The Art of Hacking (AoH) is essential training for those entering the world of IT Security and Penetration Testing or for those who wish to consolidate and formalize their knowledge and wish to demonstrate, through hands-on work
Attendees will be able to:
- Discover and fingerprint systems and services available within their infrastructure
- Discover and exploit Windows and Linux operating systems through a variety of well-known vulnerabilities
- Conduct password brute force attacks to compromise services and gain access to a host
- Hack application servers and Content Management systems to gain access to customer data
- Conduct client-side attacks and execute code on a victim’s machine
- Identify common web application vulnerabilities and introduce security within their software development life-cycle in a practical manner
Delegates receive:
- A PDF copy of all course materials used during the course including instructor slide deck, tool cheat sheets and walkthrough guides
- Access to NotSoSecure’s Art of Hacking lab for 30 days after course completion
Outline of the course:
This introductory/intermediate technical course brings together Infrastructure Security and Web Application Security into a 5-day “Art of Hacking” course designed to teach the fundamentals of hacking. This hands-on course was written to address the market need around the world for a real hands-on, practical and hacking experience that focuses on what is really needed when conducting Pen Testing.
Learning objectives:
This course teaches attendees a wealth of techniques to compromise the security of various operating systems, networking devices and web application components. The course starts from the very basic and builds up to the level where delegates can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also gain solid understanding of the concepts on which these tools are based. This course combines a formal hacking methodology with a variety of tools to teach the core principles of ethical hacking.
Length of course and location:
A 5 day course that can be delivered in a classroom style.
Additional accreditation:
Check Point Certified Penetration Testing Associate (CCPA).
The Art of Port Scanning
- Basic concepts of Hacking Methodology
- Enumeration techniques and Port Scanning
The Art of Online Password Attacks
- Configure Online Password Attack
- Exploiting network service misconfiguration
The Art of Hacking Databases
- MySql, Postgres
- Attack chaining techniques
Metasploit Basics
- Exploitation concepts, Manual Exploitation Methodology
- Metasploit framework
Password Cracking
- Understanding basic concepts of cryptography
- Design offline brute force attack
Hacking Unix
- Linux vulnerabilities, misconfiguration
- Privilege escalation techniques
Hacking Application Servers on Unix
- Web Server misconfiguration
- Multiple exploitation techniques
Hacking Third Party CMS Software
- CMS Software
- Vulnerability scanning and exploitation
Windows Enumeration
- Windows enumeration techniques and configuration issues
- Attack chaining
Client-Side Attacks
- Various Windows client-side attack techniques
Privilege Escalation on Windows
- Post exploitation
- Windows Privilege escalation techniques
Hacking Application Servers on Windows
- Web Server misconfiguration
- Exploiting Application servers
Post Exploitation
- Metasploit Post exploitation techniques
- Windows 10 Security features and different bypass techniques
Hacking Windows Domains
- Understanding Windows Authentication
- Gaining access to Domain Controller
Understanding the HTTP Protocol
- HTTP Protocol Basics
- Introduction to Proxy Tools
Information Gathering
- Enumeration Techniques
- Understanding Web Attack Surface
Username Enumeration and Faulty Password Reset
- Attacking Authentication and Faulty Password Mechanisms
Issues with SSL/TLS
- SSL/TLS misconfiguration
Authorisation Bypass
- Logical Bypass techniques
- Session related issues
Cross Site Scripting (XSS)
- Various types of XSS
- Session hijacking and other attacks
Cross Site Request Forgery (CSRF)
- Understanding CSRF attack
SQL Injection
- SQL Injection types
- Manual Exploitation
XML External Entity (XXE) Attacks
- XXE Basics
- XXE Exploitation
Insecure File Uploads
- Attacking File Upload functionality
Deserialization Vulnerabilities
- Serialization Basics
- PHP Deserialization Attack
Who should attend
System Administrators who are interested in learning how to exploit Windows and Linux systems; Web Developers who want to find and exploit common web application vulnerabilities; Network Engineers who want to secure and defend their network infrastructure from malicious attacks; Security enthusiasts new to the information security field who wants to learn the art of ethical hacking; Security Consultants looking to relearn and refresh their foundational knowledge.
Setup
Basic familiarity with Windows and Linux systems e.g. how to view a system’s IP address, installing software, file management; Basic understanding of Network fundamentals e.g. IP addressing, knowledge of protocols such as ICMP, HTTP and DNS; Basic understanding of HTTP fundamentals e.g. Structure of an HTTP request, HTTP method verbs, HTTP response codes.
The above requirements are not mandatory but are recommended due to the pace of the course. The Hacking 101 course by NotSoSecure can be undertaken as a prerequisite to this course.
Hardware Requirements: Delegates should bring their own laptop, and must have administrative access to perform tasks such as software installations, disable antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported.
Software Requirements: Windows 7 or 10 operating systems are recommended for the course. Delegates will be required to install OpenVPN client, an SSH client such as Putty and Mozilla Firefox. Installation instructions will also be provided on the first day of the course.
Other courses to further your knowledge
Lab-based training - written by Black Hat trainers.
These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.
Enquire about your training
We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.