Scribd
Upload
7 views

CTF 2023

CTF 2023 is a training program designed to prepare individuals for global certifications like OSCP through practical challenges in information security. The curriculum covers various topics including network and web exploitation, privilege escalation, and active directory attacks, catering to both beginners and experienced professionals. The course includes hands-on experience with Capture The Flag competitions to enhance practical knowledge of real-world security issues.

Uploaded by

maria pacheco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

CTF 2023

CTF 2023 is a training program designed to prepare individuals for global certifications like OSCP through practical challenges in information security. The curriculum covers various topics including network and web exploitation, privilege escalation, and active directory attacks, catering to both beginners and experienced professionals. The course includes hands-on experience with Capture The Flag competitions to enhance practical knowledge of real-world security issues.

Uploaded by

maria pacheco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

CTF

2023

ITS TIME FOR OSCP


Training and Services
ABOUT COURSE

CTF is the latest edition of our training which provides the most
advanced modules that connect to the real infrastructures in the
organizations and also assist students/professionals to prepare for
global certifications such as OSCP. This curriculum has been
designed in such a manner that it accommodates both freshers and
specialists and provides them with the necessary training w.r.t
their skills.
Capture the Flag is an information security competition that is an
amalgamation of various challenges that applies concepts like
Reverse engineering, Web Applications, Binary, Network,
Cryptography, Forensics, etc. Each challenge holds a certain
number of points based on its difficulty level. The idea behind
these CTFs is to provide an individual with practical knowledge of
the different kinds of attacks and issues in the real world.
Privilege
NETWORK WEB
Escalation

Linux
AGENDA Windows

Active Directory Exploitation

Who needs CTF Learning?


If the candidate wants to achieve accreditation such as CREST,
OSCP, etc then needs to solve CTFs that which is based on real-time
scenarios. This course will focus on core concepts that will the
candidate the tricks and techniques to solve the challenge.
ROADMAP
1 2 3 4 5

Stage 1 Stage 2 Stage 3 Stage 4 Stage 5

Basic of Basic of Linux Ethical Hacking Web Network


Network & & Windows Tools & Tactics Application Pentesting
Web Exploitation

9 8 7 6

Stage 12 Stage 11 Stage 10 Stage 9

Technical Active Windows


Linux Privilege
Report Writing Directory Privilege
Escalation
Exploitation Escalation

10 11 12 13

Stage 13 Stage 14 Stage 15 Stage 16

Solve CTFs- Solve CTFs- Solve CTFs- Bonus Labs


Easy Medium High
Course Introduction SECTION -A
Objective: This module will define the OSCP Guidelines and the holistic approach to be followed
for OSCP preparation.
• About the OSCP exam pattern
• Points breakouts of the Exam machines
• Exam Preparation methodologies
• Introduction to Note keeping tools
• Introduction to Note and Chee sheet keeping methodologies
• Information about the Exam and Lab Guidelines

Network Enumeration

Objective: This module will focus on the enumeration of TCP and UDP services to identify the
loopholes and sensitive information to proceed for the Initial foothold.
• FTP
• SMB Pentesting
• NFS Pentesting
• LDAP
• SNMP

Tools: Nmap & Scripts, Metasploit, Enum4linux, Ldapsearch, Smbclient, Snmpwalk

Web Application Attacks

Objective: This module will focus on web application exploitation by injecting payloads and
establishing initial footholds.
• Web Application Assessment Tools
• Web Application Enumeration
• Web Shells and One-liner payloads
• Directory Traversal
• File Inclusion Vulnerabilities
• File Upload Vulnerabilities
• Command Injection
• SQL Injection-Manual

Tools: Whatweb, Nikto, Burp Suite, Dirb, Gobuster, ffuf, netcat, Revshell
Windows Exploitation & Privilege Escalation

Objective: This module will focus on the basic utilities and, dangerous permission,
exploitation and privilege escalation.
• Windows Powershell
• Windows file transfer
• Windows Basic commands
• MS Office Macros Exploit
• Windows Reverse shell & one-linear payloads
• Post Enumeration
• Unquoted Path
• Always Install Elevated
• Scheduled Tasks
• Kernel exploit

Tools: Powershell scripts, Msfvenom, Revshell, Winpeas, Macropack, Impacket-


Smbshare,

Password Attack

Objective: This module will focus on the password attack technique and tools for remote
login services.
• Attacking Network Services Logins (Hydra, Crackmapexec)
• Password Cracking Fundamentals (Crackstation, John, Hashcat)
• Access the Services (SSH, SMB, RDP, FTP)

Tools: Hydra, Crackmapexec, Crackstation, John, Hashcat

Hunting Public Exploit


Objective: This module will focus on how to hunt for the exploit for vulnerable software
packets in online and offline modes.
• Offline Exploit Resources
• Online Exploit Resources

Tools: Exploit-DB, Packetstromsecurity, Github, Searchsploit, Nmap-NSE Script


Linux Privilege Escalation Port forwarding & Tunneling

Objective: This module will focus on the Objective: The module is very
basic utilities and, dangerous permission, important with respect to OSCP and
exploitation and privilege escalation. majorly part of insane labs where the
• Fundamentals of Linux pentester need to perform lateral
• Understanding Files and Users Privileges movement and try to connect the
on Linux
machine to the different network
• Manual Enumeration
through port forwarding and
• Abusing Cron Jobs
pivoting.
• Abusing Password Authentication
• SSH RSA Key Authentication
• Port forwarding from Linux to
• Linux Privilege Escalation Windows.
• Automated Post Enumeration • Port forwarding from Windows to
• Abusing Setuid Binaries Linux
• Abusing Sudo • Port forwarding Linux to Linux
• Exploiting Kernel Vulnerabilities • Tunneling: Local, Remote and
dynamic
Tools: Netcat, Revshell, SSH-keygen,
Gtfobin, OpenSSL, Linpeas Tools: Proxychain, Chisel, SSH
SECTION -B
Active Directory
Objective: The module is very important with respect to OSCP, in this section the
trainer will focus on Active Directory Enumeration, Exploitation, Post Exploitation,
Credential Dumping, and Lateral Movement.

Active Directory Introduction and Enumeration

Active Directory - Manual Enumeration


Manual Enumeration - Expanding our Repertoire
Active Directory - Automated Enumeration

Attacking Active Directory Authentication


Enumeration
Kerberos
Pass the Hash-RDP
Privilege Escalation

Lateral Movement in Active Directory


Crackmapexec
EvilWinrm
Impacket-Library

Tools: Mimikatz, Evil-winrm, Crackmapexec, Impacket, Remmina, Rubeus,


Powerview, Ad Recon, Bloodhound and etc.
SECTION -C
Capture The Flags

Objective: The aim of the training is to explain how to solve vulnerable boxes by
compromising vulnerabilities related to the Web, Networks, Cryptography, and
Privilege Escalation of Windows and Linux OS and get the privilege of the
administrator/root user account.
• Easy CTF Linux / Windows.
• Medium CTF Linux / Windows.
•Hard CTF Linux / Windows.

Platform: Hack The Box , Vulnhub, Try Hack Me


CONTACT US
PHONE
+91-9599387841 | +91-7805803296

WHATSAPP
https://wa.me/message/HIOPPNENLOX6F1

EMAIL ADDRESS
info@ignitetechnologies.in

WEBSITE
www.ignitetechnologies.in

BLOG
www.hackingarticles.in

LINKEDIN
https://www.linkedin.com/company/hackingarticles/

TWITTER
https://twitter.com/hackinarticles

GITHUB
https://github.com/Ignitetechnologies

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy