Evergreen Alliance Training Program for GIAC Penetration Tester Certification (GPEN)

Course Summary

In this course, you will gain in-depth knowledge of how to conduct penetration testing in a modern enterprise environment. You’ll learn how to effectively plan, prepare, and execute penetration tests using advanced tools and techniques. Through hands-on lab exercises, you will practice the strategies employed by experienced attackers and develop the skills needed to identify vulnerabilities and assess risks. These skills can be immediately applied to enhance your security practices within your organization.

The course is designed for penetration testers looking to strengthen their skillset, as well as for system administrators, defenders, and security professionals who want to understand how attackers operate. By learning the offensive mindset, defenders will better anticipate and mitigate potential threats. Every organization needs skilled security professionals who can detect weaknesses and strengthen defenses, and this course is tailored to prepare you for this crucial role. Both offensive and defensive teams share the same goal: to protect the organization from malicious actors.

In this course, you will learn how to:

Plan and prepare for enterprise-scale penetration tests, ensuring a structured and effective approach
Conduct thorough reconnaissance to support social engineering and phishing efforts, as well as to make informed decisions on attack targets
Leverage best-of-breed scanning tools to uncover hidden vulnerabilities and systems that might be overlooked by other methods
Safely perform password guessing and cracking techniques to gain initial access or deepen access to the network
Exploit vulnerabilities in target systems to measure the actual business risks associated with those weaknesses
Execute post-exploitation tactics to maintain and extend your presence on the compromised network
Apply privilege escalation methods on Windows or Linux systems, and within Windows domains, to gain higher levels of access
Conduct internal reconnaissance to identify additional attack surfaces and alternative attack vectors
Execute lateral movement and pivoting techniques to expand your reach within the organization’s network and uncover additional vulnerabilities
Crack passwords with advanced tools and techniques to escalate privileges or extend access across the network
Utilize various Command and Control (C2) frameworks to manage and execute operations on compromised hosts
Conduct targeted attacks on Microsoft Windows domains, including advanced Kerberos-based attacks such as Kerberoasting, Golden Ticket, and Silver Ticket attacks
Carry out reconnaissance within Azure environments and understand the unique threats they pose
Perform password spraying attacks against Azure Active Directory and use compromised credentials to move laterally
Develop detailed, actionable penetration test reports, including findings and recommendations for mitigating risks
By the end of this course, you will have developed the expertise to conduct penetration testing in real-world environments, perform in-depth assessments, and improve your organization’s security posture. You will gain critical skills in network security, vulnerability management, and exploitation techniques, all essential for identifying risks and securing systems effectively.