0845 450 6120

The Art of Hacking

This course teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course comprises of 3 days of infrastructure hacking and 2 days of web hacking.

Intended Audience:

System Administrators, Web Developers, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level.

This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications and infrastructures. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, and infrstructure platforms, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the hacklab and taught in this course.

During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab.

Reset

Learning Objectives

  • The Art of Hacking course is written and released in 2016 and benefits from the latest vulnerabilities in current and future platforms /systems. E.g. we do not talk about hacking windows XP and 2003 servers (unlike CEH) but talk about circumventing controls in Modern OS such as Windows 2012 servers. Any high impact vulnerability such as heart-bleed, shellshock or the recent mass compromise vulnerability of Joomla software is taught in the class.
  • Unlike CEH, where the focus is to run a tool to achieve an objective which helps attendees pass the exam, we focus on the underlying principles on which tools work and provide attendees an understanding on what is the root cause of the vulnerability and how does the tool work to exploit it. We also talk about how the vulnerability should be mitigated.
  • The class benefits from a hands-on lab which is hosted in the NotSoSecure cloud. Every attendee gets their own dedicated Virtual Machines upon which they practice each and every vulnerability in detail.
  • In terms of reputation, this course remains one of the most popular class's at BlackHat and other major events. The course is written and taught by pen testers and the training is based on real-life pen testing experience. The Infrastructure component of the class is featuring this year at BlackHat Las Vegas.

Pre-Requisites

There are no pre-requisites. However, we recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of the Windows and Linux command line utilities.

Course Content

Day 1:

  • TCP/IP Basics
  • The Art of Port scanning
  • Target Enumeration
  • Brute-forcing
  • Metasploit Basics
  • Password Cracking

Day 2:

  • Hacking Recent Unix Vulnerabilities
  • Hacking Databases
  • Hacking Application Servers
  • Hacking third party applications (Wordpress, Joomla, Drupal)

Day 3:

  • Windows Enumeration
  • Hacking recent Windows Vulnerabilities.
  • Hacking Third party software (Browser, PDF, Java)
  • Post Exploitation: Dumping Secrets
  • Hacking Windows Domains

Day 4:

  • Understanding HTTP protocol
  • Identifying the attack surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross Site Scripting
  • Cross-Site Request Forgery 

Day 5:

  • SQL Injection
  • XXE attacks
  • OS Code Injection
  • Local/Remote File include
  • Cryptographic weakness
  • Business Logic Flaws
  • Insecure File Uploads

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include