Advanced Infrastructure Hacking icon

Advanced Infrastructure Hacking

Five-day Advanced Infrastructure Hacking Course.

Contact

Very impressed with the lab environment. Course is packed with Information and exciting challenges. Excellent Content and in-depth presentation. Loved the practice timing and walk-through. The extended lab access is helpful to practice after the class.

Delegate, Black Hat USA

This course was exactly as described. It delivered good, solid information on the current state of infrastructure hacking at the rapid pace promised. This was a great way to get back into this area after years away from it.

Delegate, Black Hat USA

Very excellent course, highly recommend even for those new to Pen Testing! Great work & Effort

Delegate, Black Hat USA

Compressing 4 days of material is very hard to do. I have to say that this class did it well. My brain hurts, not because the class was bad but because it was very, very good. The instructor was well versed in the subject and the assistance was effective. I really appreciate the "recap" after every section. Top notch. The course was exactly as described.

Delegate, Black Hat USA

It provided me with the latest Information Security research & development

Delegate, Black Hat USA

Took this course as the 4-day was full, and was prepared for a fast-paced nightmare! On the contrary this course was well planned for the timescales. Happy with the solution.

Delegate, Black Hat USA

At the end of the course, participants will be able to:

  • List, investigate and specifically exploit vulnerabilities in a company’s network devices, online presence and employees
  • Understand complex vulnerabilities and chained exploit processes to gain access and bypass restrictions, escalate privileges, exfiltrate data and gain long-term persistence in: web-oriented services, databases, Windows, Active Directory, *nix, container-based systems, VPN, VLAN, VoIP and cloud environments,
  • Use compromised devices to penetrate other private networks and/or access services that are protected by whitelisting or only accessible via the loopback interface

Course participants receive:

  • Access to our hacking lab, not only during the course but also for 30 days after it finishes. This gives the participants enough time to practise the concepts taught in the course. The lab includes a variety of challenges, from local privilege escalation to VLAN hopping, etc. Participants are provided with numerous scripts, tools and handouts during the course.

For security and IT decision-makers

What impact does a training course by Claranet Cyber Security really have on your team?

Harden your company’s infrastructure and make it a less attractive target for attackers by building a team that can identify vulnerabilities and misconfigurations in your environments, test them and recommend remedial action. At the end of the course, participants will be able to:

  • Perform security tests using complex attack chains for Windows (local), Active Directory, Linux and common cloud environments,
  • Design these tests based on real-world attack behaviour and tools to ensure they are ready for the threats their company faces,
  • Identify misconfigurations from network to system level,
  • Understand the business impact of misconfigurations and vulnerabilities and how these should be reported to stakeholders,
  • Implement logging and monitoring processes to detect current attacks,
  • Take on more responsibility in the team,
  • Become an advocate for security throughout the company.
  • Overview
  • Details
  • Requirements and participant profile
  • Download the brochure

An advanced course on hacking infrastructures aimed at those who want to expand their knowledge ...

This dynamic course will teach you a wealth of hacking techniques to compromise various operating systems and network devices. It covers advanced penetration techniques to achieve exploitation and familiarises you with hacking common operating systems, network devices and much more. From domain controller hacking to local root, from VLAN hopping to VoIP hacking – we have it all.

  • Latest, highly relevant exploits
  • Teaches a wide range of offensive hacking techniques
  • Written by real pentesters with a worldwide reputation at conferences (Black Hat, AppSec, OWASP, Defcon, etc.)
  • A lab that is continuously being developed

If you are looking to develop your hacking skills further, either for working as a pen tester, or you need to understand how hackers work so that you are better able to defend against it, then this course is for you. In addition to increasing your knowledge and confidence, it provides excellent preparation for the advanced hacking examinations. By utilizing the Hack-Lab following the Advanced Infrastructure Hacking course you are provided with time to test and hone your skills and your understanding of the tools and applications used throughout the course. You can take these away for working with on a day to day basis. There are guides, walkthroughs and examples for you to use as follow-up so that you can translate these modules into practical values within your business.

Day 1

IPv4 and IPv6 Refresher

Advanced topics in network scanning Understanding & exploiting IPv6 Targets OSINT, DVCS, CI Server exploitation, Advanced OSINT Data gathering, Exploiting git and Continuous Integration (CI) servers

Database Servers

Mysql, Postgres, Oracle

Recent Vulnerabilities

SSL / TLS Bugs Deserialization Bugs

Day 2

Windows Exploitation

Domain and User Enumeration AppLocker / GPO Restriction Bypass Local Privilege Escalation Fun with Powershell Bypassing AV / AMSI Post Exploitation In-Memory Credential Harvesting

Day 3

AD Exploitation

Active Directory Delegation issues Understanding WOW64 Pivoting and WinRM Certificates Persistence (Golden Ticket, DCSync) Lateral Movement Using WMIC

Day 4

Linux Exploitation

Advanced topics in network scanning Understanding & exploiting IPv6 Targets OSINT, DVCS, CI Server exploitation, Advanced OSINT Data gathering, Exploiting git and Continuous Integration (CI) servers

Database Servers

Mysql, Postgres, Oracle

Recent Vulnerabilities

SSL / TLS Bugs Deserialization Bugs

Day 5

Container Breakout

Breaking and Abusing Docker, Kubernetes Vulnerabilities

VPN Exploitation

VoIP Enumeration & Exploitation

VLAN Attacks

VLAN Concepts VLAN Hopping Attackss

Who Should Take This Class?

System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and if you want to take your skills to next level.

While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed. Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although if you are a less advanced user, you can work your way up during the 30 days of complimentary lab access provided as part of the course.

The course is ideal if you are preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST or other similar industry certifications, as well as if you perform Penetration Testing on infrastructure as a day job and wish to add to your existing skill set.

You will need:

The only requirement for this course is that you must bring your own laptop and have admin/root access on it. During the course, we will give you VPN access to our state-of-art Hack-lab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the Hack-Lab, accessed using SSH. So, you don’t need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!

As a delegate, you may optionally come prepared with an OpenVPN client (e.g. OpenVPN Client for Windows, we suggest Tunnelblick for Mac, the OpenVPN client is often included natively for Linux but may need installing/updating) and an SSH client (e.g. PuTTY for Windows, generally included natively for Linux/Mac) installed.

Download

Course Information