Koulutukset
Lataa pdf-muodossa

Advanced Infrastructure Hacking

For IT security professionals, staying up-to-date with the latest vulnerabilities and exploits is a real challenge. Knowing a vulnerability from a high level perspective is not enough. A good security professional must be able to demonstrate the impact of the vulnerability. To bridge the gap between understanding a vulnerability and to be able to fully exploit it.

During the 5 days event, delegates will be granted access to a state-of-the-art Hacklab and will be asked to enumerate, assess, exploit and then post exploit vulnerabilities to achieve various objectives within the Hacklab.

Prerequisites

Prior hands-on experience of common hacking/enumeration tools such as Nmap, Metasploit etc., is recommended for the class. QA Certified Ethical Hacker (CEH) certification is strongly recommended as a pre-requisite to this advanced hacking course.

Intended audience for this Advanced Infrastructure Hacking course audience includes:

  • Penetration Testers and Security Researchers
  • CSIRT & Red Team professionals
  • Security Operations Centre (SOC) analysts
  • Security/System/Network architects
  • Information Security Professionals

Objectives:

Individuals taking the Advanced Infrastructure Hacking course will experience hands-on practical content that is extremely current and taught at the world's top conference stages. The course was written to address the need in the market for high-end training in the field of Infrastructure; inspired by daily on-site Penetration Testing and training in the community / conferences. The course enable students to practice topics such as exploit chaining, post-exploitation, combining low risk vulnerabilities to obtain high impact outcomes.

Benefits

The course examines and hacks a wealth of modern vulnerabilities aka (MS14-068, MS15-077). All labs are virtualised and there are dedicated VMs for each student.

Advanced Infrastructure Hacking course will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and everything else in between. The course is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications and those who perform Penetration Testing on infrastructure as a day job and want to take their skills to different level. From hacking Domain Controllers with MS14_068 to GHOST local root; VLAN Hopping to VoIP Hacking, a wide variety of approaches to Infrastructure Hacking is covered.

Course Outline:

The course is based on the following modules:

Hacking Networks, Databases

1.1 TCP/IP & Network Enumeration
1.2 Port scanning
1.3 TCP/UDP scanning
1.4 Windows/Linux enumeration
1.5 The Art of brute-forcing
1.6 Insecure SNMP Configuration
1.7 Database Exploitation (Oracle, Postgres, Mysql)
1.8 Hacking Application servers (Websphere)
1.9 Exploiting SSL vulnerabilities such as heartbleed
1.10 Exploiting remote systems via Shellshock
1.11 Exploiting Java and PHP serialization bugs

Advanced Windows Hacking

2.1 Windows Vulnerabilities
2.2 Mastering Metasploit
2.3 Latest remote exploits
2.4 Pivoting within internal network
2.5 Local privilege escalation
2.6 Custom payloads
2.7 Post-exploitation

Hacking Windows Domains

3.1 Compromising Windows Domain
3.2 Pass the hash
3.3 Pass the ticket
3.4 Breaking Kerberos
3.5 Third party exploits (browser, java, pdf)

Advanced Linux Hacking

4.1 Linux Vulnerabilities
4.2 Finger
4.3 Rservices
4.4 NFS Hacks
4.5 SSH hacks
4.6 X11 vulnerabilities
4.7 Local Privilege escalation
4.8 Kernel exploits
4.9 Weak file permissions
4.10 SUID/SGID scripts
4.12 Inetd services

Hacking VLANs, VoIP, Switches & Routers

5.1 VLAN Hopping
5.2 Hacking VoIP
5.3 Exploiting insecure VPN configuration
5.4 Switch/Router vulnerabilities

Yhteistyössä

Ota yhteyttä

Myyntipalvelu

Myynti

010 4321 001 Ota yhteyttä

Kesto: 5 päivää
Veroton hinta (+ alv 24 %): 3 365 €

Tästä asiakaskohtainen toteutus?

Toteutamme koulutuksia myös asiakaskohtaisina. Jätä yhteystietosi, ja tehdään juuri teille sopiva toteutus.

Tästä koulutuksesta ei alennuksia. 

Osallistumista ei voi maksaa koulutuskortilla.


Paikka ja päiväys

Online
17.12 – 21.12
English English
Ilmoittaudu
11.3 – 15.3
English English
Ilmoittaudu

Jaa