NotSoSecure Advanced Infrastructure Hacking

On this 5-day accelerated Advanced Infrastructure Hacking course, you'll learn adavnced penetration techniques to exploit common operating systems and networking devices.

You'll build hands-on skills, combining NotSoSecure's sophisticated hack-lab with our unique Lecture | Lab | Review technique, which immerses you in the curriculum and allows you to fully grasp the advanced hacking techniques for infrastructure systems, helping you manage the vulnerabilities of your systems.

Your expert Firebrand instructor will take you through every aspect of network hacking, from hacking domain controllers to local root, VLAN Hopping and VoIP hacking.

You'll explore a range of networking hacking tools and techniques including:

• IPv4 and IPv6 Refresher
• OSINT, DVCS Exploitation
• Database Servers
• Windows, AD and Linux exploitation techniques
• Container breakout
• VPN, VoLP, VLAN exploitation

On this course, you'll get 24/7 lab access and access to NotSoSecure custom built systems with specially designed hacking challenges built to stimulate creative and innovative thinking.

This course is ideal if you're a System Administrator, SOC Analyst, Penetration Tester, Network Engineer, security enthusiast or simply want to advance your knowledge in infrastructure hacking.

• Module 1: IPv4/IPv6 Scanning, OSINT
  • Advanced topics in network scanning
  • Understanding & exploiting IPv6 Targets
  • Advanced OSINT Data gathering
• Module 2: Web Technologies
  • Exploiting DVCS (git)
  • Owning Continuous Integration (CI) servers
  • Deserialization Attacks (Java, Python, Node, PHP)
  • Dishonourable Mentions (SSL/TLS, Shellshock)
• Module 3: Hacking Database Servers
  • Mysql
  • Postgres
  • Oracle
  • MongoDB
• Module 4: Windows Exploitation
  • Windows Enumeration and Configuration Issues
  • Windows Desktop ‘Breakout’ and AppLocker Bypass Techniques (Win 10)
  • Local Privilege Escalation
  • A/V & AMSI Bypass techniques
  • Offensive PowerShell Tools and Techniques
  • GPO based exploit
  • Constrained and Unconstrained delegation attack
  • Post Exploitation Tips, Tools and Methodology
• Module 5: AD Exploitation
  • Active Directory Delegation Reviews and Pwnage (Win 2012 server)
  • Pass the Hash/Ticket Pivoting and WinRM Certificates
  • Pivoting, Port Forwarding and Lateral Movement Techniques
  • Persistence and backdooring techniques (Golden Ticket, DCSync, LOLBAS)
• Module 6: Linux Exploitation
  • Linux Vulnerabilities and Configuration Issues
  • Treasure hunting via enumeration
  • File Share/SSH Hacks
  • X11 Vulnerabilities
  • Restricted Shells Breakouts
  • Breaking Hardened Web Servers
  • Local Privilege Escalation
  • MongoDB exploitation
  • TTY hacks, Pivoting
  • Gaining root via misconfigurations
  • Kernel Exploitation
  • Post Exploitation and credentials harvesting
• Module 7: Container Breakout
  • Breaking and Abusing Docker
  • Kubernetes Vulnerabilities
• Module 8: VPN Exploitation
  • Exploiting Insecure VPN Configuration
• Module 9: VoIP Attack
  • VOIP Enumeration
  • VOIP Exploitation
• Module 10: VLAN Attacks
  • VLAN Concepts
  • VLAN Hopping Attacks
• Module 11: Cloud Hacking
  • AWS/Azure/GCP specific attacks
  • Storage Misconfigurations
  • Credentials, API’s and token Abuse
  • IaaS, PaaS, SaaS, CaaS and Serverless exploitation
  • Azure AD attacks

Although you don't need pen testing experience, some experience in using common hacking tools such as Metasploit is recommended.

Before attending this course, you should complete the Infrastructure Hacking course, as this course builds on the principles introduced in Infrastructure Hacking.