The Art of Hacking (AoH) is essential training for
those entering the world of IT Security and Penetration Testing or for those who wish to consolidate and
formalize their knowledge and wish to demonstrate, through hands-on work
IT administrators and web developers require security knowledge and awareness in order to secure their
environment. We teach attendees a wealth of techniques to compromise the security of various operating
systems, networking devices and web application components. The course starts from the very basic and builds
up to the level where attendees can not only use the tools and techniques to hack various components
involved in infrastructure and web hacking, but also gain solid understanding of the concepts on which these
tools are based. This course combines a formal hacking methodology with a variety of tools to teach the core
principles of ethical hacking.
Complete the course wherever and whenever it suits you and afterwards you can take an optional exam with
Check Point and become a Check Point Certified Pen Testing Associate (CCPA).
5 day Course
Available by Partners
Live, online available
Hack-Lab for 30 days
This introductory/intermediate technical course brings together Infrastructure Security and Web Application
Security into a 5-day “Art of Hacking” course designed to teach the fundamentals of hacking. This hands-on
course was written to address the market need around the world for a real hands-on, practical and hacking
experience that focuses on what is really required when conducting Pen Testing.
See what our training roadmap
1. Our courses are available directly from us; through our training partners or at worldwide technical
2. You can find course dates and prices on the Courses and Webinars page.
3. Take a look below at a few of the upcoming courses for this specific training.
4. For more information including private course requests, complete the short form below.
Enquire about your training
We provide training directly (live, online or in person) and
also work with a range of training partners in different locations around the globe for classroom or live, online
training. Please contact us with details of your requirement and we will recommend the best route to access our
The course can also be booked directly through our accredited training partners.
You will be able to:
- Discover and fingerprint systems and services available within their infrastructure
- Discover and exploit Windows and Linux operating systems through a variety of well-known
- Conduct password brute force attacks to compromise services and gain access to a host
- Hack application servers and Content Management systems to gain access to customer data
- Conduct client-side attacks and execute code on a victim’s machine
- Identify common web application vulnerabilities and introduce security within their software
development life-cycle in a practical manner
You will receive:
- A PDF copy of all course materials used during the course including instructor slide deck, tool cheat
sheets and walkthrough guides.
- Access to NotSoSecure’s Art of Hacking lab for 30 days after course completion.
What you can take away from this course:
You will come away with a wealth of techniques to compromise the security of various operating systems,
networking devices and web application components. As the course starts from the very basic and builds up to the
level where you can not only use the tools and techniques to hack various components involved in infrastructure
and web hacking, you will also gain a solid understanding of the concepts on which these tools are based.
Details of the course content:
THE ART OF PORT SCANNING
- Basic concepts of Hacking Methodology
- Enumeration techniques and Port scanning
THE ART OF ONLINE PASSWORD ATTACKS
- Configure online password attack
- Exploiting network service misconfiguration
THE ART OF HACKING DATABASES
- Mysql, Postgres
- Attack chaining techniques
- Exploitation concepts, Manual exploitation methodology
- Metasploit framework
- Understanding basic concepts of cryptography,
- Design offline brute force attack
- Linux vulnerabilities, misconfiguration
- Privilege escalation techniques
HACKING APPLICATION SERVERS ON UNIX
- Web server misconfiguration
- Multiple exploitation techniques
HACKING THIRD PARTY CMS SOFTWARE
- CMS Software
- Vulnerability scanning & exploitation
- Windows Enumeration techniques & Configuration Issues
- Attack chaining
- Various Windows client-side attack techniques
PRIVILEGE ESCALATION ON WINDOWS
- Post exploitation
- Windows Privilege escalation techniques
HACKING APPLICATION SERVERS ON WINDOWS
- Web server misconfiguration
- Exploiting Application servers
- Metasploit Post exploitation techniques
- Window 10 Security features & different bypass techniques
HACKING WINDOWS DOMAINS
- Understanding Windows Authentication
- Gaining access to Domain Controlle
UNDERSTANDING THE HTTP PROTOCOL
- HTTP Protocol Basics
- Introduction to proxy tools
- Enumeration Techniques
- Understanding Web Attack surface
ISSUES WITH SSL/TLS
- SSL/TLS misconfiguration
USERNAME ENUMERATION & FAULTY PASSWORD RESET
- Attacking Authentication and Faulty Password mechanisms
- Logical Bypass techniques
- Session related issues
CROSS SITE SCRIPTING (XSS)
- Various types of XSS
- Session Hijacking & other attacks
CROSS SITE REQUEST FORGERY (CSRF)
- Understanding CSRF attack
- Various impacts of SSRF attack
- SQL Injection types
- Manual Exploitation
XML EXTERNAL ENTITY (XXE) ATTACKS
- XXE Basics
- XXE exploitation
- Serialization Basics
- PHP Deserialization Attack
INSECURE FILE UPLOADS
- Attacking File upload functionality
COMPONENTS WITH KNOWN VULNERABILITIES
- Understanding risks known vulnerabilities
- Known vulnerabilities leading to critical exploits
INSUFFICIENT LOGGING AND MONITORING
- Understanding importance of logging and monitoring
- Common pitfalls in logging and monitoring
- Understanding formula Injection attack
- Understanding Open Redirection attack
Who should take this class?
- System Administrators who are interested in learning how to exploit Windows and Linux
- Web Developers who want to find and exploit common web application vulnerabilities
- Network Engineers who want to secure and defend their network infrastructure from malicious
- Security enthusiasts new to the information security field who want to learn the art of ethical
- Security Consultants looking to relearn and refresh their foundational knowledge
You will need:
- Basic familiarity with Windows and Linux systems e.g. how to view a system’s IP address,
installing software, file management
- Basic understanding of Network fundamentals e.g. IP addressing, knowledge of protocols such as
ICMP, HTTP and DNS
- Basic understanding of HTTP fundamentals e.g. Structure of an HTTP request, HTTP method verbs,
HTTP response codes
The above requirements are not mandatory but are recommended due to the pace of the course. The Hacking 101
course by NotSoSecure can be undertaken as a prerequisite to this course.
Hardware Requirements: Delegates should bring their own laptop, and must have administrative access to
perform tasks such as software installations, disable antivirus etc. Devices that don’t have an Ethernet
connection (e.g. MacBook Air, tablets etc.) are not supported.
Software Requirements: Windows 7 or 10 operating systems are recommended for the course. Delegates will be
required to install OpenVPN client, an SSH client such as Putty and Mozilla Firefox. Installation instructions
will also be provided on the first day of the course.
You can download a copy of the course information below.
In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.
Your Training Roadmap
Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST
CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration
testers wishing to add to their existing skill set.
Giving you the skills needed to get ahead and secure your business by design. We specialise in application
security (both secure coding and building security testing into your software development lifecycle) and cloud
security. Build security capability into your teams enabling you to move fast and stay secure.
One of the best classes I have taken in a long time. The content was on point and kept me engaged. I am
new to Cyber Security after 25 years in App Development and am very pleased with what I have learned."
Delegate, Black Hat USA
Very organized and clearly presented. Great having hands-on experience with individuals ready to assist
when help is needed."
Delegate, Black Hat USA
Really enjoyed the lab and the walkthroughs, it helped expedite the learning process."
Delegate, Black Hat USA