The Art of Hacking (AoH) is essential training for those entering the world of IT Security and Penetration Testing or for those who wish to consolidate and formalize their knowledge and wish to demonstrate, through hands-on work
- Pre-requisites & Audience
- Brochure Download
Outline of the course:
This 5-day course is the ideal introductory / intermediate training that brings together both Infrastructure Hacking and Web Hacking into a 5-day “Art of Hacking” class designed to teach the fundamentals of what Pen Testing is all about. This hands-on training was written to address the market need around the world for a real hands-on, practical and hack-lab experience that focusses on what is really needed when conducting a Penetration Test. Whilst a variety of tools are used, they are the key tools that should be in any Penetration Tester’s kit bag. This, when combined with a sharp focus on methodology will give you what is necessary to start or formalise your testing career.
This class teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components. The class starts from the very basic, and builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class comprises of 3 days of infrastructure hacking and 2 days of web hacking.
Length of course and location:
A 5 day course that can be delivered in a classroom style.
Check Point Certified Penetration Testing Associate (CCPA).
Day 1. Infrastructure basics
- TCP/IP Basics
- The Art of Port Scanning
- Target Enumeratio
- Metasploit Basics
- Password Cracking
Day 2. Hacking Unix, Databases and Applications
- Hacking Recent Unix Vulnerabilities
- Hacking Databases
- Hacking Application Servers
- Hacking Third Party Applications (WordPress, Joomla, Drupal)
Day 3. Hacking Windows
- Windows Enumeration
- Hacking Recent Windows Vulnerabilities
- Hacking Third party Software (Browser, PDF, Java)
- Post Exploitation: Dumping Secrets
- Hacking Windows Domains
Day 4. Information Gathering, Profiling and Cross-Site Scripting
- Understanding HTTP protocol
- Identifying the Attack Surface
- Username Enumeration
- Information Disclosure
- Issues with SSL/TLS
- Cross Site Scripting
- Cross-Site Request Forgery
Day 5. Injection, Flaws, Files and Hacks
- SQL Injection
- XXE Attacks
- OS Code Injection
- Local/Remote File include
- Cryptographic weakness
- Business Logic Flaws
- Insecure File Uploads
System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.
Students should bring their own laptop, and must have administrative access to perform tasks like install software, disable antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported.
Other courses to further your knowledge
Lab-based training - written by Black Hat trainers.
These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.
Book your training