Network Security

Course Modules

1. Subnetting
   This module covers IP addressing fundamentals and subnet calculation techniques essential for network reconnaissance. Students learn to divide networks into subnets, calculate host ranges, and use tools like Packet Tracer to visualize network topologies. These skills form the foundation for identifying target systems and planning network-based attacks.
    

2. Network Attacks
   This module explores offensive techniques targeting network protocols and services. Students learn to exploit weaknesses in DHCP, SMB/SMB2, LLMNR, and NBNS protocols to capture credentials and gain unauthorized access. The module covers tools like Responder for protocol poisoning, pass-the-hash attacks, and methods for collecting network traffic and cracking captured password hashes.
    

3. Domain Setup
   This module provides hands-on experience installing and configuring Windows Active Directory domains. Students deploy domain controllers, configure domain services, and establish the infrastructure needed for subsequent exploitation exercises. Understanding proper domain setup is essential for recognizing misconfigurations and security weaknesses in production environments.
    

4. Domain Events
   This module focuses on Windows domain event logging and monitoring. Students learn to interpret security events, authentication logs, and audit trails that record domain activities. The module teaches how attackers use event log analysis to understand domain behavior and how defenders use these same logs to detect intrusions and track attacker movements.
    

5. PowerShell
   This module teaches PowerShell scripting for Windows system administration and security assessment. Students learn essential commands, text manipulation techniques, and methods for querying event logs programmatically. The module emphasizes PowerShell's role in enumeration, showing how to extract system information, user data, and security configurations without triggering traditional detection mechanisms.
    

6. Domain Enumeration
   This module covers techniques for mapping Active Directory environments and identifying potential targets. Students use tools like Rpcclient to query domain information remotely, extract user lists, enumerate group memberships, and discover domain trusts. The module emphasizes stealthy reconnaissance methods that gather intelligence while minimizing detection risk.
    

7. Domain Exploitation
   This module teaches students to weaponize enumeration findings by exploiting Active Directory vulnerabilities. Students use Metasploit, Impacket, and CrackMapExec to execute attacks against domain controllers and member systems. The module covers authentication attacks, privilege escalation techniques, and methods for gaining administrative access to domain resources.
    

8. Domain Post
   This module focuses on post-exploitation activities after gaining initial domain access. Students learn to use Mimikatz for credential dumping, PSexec for remote command execution, and techniques for maintaining persistent access. The module covers advanced attacks like Golden Ticket creation, which allows attackers to forge Kerberos authentication tickets and maintain long-term domain compromise.
    

9. Domain Security
   This module examines defensive measures and security controls for protecting Active Directory environments. Students learn to identify security weaknesses from an attacker's perspective and understand how proper security configurations prevent the attacks taught in previous modules. The module bridges offensive techniques with defensive strategies, helping students think like both attackers and defenders.
    

10. Cryptography
    This module introduces encryption principles and their application in network security. Students explore both classic and modern encryption techniques, understanding how cryptography protects data in transit and at rest. The module provides foundational knowledge of cryptographic protocols used in network communications and how weaknesses in implementation can be exploited during security assessments.