Over the next few weeks, I went through their initial courseware, both videos and written materials, and found there were some areas that needed improvement - enough that I advised Attack-Secure to update the courseware, and allow me to review again, before I wrote my review. Attack-Secure was happy and eager to oblige, and took my suggestions to heart, and I'm pleased to say that it's made a noticeable difference in the presentation and quality of the materials. Additionally, my interactions with Attack-Secure, since giving them my initial opinions and thoughts, have all been very positive, and I've been speaking with them, almost daily. Now that I've received and reviewed their updated courseware, I'm ready to give a positive review of this course. Please feel free to reply, or PM me with any questions.
(Notes - I've been given access to Attack-Secure's online lab, which I'll be reviewing later, as I haven't had adequate time to dive into it, yet, and wanted to deliver the main course review in a timely fashion, for all of those EH-net'ers who've been patiently waiting.
Additionally, I'm told that Attack-Secure is also working on a follow-up course that dives deeper, and will cover more advanced topics. Attack-Secure has promised to provide me with a copy of the new course, to review for EH-net, as well, when the course has been completed. So watch for my review for that course, sometime in the future.)
All that said, on to the review...
"Codename: Samurai Skills" from Attack-Secure ( http://attack-secure.com ) provides students with a good base for penetration testing knowledge, and then continues to dive deeper, by doing what many other courses don't spend enough time on - actual demonstrations and explanations of the methods and tools that they're using. Where some courses scratch the surface, or give a lot of broad knowledge (like tons of names of - and hyperlinks to - tools) and written links to outside materials, the Attack-Secure folks spend more time actually demonstrating techniques. I liken it more to the approach of Offensive Security or eLearnSecurity, where there are more demonstrations of things, to solidify the students' learning, rather than the approach of other courses, where a student would do one or two short labs per day, showing sometimes deprecated tools, or 'nifty parlor trick' types of things (like playing with GUI rootkit creators, for instance.)
However, while the approach is similar, different objectives are covered to different lengths, so it compliments courses like OSCP and eCPPT, in that it uses additional tricks, tools and knowledge areas to sharpen a student's abilities. Therefore, before I go deep into my review, let me state up front - I wouldn't recommend this course 'in place of,' for instance, OSCP or eCPPT, for those who already plan to take those. Rather, I'd recommend considering this course if you're looking to add to knowledge from those courses, or supplement your learning, and continue to hone and practice your skills. It never hurts to continue to take additional courses and study, as the field of IT security is constantly evolving.
For newer folks, who might have C|EH or other more 'knowledge-based' courses, or for those who want a good course, with more actual demonstrations, to help them learn (as everyone has their preferred learning style,) this course is an excellent way to move into the pentesting realm. An additional difference between this course and OSCP or eCPPT is that this course spends more time on individual topics, rather than forcing a student to learn and explore on their own. Personally, I'm geared for challenge, so something like OSCP came naturally to me, and for that, I really benefitted from OSCP. The same goes for eCPPT. But if a student needs more time and examples to help them to learn, and doesn't have the time to commit to forcing themselves through the pains that are native to Offensive Security courses and others (steeper learning curves and lots of trial and error, research, etc.,) this course did a good job of continuing to demonstrate and show techniques, without the need for heavier, outside research - not that outside research isn't still ALWAYS recommended, since pentesting and technologies are always advancing. Ultimately, it's a matter of what learning style fits the student best.
Each module in the Samurai Skills course is comprised of documentation, in the form of a PDF file, as well as course videos, in mp4 format. While not copy protected (something that they changed, at my request, as the initial copy protection forced me to view the courseware on Windows-only machines, whereas I prefer to study from my tablets or Linux boxes, regularly,) the pdf's and videos are watermarked with the individual student's name and email address, so as to try to minimize mass sharing of their materials.
As the current materials stand, here's a breakdown of the amount of information in each:
Module 1: PDF = 20 pages, video = 35:08 (m:s)
Module 2: PDF = 76 pages, video = 2:39:12 (h:m:s)
Module 3: PDF = 68 pages, video = 2:08:29 (h:m:s)
Module 4: PDF = 19 pages, video = 49:21 (h:m:s)
Module 5: PDF = 77 pages, video = 2:08:25 (h:m:s)
Module 6: PDF = 56 pages, video = 1:31:54 (h:m:s)
Module 7: PDF = 60 pages, video = 5:00:45 (h:m:s)
Module 8: PDF = 18 pages, video = 2:06:28
For a total of 394 pages and 16:59:42 (h:m:s) of video
Now, on to the specific modules...
Module 1: Solid Introduction to Penetration Testing
This module contains the usual definitions that we see in many of the courses for penetration testing / ethical hacking, so I won't dive into much detail on those, here. It also gives a few general links to pages that might be useful as you proceed, such as exploit-db.com and others.
Module 1 also lists their goals for the course, which are defined as follows:
- provide the student with the ability to conduct an effective, hands-on penetration test
- focus on medium-level penetration tests (NS|PT)
- follow-up course will focus on advanced-level penetration tests (NS|APT)
- dedicated online penetration testing labs that mimic REAL WORLD Penetration Testing Scenarios
Module 2: Real World Information Intelligence Techniques
This module covers information gathering methodology and useful sites and tools for gaining the initial knowledge of your target host(s) / environment, which are generally performed without scanning the target hosts or network, directly. It contains info on info-gathering tools and websites, as well as providing the student with some things to look for, such as job postings, resumes, file types, and other data, which are gathered in the initial reconnaissance phases, and might be useful in later stages of a penetration test. The module also covers file analysis, creating targeted wordlists, DNS enumeration, website mirroring, and various other pieces of the recon stages.
Module 3: Scanning and Assessment
This module continues where the previous module left off, taking the knowledge you've gained from the indirect data gathering and analysis, and using that information to begin more direct enumeration and assessment of the target hosts / environments. Attack-Secure covers topics like vulnerability scanning, nmap, target OS and service enumeration, and other techniques. Additionally they discuss 'detection evasion' during scanning, which is a topic that many similar courses only briefly mention (and sort of skim past,) and actually go over some of the topics in the video.
(Note - This was one of the areas where I was pleased, with the differences between their course and some others, in that they actually spent at least a little time showing how some of these techniques are used. For those who are newer and may not learn well through their own 'outside research,' this would be of benefit.)
Module 4: Network Attacking Techniques
This module covers topics like network password cracking, man-in-the-middle, ARP spoofing, password sniffing and common targeted protocols. The video covers the information from the PDF, as well as demonstrating some of the techniques and tools from the documentation. Notably, there were a couple of topics in Module 4, which I haven't really seen covered in detail, in other courses (such as, for instance, coverage of sniffing and decoding RDP traffic.)
Module 5: Windows & UNIX Attacking Techniques
For Windows, Module 5 goes over many of the various strengths and weaknesses of the different Windows versions, from XP, through Server 2003 and 2008, up to Windows 7. ASLR and DEP are mentioned, as well as UAC, the various Windows HASH'ing methods, authentication mechanisms, and AD domains and Trusts, as well as how some of the Windows flavors use, or are affected by, these. Further discussion evolves around remote and local exploits, and they continue by going over vulnerability discovery / identification in services and applications, and locating exploits for said vulnerabilities. Finally, client-side exploitation is discussed, as well as SET (the Social Engineering Toolkit, from David Kennedy)
For UNIX, topics like filesystem, permissions and authentication are covered. Additionally, passwords and salting are discussed, as are Unix Directory Services. Finally, Attacking UNIX and server-side exploits are discussed, with a walkthrough at the end of the Module 5 video.
Module 6: Windows & UNIX Post-Exploitation Techniques
This module revolves around activities 'Post-Exploit.' Various demonstrations ensue, showing Situational Awareness from the Windows command-line (such as gaining information about configuration, environment, etc.,) meterpreter, privilege escalation, local password cracking, impersonation, routing / pivoting and other topics, for both Windows and UNIX.
One nice area of the videos in Module 6, that was nicer for newcomers, especially, was that Attack-Secure went into a little more detail on command-line switches for tools, like netstat. The same goes for some of the nmap activity in previous modules, as well. While many courses simply expect that you'll use man pages or other documentation to learn various switches and options, the course gives just that extra little bit of help / guidance on some areas, in order to help the student along. Again, while not necessarily a drawback to other courses out there, it's an area that Attack-Secure wanted to give enough attention to, to make it easier for some students to learn. Additionally, many courses will start a tool in a video, and note that it might take some time to complete. Understandably, they cut away and return after the tool finishes running, in order to save video time. In most cases, the Attack-Secure folks stayed with a tool until it finished running, in the video. While I'm not touting that as a 'plus or minus' to the course, it does give some newer students a realistic expectation of how long a tool might take to run. (Speaking from previous experience teaching folks, where they were 'uber-impatient' and didn't really understand that sometimes, tasks and tools take time to complete.)
Module 7: Web Exploitation Techniques
This module opens with a web application primer, and discussions of scanning and mapping web applications, to look for vulnerabilities to exploit. It then flows into active demonstrations of various web exploits, leading to full system access. These demonstrations cover SQL injection and Blind SQLi, File Upload and Remote File Include (RFI) vulnerabilities, Command Injection, Cross Site Scripting (XSS) (both reflected and stored,) and Cross-Site Request Forgery (CSRF.) This is the longest of the video modules, as they do a good job of walking through the steps they're taking in each attack, and showing how each attempt succeeds or fails, as well as proceeding to show how such tasks as stealing cookies with XSS can be accomplished.
I was pleasantly surprised with the demonstrations here. It was not that they were 'groundbreaking,' but rather, it was because many of the courses on the market, today, don't go into enough detail on web application pentesting and exploitation. Attack-Secure tried to ensure that students got to see or experience more of the web application side of the equation, and continued through each module to show how such techniques can eventually lead an attacker to root / system access. They didn't stop at "Here's a vulnerability, and here's the basics of how to exploit it," but rather, took the attack all the way through using the results of the initially demonstrated exploit, in order to continue to attack and pwn the box.
Module 8: Windows Exploit Development
Module 8 covers development of exploits, against the Windows platform. It opens with explanation of key concepts, such as memory corruption, classes and exploits, and then flows into the actual process for finding vulnerabilities in, and exploiting, Windows executables. Setup of a development lab machine is covered, as well as some of the tools one might want to use (a few different debuggers, etc.) Next, they flow into and demonstrate the steps one should follow in the process: fuzzing, triggering the vulnerability, identifying offsets, identifying usable characters, filling in memory addresses (like JMP,) identifying usable stack space for your exploit code, dropping in the actual payloads, and generating exploits with metasploit.
Having been through other courses, and gone through their processes / modules for exploit development, I feel Attack-Secure did a good job, on this module. In general, I felt they kept pace with most of the courses I've gone through, and generally, their explanations were better than many, in that they tried to detail the underlying concepts, enough to help someone who is newer to these processes. Most (not all) courses, which I've seen, haven't spent enough time on these areas, or the instructors led into them, and expected the student to come up to speed on their own, outside of the course materials.
Final points (<yay, this guy's finally almost done jabbering at us!>)
"Codename: Samurai Skills" from the Attack-Secure team, did a great job of taking many of the facets that are missing from a lot of entry- and mid-level penetration testing / IT security courses, and put a lot of time and effort into presenting them to the student, whether in the pdf's, or through video explanations and demonstrations. Having been through various courses, and having a personal learning style of "Punish me and I'll learn better," this course wasn't my ABSOLUTE favorite, however, it ranks very highly against many courses on the market, in terms of the amount of material it delivers, and the value to the student, in terms of giving them a lot of good, usable information, to initiate them into the world of penetration testing.
Basing my rating on what they wanted to achieve, and what they've given me, I would give them a 9.0 out of 10, and am eagerly awaiting what they're going to do with the follow-up course (which again, I'll review when they feel it's ready for public consumption.)
"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'
OSCE, OSCP , GPEN, C|EH