For IT security professionals, staying up-to-date with the latest vulnerabilities and exploits is a real challenge. Knowing a vulnerability from a high level perspective is not enough. A good security professional must be able to demonstrate the impact of the vulnerability. To bridge the gap between understanding a vulnerability and to be able to fully exploit it.
During the 5 days event, delegates will be granted access to a state-of-the-art Hacklab and will be asked to enumerate, assess, exploit and then post exploit vulnerabilities to achieve various objectives within the Hacklab.
NotSoSecure Hands-On Labs Now Available
We believe that hands-on, skills-based training should not end the moment you leave the class room. For both the Art of Hacking and Advanced Infrastructure Hacking training, you will now have the exciting option of being able to continue your learning journey by purchasing extra-lab time after your class.
Available in blocks of 4 weeks either as individual licenses or in multiple units for group training, the labs are exactly the same as used in class. This, when combined with your soft copy training materials (which include detailed steps of each exercise covered in class) will give you an environment in which you can practice and hone your skills at a very reasonable cost.
Please speak with your account manager for more information.
| City | Start Date | Days | Price | Spaces | Course ID | |
|---|---|---|---|---|---|---|
| London - City | 5 | £2699 | Spaces | 370870 | ||
| London - City | 5 | £2699 | Spaces | 424671 | ||
| London - City | 5 | £2699 | Spaces | 444678 |
Learning Objectives
Individuals taking the Advanced Infrastructure Hacking course will experience hands-on practical content that is extremely current and taught at the world's top conference stages. The course was written to address the need in the market for high-end training in the field of Infrastructure; inspired by daily on-site Penetration Testing and training in the community / conferences. The course enable students to practice topics such as exploit chaining, post-exploitation, combining low risk vulnerabilities to obtain high impact outcomes.
Benefits
The course examines and hacks a wealth of modern vulnerabilities aka (MS14-068, MS15-077). All labs are virtualised and there are dedicated VMs for each student.
Advanced Infrastructure Hacking course will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and everything else in between. The course is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications and those who perform Penetration Testing on infrastructure as a day job and want to take their skills to different level. From hacking Domain Controllers with MS14_068 to GHOST local root; VLAN Hopping to VoIP Hacking, a wide variety of approaches to Infrastructure Hacking is covered.
Pre-Requisites
Prior hands-on experience of common hacking/enumeration tools such as Nmap, Metasploit etc., is recommended for the class. Certified in the Art of Hacking is strongly recommended as a pre-requisite to this advanced hacking course.
Intended audience for this Advanced Infrastructure Hacking course audience includes:
- Penetration Testers and Security Researchers
- CSIRT & Red Team professionals
- Security Operations Centre (SOC) analysts
- Security/System/Network architects
- Information Security Professionals
Course Content
The course is based on the following modules:
Hacking Networks, Databases
1.1 TCP/IP & Network Enumeration
1.2 Port scanning
1.3 TCP/UDP scanning
1.4 Windows/Linux enumeration
1.5 The Art of brute-forcing
1.6 Insecure SNMP Configuration
1.7 Database Exploitation (Oracle, Postgres, Mysql)
1.8 Hacking Application servers (Websphere)
1.9 Exploiting SSL vulnerabilities such as heartbleed
1.10 Exploiting remote systems via Shellshock
1.11 Exploiting Java and PHP serialization bugs
Advanced Windows Hacking
2.1 Windows Vulnerabilities
2.2 Mastering Metasploit
2.3 Latest remote exploits
2.4 Pivoting within internal network
2.5 Local privilege escalation
2.6 Custom payloads
2.7 Post-exploitation
Hacking Windows Domains
3.1 Compromising Windows Domain
3.2 Pass the hash
3.3 Pass the ticket
3.4 Breaking Kerberos
3.5 Third party exploits (browser, java, pdf)
Advanced Linux Hacking
4.1 Linux Vulnerabilities
4.2 Finger
4.3 Rservices
4.4 NFS Hacks
4.5 SSH hacks
4.6 X11 vulnerabilities
4.7 Local Privilege escalation
4.8 Kernel exploits
4.9 Weak file permissions
4.10 SUID/SGID scripts
4.12 Inetd services
Hacking VLANs, VoIP, Switches & Routers
5.1 VLAN Hopping
5.2 Hacking VoIP
5.3 Exploiting insecure VPN configuration
5.4 Switch/Router vulnerabilities
Related Courses
Online Courses
You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.
We have the following eLearning options available:
Security Operations Centre (SOC) Analyst Programme - Foundation, Investigator and Responder Bundle
Course InfoVirtual Classroom
Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.
