Course Summary

The course teaches you a wealth of advanced Pen Testing techniques, from the neat and the new, to the ridiculous. You will learn how to compromise modern Operating Systems, networking devices and Cloud environments. From hacking Domain Controllers to local root, from VLAN Hopping and VoIP Hacking to compromising Cloud account keys, we have got everything covered.

Trained delegates can:

• Perform security testing that uses complex attack chaining across Windows (local), Active Directory, Linux, and common cloud environments.
• Design this testing around real-world attacker behaviour and tooling to ensure its relevance to the threats facing your organisation.
• Identify misconfigurations from network level to system level.
• Understand the business impact of misconfigurations and vulnerabilities and articulate this to key stakeholders.
• Implement logging and monitoring processes to detect live attacks.
• Take on greater responsibility in the team and become an advocate of security in the wider business.

IPV4/IPV6 SCANNING, OSINT
• Advanced topics in network scanning
• Understanding & exploiting IPv6 Targets
• Advanced OSINT Data gathering

WEB TECHNOLOGIES
• Exploiting DVCS (git)
• Owning Continuous Integration (CI) servers
• Deserialization Attacks (Java, Python, Node, PHP)

HACKING DATABASE SERVERS
• Mysql
• Postgres
• Oracle
• MongoDB

WINDOWS EXPLOITATION
• Windows Enumeration and Configuration Issues
• Windows Desktop ‘Breakout’ and AppLocker • Bypass Techniques (Win 10)
• Local Privilege Escalation
• A/V & AMSI Bypass techniques
• Offensive PowerShell Tools and Techniques
• Post Exploitation Tips, Tools and Methodology

AD EXPLOITATION
• Active Directory Delegation Reviews and Pwnage (Win 2016 server)
• Pass the Hash/Ticket Pivoting and WinRM Certificates
• Cross Domain and Forest attacks
• Pivoting, Port Forwarding and Lateral Movement Techniques
• Persistence and backdooring techniques (Golden Ticket, DCSync, LOLBAS)
• Command and Control (C2) Frameworks

LINUX EXPLOITATION
• Linux Vulnerabilities and Configuration Issues
• Treasure hunting via enumeration
• File Share/SSH Hacks
• X11 Vulnerabilities
• Restricted Shells Breakouts
• Breaking Hardened Web Servers
• Local Privilege Escalation
• MongoDB exploitation
• TTY hacks, Pivoting
• Gaining root via misconfigurations
Kernel Exploitation
• Post Exploitation and credentials harvesting

CONTAINER BREAKOUT
• Breaking and Abusing Docker
• Exploiting Kubernetes Vulnerabilities
• Breaking out of kubernetes containers

CLOUD HACKING
• AWS/Azure/GCP specific attacks
• Storage Misconfigurations
• Credentials, API’s and token Abuse
IaaS, PaaS, SaaS, CaaS and Serverless exploitation
• Azure AD attacks

VPN EXPLOITATION
• Exploiting Insecure VPN Configuration

VLAN ATTACKS
• VLAN Concepts
• VLAN Hopping Attacks

There is no prerequisite for taking this course. However, it is strongly recommended that a candidate has more than three years of experience and/or equivalent certifications/courses

Upon successful completion of the course, delegates will receive a certificate of completion, acknowledging their proficiency in the subject matter.

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Questions About This Course?