For IT security professionals, staying up-to-date with the latest vulnerabilities and exploits is a real challenge. Knowing a vulnerability from a high level perspective is not enough. A good security professional must be able to demonstrate the impact of the vulnerability. To bridge the gap between understanding a vulnerability and to be able to fully exploit it.
During the 5 days event, delegates will be granted access to a state-of-the-art Hacklab and will be asked to enumerate, assess, exploit and then post exploit vulnerabilities to achieve various objectives within the Hacklab.
Individuals taking the Advanced Infrastructure Hacking course will experience hands-on practical content that is extremely current and taught at the world's top conference stages. The course was written to address the need in the market for high-end training in the field of Infrastructure; inspired by daily on-site Penetration Testing and training in the community / conferences. The course enable students to practice topics such as exploit chaining, post-exploitation, combining low risk vulnerabilities to obtain high impact outcomes.
The course examines and hacks a wealth of modern vulnerabilities aka (MS14-068, MS15-077). All labs are virtualised and there are dedicated VMs for each student.
Advanced Infrastructure Hacking course will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and everything else in between. The course is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications and those who perform Penetration Testing on infrastructure as a day job and want to take their skills to different level. From hacking Domain Controllers with MS14_068 to GHOST local root; VLAN Hopping to VoIP Hacking, a wide variety of approaches to Infrastructure Hacking is covered.
Prior hands-on experience of common hacking/enumeration tools such as Nmap, Metasploit etc., is recommended for the class. QA Certified Ethical Hacker (CEH) certification is strongly recommended as a pre-requisite to this advanced hacking course.
The course is based on the following modules:
1.1 TCP/IP & Network Enumeration
1.2 Port scanning
1.3 TCP/UDP scanning
1.4 Windows/Linux enumeration
1.5 The Art of brute-forcing
1.6 Insecure SNMP Configuration
1.7 Database Exploitation (Oracle, Postgres, Mysql)
1.8 Hacking Application servers (Websphere)
1.9 Exploiting SSL vulnerabilities such as heartbleed
1.10 Exploiting remote systems via Shellshock
1.11 Exploiting Java and PHP serialization bugs
2.1 Windows Vulnerabilities
2.2 Mastering Metasploit
2.3 Latest remote exploits
2.4 Pivoting within internal network
2.5 Local privilege escalation
2.6 Custom payloads
3.1 Compromising Windows Domain
3.2 Pass the hash
3.3 Pass the ticket
3.4 Breaking Kerberos
3.5 Third party exploits (browser, java, pdf)
4.1 Linux Vulnerabilities
4.4 NFS Hacks
4.5 SSH hacks
4.6 X11 vulnerabilities
4.7 Local Privilege escalation
4.8 Kernel exploits
4.9 Weak file permissions
4.10 SUID/SGID scripts
4.12 Inetd services
5.1 VLAN Hopping
5.2 Hacking VoIP
5.3 Exploiting insecure VPN configuration
5.4 Switch/Router vulnerabilities
|Teaching mode:||Classroom - Instructor Led|
We do not display pricing as Gooroo members qualify for special discounts not available elsewhere. You must enquire through Gooroo to get this benefit.
Our partner's expert training consultant will provide you with the times and all the details you need. Enquire today.