The Art of Hacking

5 Day Course
Hands On
Official Curriculum
Code QATAOH

Book Now - 3 Delivery Methods Available:

Classroom Virtual Classroom Private Group - Virtual Self-Paced Online

Overview

This course teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course comprises of 3 days of infrastructure hacking and 2 days of web hacking.

This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications and infrastructures. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, and infrastructure platforms, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the virtual labs taught in this course.

During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab.

Objectives

  • The QA Art of Hacking (QATAOH) course is written and released in 2016 and benefits from the latest vulnerabilities in current and future platforms /systems. E.g. we do not talk about hacking windows XP and 2003 servers (unlike CEH) but talk about circumventing controls in Modern OS such as Windows 2012 servers. Any high impact vulnerability such as heart-bleed, shellshock or the recent mass compromise vulnerability of Joomla software is taught in the class.
  • Unlike CEH, where the focus is to run a tool to achieve an objective which helps attendees pass the exam, we focus on the underlying principles on which tools work and provide attendees an understanding on what is the root cause of the vulnerability and how does the tool work to exploit it. We also talk about how the vulnerability should be mitigated.
  • The class benefits from a hands-on lab which is hosted in the NotSoSecure cloud. Every attendee gets their own dedicated Virtual Machines upon which they practice each and every vulnerability in detail.
  • In terms of reputation, this course remains one of the most popular class's at BlackHat and other major events. The course is written and taught by pen testers and the training is based on real-life pen testing experience. The Infrastructure component of the class is featuring this year at BlackHat Las Vegas.

Target Audience

System Administrators, Web Developers, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level.

Training Partners

We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.

Modules

Hide all

Day 1 (6 topics)

  • TCP/IP Basics
  • The Art of Port scanning
  • Target Enumeration
  • Brute-forcing
  • Metasploit Basics
  • Password Cracking

Day 2 (4 topics)

  • Hacking Recent Unix Vulnerabilities
  • Hacking Databases
  • Hacking Application Servers
  • Hacking third party applications (Wordpress, Joomla, Drupal)

Day 3 (5 topics)

  • Windows Enumeration
  • Hacking recent Windows Vulnerabilities.
  • Hacking Third party software (Browser, PDF, Java)
  • Post Exploitation: Dumping Secrets
  • Hacking Windows Domains

Day 4 (7 topics)

  • Understanding HTTP protocol
  • Identifying the attack surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross Site Scripting
  • Cross-Site Request Forgery

Day 5 (7 topics)

  • SQL Injection
  • XXE attacks
  • OS Code Injection
  • Local/Remote File include
  • Cryptographic weakness
  • Business Logic Flaws
  • Insecure File Uploads

Prerequisites

We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. It is essential that delegates have a good practical ‘hands-on’ experience of the Linux command line and Linux utilities.

Additional Learning

The courses below may help you meet the knowledge level required to take this course.

Scheduled Dates

Please select from the dates below to make an enquiry or booking.

Pricing

Different pricing structures are available including special offers. These include early bird, late availability, multi-place, corporate volume and self-funding rates. Please arrange a discussion with a training advisor to discover your most cost effective option.

Code Location Duration Price Mar Apr May Jun Jul Aug
Later scheduled dates may be available for this course.

Course PDF

Print

Share this Course

Share

Recommend this Course

Sections