- This event has passed.
MWR Playground Labs
March 27 @ 9:00 AM - 5:00 PM
Trainer: Cale Black
MWR will be giving participants access to their cloud-based training labs: The Playground. These challenges will help equip security professionals (both defensive and offensive) with the expertise to defend their network and applications by better understanding how they are attacked and exploited.
The two Playground challenges are listed below.
Active Directory Hacking:
This lab will walk you through a full compromise of an Active Directory environment. This will involve utilizing the following skills:
- Delivery and execution of payloads via phishing emails, using metasploit, Powershell Empire and Cobalt Strike
- Persistence, privilege escalation and pivoting within the environment
- Enumeration of Active Directory environments (PowerView, Bloodhound, ADOffline)
- Exploitation of Group Policy Preferences (GPP)
- SPN and Kerberoasting
- Mimikatz / incognito
- Windows password cracking
Web App SQL Injection:
This lab will teach you some of the basics of web app exploitation. Most notably you will:
- Identify a SQL injection vulnerability
- Exploit the vulnerability to exfiltrate customer data
- Exploit a vulnerability to exfiltrate files from disk
- Upload a webshell to the server to gain RCE (Remote Code Execution)
More information can be found at: https://bsidesaustin.com/bsides-austin-2019-training-days/