organizations, and large companies. The Advanced Penetration Testing course teaches the cyber-attack lifecycle from the perspective of an adversary. Advanced Penetration Testing is designed as a logical progression point for those who have completed Penetration Testing or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real-world attacks used by the most seasoned penetration testers. The methodology of a given attack is discussed, followed by exercises in a hands-on lab to consolidate advanced concepts and facilitate the immediate application of techniques in the workplace. A sample of topics covered includes weaponizing Python for penetration testers, attacks against network access control (NAC) and virtual local area network (VLAN) manipulation, network device exploitation, breaking out of Linux and Windows restricted environments, IPv6, Linux privilege escalation and exploit-writing, testing cryptographic implementations, fuzzing, defeating modern OS controls such as address space layout randomization (ASLR) and data execution prevention (DEP), return-oriented programming (ROP), Windows exploit-writing, and much more!