#INTRORED: Intro to pentesting (Part I)
Penetration testing (or pentesting) is a comprehensive and methodical process, far beyond the typical “capture the flag” exercises. While having strong technical abilities is important, they must be paired with strategic planning, professional execution, and effective communication to conduct a successful pentest.
This course will walk you through each stage of a professional penetration test, from planning and scoping to hands-on execution and crafting a report that delivers value to the client. You’ll learn how to combine technical skills with strategic thinking, equipping you to perform thorough and impactful security assessments.
Why you should attend
If you’re aspiring to launch a career in penetration testing, this course will give you the essential foundation needed to succeed. You’ll gain an understanding of the entire pentesting lifecycle, from pre-engagement tasks to final report delivery.
Even if you have experience in Capture the Flag (CTF) challenges, you’ll benefit from this course by learning how to transition your skills to real-world, client-focused scenarios. You’ll discover how to apply your technical abilities within a structured framework, understanding the importance of each step in a pentest engagement.
What you will learn
Participants will receive comprehensive training in key areas of penetration testing, including:
- Prerequisites for Becoming a Pentester:
- The skills and knowledge you need to get started in the field, including networking basics, system administration, and programming fundamentals.
- Guidance on building a strong foundation to succeed as a pentester.
- What is a Pentest?:
- An introduction to the principles and objectives of penetration testing.
- Understanding the differences between pentesting and other security assessments, such as vulnerability assessments.
- Pentest Phases:
- Detailed coverage of each phase of a professional pentest, including:
- Planning and Reconnaissance: Setting clear objectives, understanding the target, and gathering initial intelligence.
- Scanning and Enumeration: Identifying entry points and gathering information about the systems.
- Exploitation: Using technical skills to gain access, demonstrating vulnerabilities effectively.
- Post-Exploitation and Persistence: Understanding what actions to take once inside a network and how attackers establish long-term presence.
- Reporting and Remediation: Crafting a clear and actionable report for clients, outlining vulnerabilities, impacts, and recommended fixes.
- Detailed coverage of each phase of a professional pentest, including:
- Tools of the Trade:
- An overview of popular tools and frameworks used in pentesting, including Nmap, Burp Suite, Metasploit, and others.
- Hands-on demonstrations and guidance on how to use these tools effectively.
- Building Your Workflow:
- Learn how to develop an efficient and repeatable workflow for different engagement types.
- Practical advice on organizing your tests, documenting your findings, and maximizing efficiency during engagements.
Who is it for
This course is intended for juniors looking to enter the world of professional penetration testing.
While prior knowledge of HTTP is beneficial, it’s not required, making the course accessible to beginners and those seeking to enhance their skills.
Other information & prerequisites
Laptops are mandatory for a portion of the course. An up-to-date VM with Kali Linux will also be needed. The rest of the needed configs will be made in class.
#INTRORED: Initial intrusion - a deep dive in infecting and achieving persistence (Part II)
The course offers a detailed approach to how infection chains are created and triggered in real-world environments.
Participants will learn about various attack triggering methods, such as batch files, link files, Word macros, and AMSI bypass techniques. They will also explore advanced payload types, including DLL Sideloading and ClickOnce projects.
Why you should attend
This course is essential for anyone who wants to understand infection chains and advanced payload delivery methods in detail.
Participants will gain practical skills in identifying and exploiting vulnerabilities through a variety of modern techniques, such as Office macros, DLL Sideloading, and HTML Smuggling.
What you will learn
– Introduction & motivation
– Infection chain explained
– Triggers:
- Batch
- Link (Shell LNK)
- CHTML
- HTA
- GadgetToJScript (+ AMSI Bypass vis WScript.exe rename)
- Microsoft Saved Console
- Word Macro (+ one real world example for infecting HR)
– Payloads
- DLL Sideloading
- .NET Startup Hooks
- Installer Project
- ClickOnce VS Project
- Excel XLAM
– Containers
- Theory
- Pack My Payload
– Delivery
- HTML Smuggling
- SVG Smuggling
- EvilGINX
Who is it for
- Pentesters
- Red team operators
- Blue teamers
- Technical individuals passionate about offensive security
Other information & prerequisites
Participants must bring their own laptop, and the following should be installed:
- Git
- Visual Studio – Community Edition with support for applications written in C# and C++
- Obsidian
- Language: ROMANIAN or ENGLISH
- Duration: 8 hours
- Minimum students: 8
- Date: November 25th
- Venue: To be announced
- Price:
- Before October 28th: 170 EURO
- After October 28th: 200 EURO
About the trainer
ALIN CIOCOIU
Freelance Security Engineer
Alin is a Security Engineer and freelance pentester with a strong focus on implementing secure practices within development teams. He is experienced in applying SSDLC (Secure Software Development Lifecycle) in practice, helping organizations enhance their security posture through thorough testing and secure development methodologies.
FAQs
Q: What happens if there aren’t enough participants?
A: If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.
Q: Are food and accommodation included in the price?
A: The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.
Q: Can I get a refund if I can’t attend after registering?
A: Yes, full refunds are available up to 20 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.
Q: How and when will I receive the details about the location and prerequisites?
A: You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.