April 19th, 2018
Hackers penetrate enterprise networks in the flash of an eye, ravage endpoints for sensitive data, and
silently exfiltrate the keys to your kingdom without ever popping an alert. Dark Side Ops: Custom
Penetration Testing enables participants to “break through” to the next level by removing their
dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom
tool development designed specifically for the target environment. Participants are provided with
hands-on experience into the black hat techniques currently used by hackers to bypass network-based
enterprise intrusion detection and prevention systems (IDS/IPS), layer 7 web proxies, and data loss
prevention (DLP) solutions. The custom approach doesn’t stop there. Participants learn advanced
evasion techniques of corporate host-based countermeasures including antivirus and application
whitelisting solutions by developing, compiling, and deploying custom backdoors, payloads, and
persistence deep into protected enterprise networks.
At the end of this course students will be able to:
• Build custom payload droppers, beaconing backdoors, and interactive shells.
• Conduct highly targeted and sophisticated custom client-side and social engineering attacks.
• Escalate workstation and network privileges without an exploit.
• Bypass defensive host and network countermeasures such as anti-virus applications, firewalls,
IDS, IPS, SIEMs, and strict egress filtering.
• Establish custom, stealthy persistence in a target network.
• Exfiltrate data from a target networks using custom applications and network monitoring
• Compile and deploy an advanced, custom HTTP beaconing payload developed internally by the
trainers and used regularly on engagements to effectively infiltrate company networks.
Participants will receive source code to a variety of offensive tools, including custom shells, backdoors,
C2 listening posts, and social engineering exploitation techniques. To reinforce the knowledge provided
through instruction, participants will have realistic lab projects throughout the day, where the coding
skills, custom payload delivery, and advanced pivoting techniques from course instruction will all be
|Lab 0||Introduction||Review course topics|
|Lab 1||Throwback||Learn about stage 1 malware||Build and deploy Throwback|
|Lab 2||Client Side Exploitation||Client-side exploitation techniques||Build custom payloads|
|Lab 3||Windows API||Windows API abuse and bypasses||Build and inject a reflective DLL|
|Lab 4||Slingshot (RAT)||Learn about reflective DLL injection||Build Slingshot and convert to a reflective DLL|
|Lab 5||Post-exploitation hashdump module||Learn about post-exploitation techniques||Add hashdump module to Slingshot|
|Lab 6||Post-exploitation Mimikatz module||Learn about post-exploitation techniques||Add Mimikatz module to Slingshot|
|Lab 7||Covert operations||Learn about covert infrastructure and operational security||Configure SOHO IP tables as redirector|
|Lab 8||Evading antivirus||Learn how to evade antivirus||Build dynamic APIs and in-memory PE loader|
|Lab 9||Windows persistence||Learn about persistence stealthy techniques||Identify a DLL hijacking vulnerability for persistence|
|Lab 10||In-memory Powershell||Learn about Powershell execution techniques||Run Powershell completely in-memory|
|Lab 11||Advanced Windows pivoting||Learn about named pipes and other pivoting techniques||Compile and execute SlingshotSMB|
|Lab 12||In-memory keylogger||Learn Windows API keylogging techniques||Implement a keylogger into Slingshot|
|Lab 13||Privilege escalation||Learn about privilege escalation techniques||Escalate privileges using DllHijacker|
|Bonus module||Screen-grabber||Learn addition post-exploitation tools||Take a screenshot through Slingshot|