25,000+ Courses Nationwide
0345 4506120

Hacking Enterprises

Special Notices
Students are also provided a complementary in.security hackpack! This includes:

  • 14-day extended LAB access after the course finishes
  • 14-day access to a CTF platform with subnets/hosts not seen during training

This is an immersive hands-on course aimed at a technical audience. The training covers a multitude of security topics, is based around modern operating systems and using modern techniques, with an emphasis on exploiting configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.

Learners will access a blended cloud-based LAB configured with multiple networks, some easily accessible, others not so.

Course material and exercise content has been designed to reflect real-world challenges and students will perform over 30 hands-on exercises including using OSINT skills to retrieve useful data, perform host/service enumeration and exploitation as well as perform phishing attacks against our live in-LAB users’ to gain access to new networks, bringing new challenges and in the process teaching new sets of skills in post exploitation, network reconnaissance, lateral movement and data exfiltration.

We also like to do things with a difference. In this training you’ll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, as an attacker, as a blue teamer, to understand the types of artefacts your attacks leave, therefore understanding how you might catch, or be caught in the real word.

Target Audience

  • Penetration testers
  • SOC analysts
  • Security professionals
  • IT Support, administrative and network personnel

Select specific date to see price, venue and full details.

Learning Objectives

  • Performing effective OSINT activities
  • Identifying live hosts and services using IPv4 and IPv6
  • Unauthenticated and authenticated target enumeration using manual techniques and tools using IPv4 and IPv6
  • Identifying and exploiting configuration weaknesses in targets from both unauthenticated and authenticated perspectives
  • Password hash identification, extraction and cracking from Linux, Windows variants and other applications
  • Password cracking techniques including dictionary/rule, brute force and mask attacks
  • Performing effective post exploitation attacks, enumeration and data gatheringUsing tools and techniques introduced during the training to create bespoke payloads that can be used in phishing attacks
  • Pivoting, lateral movement and routing traffic to hidden networks

  • Exploiting application weaknesses over tunnels, routed connections and shells using manual techniques and tools

  • Understanding Active Directory trusts and how they can be abused

  • Gaining persistence using modern techniques and exfiltrating data via out of band channels

  • Understanding how defensive monitoring can be used to identify malicious activities


  • A firm familiarity of Windows and Linux command line syntax
  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience is advantageous, but not required

Course Content

Day 1

  • An introduction into monitoring and alerting using our in-LAB ELK stack
  • Leveraging OSINT activities
  • Enumerating and targeting IPv4 and IPv6 hosts
  • Linux enumeration (remote and local targets)
  • Living off the land tricks and techniques in Linux

Day 2

  • Linux shells, post exploitation and privilege escalation
  • P@ssw0rd cracking (*nix specifics)
  • Living off the land tricks and techniques in Windows
  • Creating and executing Phishing campaigns against our simulated enterprise users

Day 3

  • P@ssw0rd cracking (Windows specifics)
  • Windows enumeration (remote and local targets)
  • Windows exploitation and privilege escalation techniques
  • Windows Defender/AMSI and UAC bypasses
  • Defensive monitoring
  • Bypassing AppLocker and Group Policy restrictions
  • RDP hijacking
  • Enumerating and extracting LAPS secrets
  • Situational awareness and further enumeration of other subnets

Day 4

  • Lateral movement and pivoting, routing, tunnelling and SOCKS proxies
  • Application enumeration and exploitation via pivots
  • Domain exploitation
  • Leveraging domain trusts

Day 5 (morning)

  • Gaining persistence using Scheduled Tasks and WMI Event Subscriptions
  • Data exfiltration over OOB channels (ICMP and DNS)
  • Domain Fronting and C2
  • CTF (afternoon)
  • Practical CTF to put newly learned skills into practice!

We reserve the right to improve the specification and format of our courses for the benefit of our customers without notice to the customer.

Related Learning

  • Advanced Infrastructure Hacking
  • Advanced Web Hacking
  • Certified in The Art of Hacking

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best