The Art Of Hacking

This course teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components.

Difficulty
Rating
5days
Duration
3260,00 
+ VAT
Dates:
Location:
Register before
Spoken language: English

We are sorry, but the course is already full, please try with another date or location.

Agenda

Overview

This course teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course comprises of 3 days of infrastructure hacking and 2 days of web hacking.

Intended Audience:

System Administrators, Web Developers, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level.

This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications and infrastructures. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, and infrastructure platforms, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the virtual labs taught in this course.

During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab.

IISP Skills Alignment

This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.

  • D2, E3, C2

Continuous Professional Development (CPD)

CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).

Objectives

  • The QA Art of Hacking (QATAOH) course is written and released in 2016 and benefits from the latest vulnerabilities in current and future platforms /systems. E.g. we do not talk about hacking windows XP and 2003 servers (unlike CEH) but talk about circumventing controls in Modern OS such as Windows 2012 servers. Any high impact vulnerability such as heart-bleed, shellshock or the recent mass compromise vulnerability of Joomla software is taught in the class.
  • Unlike CEH, where the focus is to run a tool to achieve an objective which helps attendees pass the exam, we focus on the underlying principles on which tools work and provide attendees an understanding on what is the root cause of the vulnerability and how does the tool work to exploit it. We also talk about how the vulnerability should be mitigated.
  • The class benefits from a hands-on lab which is hosted in the NotSoSecure cloud. Every attendee gets their own dedicated Virtual Machines upon which they practice each and every vulnerability in detail.
  • In terms of reputation, this course remains one of the most popular class’s at BlackHat and other major events. The course is written and taught by pen testers and the training is based on real-life pen testing experience. The Infrastructure component of the class is featuring this year at BlackHat Las Vegas.

Outline

Day 1:

  • TCP/IP Basics
  • The Art of Port scanning
  • Target Enumeration
  • Brute-forcing
  • Metasploit Basics
  • Password Cracking

Day 2:

  • Hacking Recent Unix Vulnerabilities
  • Hacking Databases
  • Hacking Application Servers
  • Hacking third party applications (WordPress, Joomla, Drupal)

Day 3:

  • Windows Enumeration
  • Hacking recent Windows Vulnerabilities.
  • Hacking Third party software (Browser, PDF, Java)
  • Post Exploitation: Dumping Secrets
  • Hacking Windows Domains

Day 4:

  • Understanding HTTP protocol
  • Identifying the attack surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross Site Scripting
  • Cross-Site Request Forgery

Day 5:

  • SQL Injection
  • XXE attacks
  • OS Code Injection
  • Local/Remote File include
  • Cryptographic weakness
  • Business Logic Flaws
  • Insecure File Uploads

Prerequisites

We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. It is essential that delegates have a good practical ‘hands-on’ experience of the Linux command line and Linux utilities.

Agenda

Places left:
No participant limit
-
3260,00  + VAT