This two day class teaches students how to best use CANVAS for vulnerability exploitation and penetration testing.
- Introduction to CANVAS and Reconnaissance Becoming familiar with the CANVAS GUI logs and reporting in CANVAS command line usage. Host discovery via portsweep, udpsweep and manual methods. Operating system (OS) detection. Database detection (Oracle, MSSQL). Traceroute and port scanning. User and network share enumeration. Definition of CANVAS nodes
- Exploitation and Bouncing The three phases of exploitation. Choosing an exploit. Executing an exploit. Handling network address translation (NAT) and setting callbacks.
- Post-Exploitation Spawning a process. Uploading and downloading files. Executing commands via the shell. Uploading a MOSDEF Trojan. Privilege escalation.
- Bouncing How to bounce attacks from compromised hosts. Choosing effective bouncing points.
- Client-Sides Setup and execution of client-side attacks.
- Automation Running commands on multiple hosts. Attacking multiple hosts. Vulnerability scanning and automated attacks. Customization of post-exploitation commands. Custom MOSDEF development.
Delegates with IT background
For more information regarding this training or CANVAS product