Offensive Operations and OSINT Course

With today’s cyber threat landscape constantly evolving, there is greater need than ever for classically trained Offensive Cybersecurity professionals. Employers, from small business to a Fortune 50 company to the federal government, have a negative number of cybersecurity jobs that need to be filled.

Offensive cybersecurity is a critical way to protect and defend an organization of any size. One measure of a displayed level of competency in offensive security is the certification known as the Offensive Security Certified Professional (OSCP). The OSCP exam tests your ability to compromise a series of target machines using multiple exploitation steps and produce detailed penetration test reports for each attack. It is the most highly sought-after certification by employers.

In partnership with Immaculata University, Fortalice Solutions, a world-class cybersecurity services firm, has developed a specialized program to train the next generation of offensive cybersecurity professionals. This program allows college graduates of two- or four-year degrees to study for and earn their OSCP as part of their required courses. Those already in the field or making a career change could also become certified through this program.

As a complement to the above course, Fortalice will also offer a course in Open-Source Intelligence (OSINT). Every cybersecurity team needs some expertise in OSINT gathering to complement their cybersecurity roadmap. There is a lack of understanding that perceives OSINT as “deep Google searches.” In fact, OSINT is a fundamental component of offensive security engagements and complex discipline. OSINT skillsets can often lead to assisting in law enforcement cases and proactive prevention work, support in identifying money laundering activities, threat hunting, exposing fraud, background checks and supporting corporate communications with tracking social media sentiment and reputational risk.

After completing the Offensive Cybersecurity course, students can:

• Take the pre-requisite Penetration Testing with Kali (PWK) course
• Prepare for the OSCP exam
• Act as an adversary and bypass various challenges
• Leverage the MITRE ATT&CK® framework, know how to design, define, and ensure all team members follow rules of engagement to ensure a safe and ethical operation
• Exfiltrate data from networks while avoiding being blocked or detected
• Learn key points to communicate in a verbal and written out briefs

Enhance Your Offensive Cybersecurity Technical Fundamentals with Core Elements:

• Linux and Windows Environments, Key Commands, Privilege Escalation
• Basic Bash and Python scripting
• Knowledge of how to execute web application attacks and how to bypass security filters
• User Impersonation – Dealing with Clear Text and Hashed Passwords
• File Share Enumeration
• Gain Familiarity with: Metasploit Framework, Nmap, Netcat, and Wireshark
• Moving / Zipping / Transferring Files

After completing the OSINT course, students can:

• Set up an investigation for a company, government organization, or Law Enforcement Agency
• Understand the rules of engagement and ethics for conducting an OSINT investigation
• Learn the criminal mindset, including how they cover their tracks, choose their victims, and the tactics, tools, and procedures they use to exploit anything while avoiding being caught
• Collect information that is critical to the case and avoid analysis paralysis or falling into irrelevant OSINT traps
• Design and manage “puppet” accounts (anonymous identities) to conduct online investigative research and data collection
• Collect, collate, and evaluate data from high-value, trustworthy data sources
• Map out a plan to search the open web, deep web, and dark web

Enhance Your OSINT Technical Fundamentals with Core Elements:

• Gain familiarity with link analysis and using Maltego
• Set up infrastructure to technically anonymize your organization’s and your investigation’s tracks
• Experience hands-on use of tools such as SpiderFoot, Torch (TorSearch), DarkSearch.io, Dark.fail, Recon-ng, theHarvester, Shodan, Creepy, DNSdumpster, TinEye, the Wayback Machine, CipherTrace, PhishTank, HoneyDB, and Metagoofil
• Learn how to design the rules of engagement for an investigation without putting your organization, your employer, or the customer at risk

Offensive Cybersecurity Operations

Offensive Cybersecurity professionals leverage a combination of offensive approaches when targeting a network’s critical systems, data, and processes. The techniques chosen for each engagement are representative of goals of an engagement. This course exposes participants to the skills needed to perform traditional penetration tests by establishing the ability to detect, analyze, validate, and exploit vulnerabilities across each phase of the attack lifecycle while building a comprehensive list of potential risks. These skillsets provide excellent means of identifying gaps in the security infrastructure of maturing security programs.

Participants will use the latest tools, techniques, and procedures (TTPs) to succeed in exploiting vulnerabilities and evading modern antivirus systems. Tools and tactics include publicly available techniques and the methodology to customize tools to achieve specific objectives. While each threat is different, there are several common phases of an attack lifecycle. Participants will learn to evaluate and utilize each phase to identify and evaluate a range of approaches to take within each stage of an attack.

Initial Recon

This phase includes open-source intelligence and external vulnerability assessment approaches to identify all data and vulnerabilities that would be available to a potential attacker.

Open-Source Intelligence Collection (OSINT)

The most important phase of the attack lifecycle is understanding the target. Participants will leverage a variety of publicly available sources to develop an “OSINT Profile” for a target organization, as well as each individual target.

The strategic goal will be to help participants identify an entity’s public presence from an attacker’s perspective including who within the organization would be a compelling target for an advanced persistent threat. By understanding the “OSINT Profile,” participants can design better processes and procedures to utilize this information to gain initial access to an organization through social engineering and exploitation.

Perimeter Inventory and Vulnerability Identification

This phase focuses on enumerating all externally available websites, services, and servers comprising the network perimeter. Participants will employ automated and manual techniques to identify “low-hanging fruit” vulnerabilities and will write detailed deliverables on which hosts may be vulnerable to compromise.

Initial Access

Participants will review the OSINT profile developed in the Initial Recon phase to start vectoring attacks from the gathered information. This could include vulnerabilities associated with web applications (SQL Injection), password guessing attacks against exposed remote access services (VPN, RDP, webmail, ssh, etc.), or outright exploit of vulnerable or outdated services.

Establish Foothold

At this stage, an entry into the network is established. This involves execution of remote administrative software, or of an agent on the victim’s systems, which allows an attacker to maintain a foothold. Often these remote agents are executed in-memory to eliminate any on-disk operations just as today’s adversaries would behave. Participants will gain access and control one or more computers or servers within the target environment.

Participants will work to identify viable methods to establish persistent access and maintain this access to understand how an operation would continue in the event of disruption. The current user’s privilege level will be evaluated along with initial reconnaissance of the local network to identify any options for initial lateral movement at the user level that will prevent loss of network access. This process is highly dependent upon the environment, and level of privilege of the initial access.

Participants will learn to document all actions taken during an engagement, collect logs of all activities performed, and learn to provide all relevant log data and raw data logs from tools used as a deliverable.

Penetration Testing Tool Kit

Participants will learn the Kali Linux platform for the purposes of penetration tests against sophisticated critical infrastructure entities. Of those tools included with Kali Linux, participants will gain the most familiarity with:

• Metasploit
• Mimikatz
• Burp Suite Professional
• stunnel
• Responder
• Hydra
• Kismet
• NBTScan
• Hashcat
• Netcat
• theHarvester
• sqlmap
• Nikto
• Wireshark
• BeEF

In addition to the Kali Linux tools, participants will also utilize additional commercial and open-source tools and reconnaissance techniques throughout the course.