Advanced Infrastructure Hacking Course - Onsite Training and Public Scheduled Courses

Advanced Infrastructure Hacking

5 Day Course

Hands On

Code QAAIHACK

Book Now - 2 Delivery Methods Available:

Classroom Virtual Classroom Private Group - Virtual Self-Paced Online

IT infrastructure is more complex and dynamic than it’s ever been demanding comprehensive, up-to-date, and well-rehearsed security skills to match. Join this, fresh for 2023, hands-on 5-day course to push your infrastructure hacking to the next level and widen your career prospects.

Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.

Who’s it for?

Penetration testers and red teamers
Security consultants and architects
Network admins with security experience
CSIRT/SOC teams/blue teamers
Security/IT managers and team leads

Top 3 takeaways

Many of the latest and most complex infrastructure testing techniques
Hacks to use against your organisation’s own products
Knowledge of how to remediate as well as attack weaknesses in infrastructure

This course uses a Defence by Offence methodology based on real world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you’ll know:

How to think and behave like an advanced, real world threat actor
How to identify commonly used vulnerabilities known to have recently caused damage and disruption
How to deploy the latest and most common network infrastructure and cloud hacks, (including many novel techniques that can’t be detected by scanners)
How to analyse vulnerabilities within your own organisation and customise your hacking techniques in response
A huge menu of hacks for Windows, Linux, Microsoft Azure, AWS, Google Cloud Platform (GCP), software development systems, and more...

What you’ll be doing

You’ll be learning hands on:

Spending most of the session (~80%) on lab-based exercises
Using lab-based flows to explore and hack lifelike web application environments
Discussing the impact of the hacks covered with your course trainer

View detailed Course Modules

This course is suitable for in-house security teams from intermediate to advanced. It’s also relevant to other security and IT practitioners and managers who want to understand the current threat landscape and defend their organization.

Course highlights
What delegates love:

Our labs: probably the biggest selling point for our courses. Not only will you spend most of the course hacking hands-on in a lifelike web environment.
Individual access: you’ll have your own infrastructure to play with, enabling you to hack at your own speed.
Real-world learning: where many of the leading cybersecurity training courses are based on theory, our scenario-led, research-based approach ensures you learn how real threat actors think and behave.
Specialist-led training: you’ll learn from highly skilled and experienced practicing penetration testers and red teamers.
Up-to-date content: our syllabus remains so relevant and current, delegates come back year on year for more.
Remediations included: you’ll learn how to fix as well as find vulnerabilities.
Course topics: our cloud and AD modules are a favourite.

Training Partners

We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.

Collapse all

IPV4/IPV6 SCANNING AND OPEN-SOURCE INTELLIGENCE GATHERING (OSINT) (5 topics)

IPv6 service discovery and enumeration
Exploiting systems/services over IPv6
Host discovery and enumeration
Advanced OSINT and asset discovery
Exploiting DVCS and CI-CD server

HACKING DATABASES (3 topics)

PostgreSQL / MySQL
Oracle
NoSQL

WINDOWS EXPLOITATION (8 topics)

Windows enumeration and configuration Issues
Windows desktop breakout and AppLocker bypass techniques (Win 10)
Local privilege escalation
Windows Antivirus
Offensive PowerShell /Offsec Development
AMSI bypass Techniques
AV Evasion Techniques
Post-exploitation Tips, Tools, and Methodology

ACTIVE DIRECTORY ATTACKS (6 topics)

Active Directory delegation reviews and pwnage (Win 2016 Server)
Pass the hash/ticket
Cross domain and forest attacks
Pivoting, port forwarding, and lateral movement techniques
Persistence and backdooring techniques (Golden and Diamond Ticket)
Command and Control (C2) frameworks

LINUX (13 topics)

Linux vulnerabilities and configuration issues
Treasure hunting via enumeration
File share/SSH Hacks
X11 Vulnerabilities
Restricted shells breakouts
Breaking hardened web servers
Local privilege escalation
MongoDB exploitation
TTY "Teletype" hacks and pivoting
Gaining root access via misconfigurations
Kernel exploitation
Post exploitation
Persistence techniques

CONTAINER BREAKOUT (4 topics)

Kerberos authentication
Breaking and abusing Docker
Exploiting Kubernetes vulnerabilities
Breaking out of Kubernetes containers

CLOUD HACKING (7 topics)

AWS, MS Azure, and GCP specific attacks
Storage misconfigurations
Credentials, APIs, and token abuse
Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Container as a Service (CaaS), and serverless exploitation
Azure AD attacks
Exploiting insecure VPN configuration
VLAN hopping attacks

Delegates must have the following to make the most of the course:

Intermediate knowledge of infrastructure application security (at least 2 years’ experience)
Common command line syntax competency
Experience using virtual labs for pentesting and/or offensive research

Scheduled Dates

Please select from the dates below to make an enquiry or booking.

Pricing

Different pricing structures are available including special offers. These include early bird, late availability, multi-place, corporate volume and self-funding rates. Please arrange a discussion with a training advisor to discover your most cost effective option.

Currency

Code	Location	Duration	Price	Sep	Oct	Nov	Dec	Jan	Feb
QAAIHACK	Virtual Classroom (Virtual On-Line)	5 Days	$4,975		16-20		11-15

Next 6 Months

Broadcast Training

Certifications

Advanced Infrastructure Hacking

Overview

Objectives

Target Audience

Additional Information

Training Partners

Modules

IPV4/IPV6 SCANNING AND OPEN-SOURCE INTELLIGENCE GATHERING (OSINT) (5 topics)

HACKING DATABASES (3 topics)

WINDOWS EXPLOITATION (8 topics)

ACTIVE DIRECTORY ATTACKS (6 topics)

LINUX (13 topics)

CONTAINER BREAKOUT (4 topics)

CLOUD HACKING (7 topics)

Prerequisites

Scheduled Dates

Pricing

Course PDF

Print

Related Courses

Share this Course

Recommend this Course

Sections

Training

Telecoms Training

IP & Convergence

Wireless

Core Network

Access

Data Networking

Broadcast Training

Post-Production

Transmission

Video Networks

IT Vendor Training

Microsoft Training

VMware Training

CompTIA Training

ITIL Training

Check Point Training

Linux Training

Unix Training

Oracle Training

Amazon Web Services

Cisco Training

IT Security Training

McAfee Training

DevOps and Automation

Google Training

Veeam Training

Citrix Training

Crystal Reports Training

Juniper Training

Blue Coat Training

IBM Training

NetApp Training

HP Training

Development Training

Machine Learning and AI

Object Oriented Development Training

Business Analysis and Testing Training

Microsoft Software Development Training

Web Development Training

Mobile Application and Platform Development

Agile Training

Adobe Training

Embedded and Realtime Development

Professional Development

Personal Development

Project Management

Certifications