#INTRORED: Intro to pentesting (Part I)

Penetration testing (pentesting) is more than just capturing a flag or ‘popping’ a shell. While technical skills are crucial, they alone don’t guarantee a successful pentest.

In this course, you’ll gain a thorough understanding of what penetration testing involves and how it’s conducted in a professional setting. We’ll cover all key components, from the initial planning and preparation stages, through the technical execution, to the final client report and delivery.

Why you should attend

If you’re looking to start a career in penetration testing, this course will provide the foundation you need. You’ll gain comprehensive knowledge across all areas of pentesting and see how real-world tests are conducted professionally.

Even if you come from a Capture the Flag (CTF) background, you’ll benefit by learning how to apply your skills in a structured, client-focused environment, helping you understand how the different aspects of pentesting come together in professional settings.

What you will learn

  • Prerequisites for becoming a pentester
  • What is a pentest?
  • Pentest phases
  • Tools
  • Build your workflow

Who is it for

This course is intended for juniors looking to enter the world of professional penetration testing.

While prior knowledge of HTTP is beneficial, it’s not required, making the course accessible to beginners and those seeking to enhance their skills.

Other information & prerequisites

Laptops are mandatory for a portion of the course. An up-to-date VM with Kali Linux will also be needed. The rest of the needed configs will be made in class.

#INTRORED: Initial intrusion - a deep dive in infecting and achieving persistence (Part II)

The course offers a detailed approach to how infection chains are created and triggered in real-world environments.

Participants will learn about various attack triggering methods, such as batch files, link files, Word macros, and AMSI bypass techniques. They will also explore advanced payload types, including DLL Sideloading and ClickOnce projects.

Why you should attend

This course is essential for anyone who wants to understand infection chains and advanced payload delivery methods in detail. 

Participants will gain practical skills in identifying and exploiting vulnerabilities through a variety of modern techniques, such as Office macros, DLL Sideloading, and HTML Smuggling.

What you will learn

– Introduction & motivation

– Infection chain explained

– Triggers:

  • Batch
  • Link (Shell LNK)
  • CHTML
  • HTA
  • GadgetToJScript (+ AMSI Bypass vis WScript.exe rename)
  • Microsoft Saved Console
  • Word Macro (+ one real world example for infecting HR)

– Payloads

  • DLL Sideloading
  • .NET Startup Hooks
  • Installer Project
  • ClickOnce VS Project
  • Excel XLAM

– Containers

  • Theory
  • Pack My Payload

– Delivery

  • HTML Smuggling
  • SVG Smuggling
  • EvilGINX

Who is it for

  • Pentesters
  • Red team operators
  • Blue teamers
  • Technical individuals passionate about offensive security

Other information & prerequisites

Participants must bring their own laptop, and the following should be installed:

  • Git
  • Visual Studio – Community Edition with support for applications written in C# and C++
  • Obsidian
  • Language: ROMANIAN or ENGLISH
  • Duration: 8 hours
  • Minimum students: 8
  • Date: November 25th
  • Venue: To be announced
  • Price:
    • Before October 28th: 170 EURO
    • After October 28th: 200 EURO

About the trainer

ALIN CIOCOIU

Freelance Security Engineer

Alin is a Security Engineer and freelance pentester with a strong focus on implementing secure practices within development teams. He is experienced in applying SSDLC (Secure Software Development Lifecycle) in practice, helping organizations enhance their security posture through thorough testing and secure development methodologies.

FAQs

Q: What happens if there aren’t enough participants?
A: If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

Q: Are food and accommodation included in the price?
A:
The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.

Q: Can I get a refund if I can’t attend after registering?
A:
Yes, full refunds are available up to 20 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

Q: How and when will I receive the details about the location and prerequisites?
A:
You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.