The Art of Hacking icon

The Art of Hacking

Master the art of hacking by expanding your skills in our sophisticated hands-on hacking lab in our five-day course “The Art of Hacking”.


The Art of Hacking (AoH) is a fundamental training course for those who want to enter the world of IT security and penetration testing, or for those who want to consolidate and formalise their skills and demonstrate their knowledge through practical work

At the end of the course, participants will be able to:

  • Discover and fingerprint systems and services available in their infrastructure,
  • Exploit Windows and Linux operating systems through a variety of known vulnerabilities,
  • Perform brute force attacks with passwords to compromise services and gain access to a host,
  • Hack application servers and content management systems to gain access to customer data,
  • Carry out client-side attacks and execute code on the target computer,
  • Identify common web application vulnerabilities and practically introduce security measures into their software development lifecycle.

Course participants receive:

  • A PDF copy of all course materials used during the course, including the instructor’s slides, the cheat sheets for the tools, and instructions on how to work through the course
  • Access to NotSoSecure’s Art of Hacking Lab for 30 days after the end of the course
  • Overview
  • Details
  • Requirements and participant profile
  • Download the brochure

Course description:

This beginner and advanced level technical course combines infrastructure security and web application security in a five-day “Art of Hacking” course that teaches the basics of hacking. This hands-on course was designed to meet the global market need for real, practical hacking experience that focuses on what is really needed in pentesting.

Learning objectives:

This course provides participants with a wealth of techniques to compromise the security of various operating systems, network devices and web application components. It starts with very basic knowledge and builds up to a level where participants can not only apply the tools and techniques to hack various infrastructure components and hack on the web, but also gain a solid understanding of the concepts on which these tools are based. The course combines formal hacking methodology with a variety of tools to teach the basic principles of ethical hacking.

Duration and location of the course:

A five-day course that can be held in a classroom setting.

Additional accreditation:

Check Point Certified Penetration Testing Associate (CCPA).

The Art of Port Scanning

  • Basic concepts of Hacking Methodology
  • Enumeration techniques and Port Scanning

The Art of Online Password Attacks

  • Configure Online Password Attack
  • Exploiting network service misconfiguration

The Art of Hacking Databases

  • MySql, Postgres
  • Attack chaining techniques

Metasploit Basics

  • Exploitation concepts, Manual Exploitation Methodology
  • Metasploit framework

Password Cracking

  • Understanding basic concepts of cryptography
  • Design offline brute force attack

Hacking Unix

  • Linux vulnerabilities, misconfiguration
  • Privilege escalation techniques

Hacking Application Servers on Unix

  • Web Server misconfiguration
  • Multiple exploitation techniques

Hacking Third Party CMS Software

  • CMS Software
  • Vulnerability scanning and exploitation

Windows Enumeration

  • Windows enumeration techniques and configuration issues
  • Attack chaining

Client-Side Attacks

  • Various Windows client-side attack techniques

Privilege Escalation on Windows

  • Post exploitation
  • Windows Privilege escalation techniques

Hacking Application Servers on Windows

  • Web Server misconfiguration
  • Exploiting Application servers

Post Exploitation

  • Metasploit Post exploitation techniques
  • Windows 10 Security features and different bypass techniques

Hacking Windows Domains

  • Understanding Windows Authentication
  • Gaining access to Domain Controller

Understanding the HTTP Protocol

  • HTTP Protocol Basics
  • Introduction to Proxy Tools

Information Gathering

  • Enumeration Techniques
  • Understanding Web Attack Surface

Username Enumeration and Faulty Password Reset

  • Attacking Authentication and Faulty Password Mechanisms

Issues with SSL/TLS

  • SSL/TLS misconfiguration

Authorisation Bypass

  • Logical Bypass techniques
  • Session related issues

Cross Site Scripting (XSS)

  • Various types of XSS
  • Session hijacking and other attacks

Cross Site Request Forgery (CSRF)

  • Understanding CSRF attack

SQL Injection

  • SQL Injection types
  • Manual Exploitation

XML External Entity (XXE) Attacks

  • XXE Basics
  • XXE Exploitation

Insecure File Uploads

  • Attacking File Upload functionality

Deserialization Vulnerabilities

  • Serialization Basics
  • PHP Deserialization Attack

Who should take this class?

System Administrators who are interested in learning how to exploit Windows and Linux systems; Web Developers who want to find and exploit common web application vulnerabilities; Network Engineers who want to secure and defend their network infrastructure from malicious attacks; Security enthusiasts new to the information security field who want to learn the art of ethical hacking; Security Consultants looking to relearn and refresh their foundational knowledge

You will need:

Basic familiarity with Windows and Linux systems e.g. how to view a system’s IP address, installing software, file management
Basic understanding of Network fundamentals e.g. IP addressing, knowledge of protocols such as ICMP, HTTP and DNS
Basic understanding of HTTP fundamentals e.g. Structure of an HTTP request, HTTP method verbs, HTTP response codes

The above requirements are not mandatory but are recommended due to the pace of the course. The Hacking 101 course by NotSoSecure can be undertaken as a prerequisite to this course.

Hardware Requirements: Delegates should bring their own laptop, and must have administrative access to perform tasks such as software installations, disable antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported.

Software Requirements: Windows 7 or 10 operating systems are recommended for the course. Delegates will be required to install OpenVPN client, an SSH client such as Putty and Mozilla Firefox. Installation instructions will also be provided on the first day of the course.


Course Information