0345 4506120

Advanced Infrastructure Hacking

For IT security professionals, staying up-to-date with the latest vulnerabilities and exploits is a real challenge. Knowing a vulnerability from a high level perspective is not enough. A good security professional must be able to demonstrate the impact of the vulnerability. To bridge the gap between understanding a vulnerability and to be able to fully exploit it.

During the 5 days event, delegates will be granted access to a state-of-the-art Hacklab and will be asked to enumerate, assess, exploit and then post exploit vulnerabilities to achieve various objectives within the Hacklab.

NotSoSecure Hands-On Labs Now Available

We believe that hands-on, skills-based training should not end the moment you leave the class room. For both the Art of Hacking and Advanced Infrastructure Hacking training, you will now have the exciting option of being able to continue your learning journey by purchasing extra-lab time after your class.

Available in blocks of 4 weeks either as individual licenses or in multiple units for group training, the labs are exactly the same as used in class. This, when combined with your soft copy training materials (which include detailed steps of each exercise covered in class) will give you an environment in which you can practice and hone your skills at a very reasonable cost.

Please speak with your account manager for more information.

Reset

Learning Objectives

Individuals taking the Advanced Infrastructure Hacking course will experience hands-on practical content that is extremely current and taught at the world's top conference stages. The course was written to address the need in the market for high-end training in the field of Infrastructure; inspired by daily on-site Penetration Testing and training in the community / conferences. The course enable students to practice topics such as exploit chaining, post-exploitation, combining low risk vulnerabilities to obtain high impact outcomes.

Benefits

The course examines and hacks a wealth of modern vulnerabilities aka (MS14-068, MS15-077). All labs are virtualised and there are dedicated VMs for each student.

Advanced Infrastructure Hacking course will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and everything else in between. The course is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications and those who perform Penetration Testing on infrastructure as a day job and want to take their skills to different level. From hacking Domain Controllers with MS14_068 to GHOST local root; VLAN Hopping to VoIP Hacking, a wide variety of approaches to Infrastructure Hacking is covered.

Pre-Requisites

Prior hands-on experience of common hacking/enumeration tools such as Nmap, Metasploit etc., is recommended for the class. Certified in the Art of Hacking is strongly recommended as a pre-requisite to this advanced hacking course.

Intended audience for this Advanced Infrastructure Hacking course audience includes:

  • Penetration Testers and Security Researchers
  • CSIRT & Red Team professionals
  • Security Operations Centre (SOC) analysts
  • Security/System/Network architects
  • Information Security Professionals

Course Content

The course is based on the following modules:

Hacking Networks, Databases

1.1 TCP/IP & Network Enumeration
1.2 Port scanning
1.3 TCP/UDP scanning
1.4 Windows/Linux enumeration
1.5 The Art of brute-forcing
1.6 Insecure SNMP Configuration
1.7 Database Exploitation (Oracle, Postgres, Mysql)
1.8 Hacking Application servers (Websphere)
1.9 Exploiting SSL vulnerabilities such as heartbleed
1.10 Exploiting remote systems via Shellshock
1.11 Exploiting Java and PHP serialization bugs

Advanced Windows Hacking

2.1 Windows Vulnerabilities
2.2 Mastering Metasploit
2.3 Latest remote exploits
2.4 Pivoting within internal network
2.5 Local privilege escalation
2.6 Custom payloads
2.7 Post-exploitation

Hacking Windows Domains

3.1 Compromising Windows Domain
3.2 Pass the hash
3.3 Pass the ticket
3.4 Breaking Kerberos
3.5 Third party exploits (browser, java, pdf)

Advanced Linux Hacking

4.1 Linux Vulnerabilities
4.2 Finger
4.3 Rservices
4.4 NFS Hacks
4.5 SSH hacks
4.6 X11 vulnerabilities
4.7 Local Privilege escalation
4.8 Kernel exploits
4.9 Weak file permissions
4.10 SUID/SGID scripts
4.12 Inetd services

Hacking VLANs, VoIP, Switches & Routers

5.1 VLAN Hopping
5.2 Hacking VoIP
5.3 Exploiting insecure VPN configuration
5.4 Switch/Router vulnerabilities

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include