Education

Education is the most powerful weapon used to change the world

Having trained thousands of students on the art of network and application exploitation for the past decade, it's safe to say we enjoy teaching others how to own networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.

Extended Introduction to Hacking

Extended Introduction to Hacking

This four day course combines our hands-on hacking fundamentals and enterprise infrastructure hacking course into one extended course intended to take you from a beginner to intermediate penetration tester. The course deep dives into compromising companies through their infrastructure. It follows a narrative that will expose you to the process of organisational compromise. We also analyse the evidence attackers leave when compromising assets.

Course Details

The first two days will give beginners everything they need to get started, from introductory concepts right through to immersive hands-on real exploitation. By the end of the first two days you will have a good grasp of how vulnerabilities and exploits work, how attackers think about networks and systems, and you will have compromised several of them from infrastructure to web applications to WiFi. This will give you a good start to what is to come on the next two days.

The next two days are all about compromising companies through their infrastructure. It will continue the journey from learning about an organisation right through to exploitation of their critical infrastructure to then, analyse the trails that attackers leave when compromising assets. For this, the course introduces key techniques and tools in order to exploit the latest vulnerabilities such as BlueKeep to compromise the systems. The course also shows not to only rely on exploits but to also look at logic flaws on Active Directory itself, as the course presents more complex techniques on attacking misconfigurations on Windows based environments.

In this course we'll cover:

  • The hacking mindset.
  • Setting up your environment.
  • Understanding vulnerabilities and exploits.
  • Hacking Infrastructure over the Internet.
  • Hacking web and other applications.
  • Hacking WiFi.
  • Hacking methodologies.
  • Organisational reconnaissance.
  • Technical reconnaissance.
  • Finding and exploiting more advanced vulnerabilities.
  • Post-Exploitation, Pivoting & Exfiltration.
  • Introduction to Red Teaming.
  • Introduction to Blue Teaming.

Course Content

Introduction to Network and Application Vulnerabilities

Lifestyle today is based around the Internet. From banking, to shopping and leisure, everything has an Internet layer. Numerous media reports have stated the obvious that there is a chronic skills shortage with regards to defensive and offensive security.

This course sets you on course to beginning a career, or understanding more, about information security. We start off explaining why vulnerabilities exist, how one would discover them and also what the next step is. This gets you into the mindset of a hacker and by exploiting real-world vulnerabilities yourselves, you start to see how attackers operate.

Command Line Interfaces

Understanding how to use the Linux command line and indeed Windows is a key skill required when performing vulnerability assessments. This module teaches you how not to be afraid of the terminal window and how you can become a power user in a few hours.

Kali Linux

Kali Linux is the penetration testing distribution available out there. It includes nearly every tool you'd require to discover vulnerabilities, exploit them and gain control of targets. Whilst daunting at first, we show you how to get the best out of this world-class operating system.

Networking and Application Fundamentals

Understanding how the Internet is built from a networking and application perspective is key. This module explains it in an easy to understand language so you can better test for vulnerabilities. It looks at common network architectures and web applications and teaches you how they are deployed and developed and how vulnerabilities are introduced.

Wireless Fundamentals

As bring your own device continues to grow in the workplace, this module looks at common vulnerabilities found within wireless networks. Learn how to start attacking WiFi.

Exploit and control common architecture and network deployments

This hands-on course looks at the methods and approaches attackers take when targeting organisations. Each student will have a fully functional network, simulating an organization, with a target rich environment geared towards hacking with no bounds.

Your aim will be to think like an attacker and map out your target, find weaknesses and fully exploit trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of thinking, strategies and the methodologies you might need for every step along the way. You will leave this course knowing what tools and techniques hackers use in the wild, and with a deep enough understanding to defend your organization against them.

Owning the network

Seeing the wood for the trees is key when targeting networks. Foot printing and fingerprinting your target is often overlooked. This module delves into the most efficient ways to enumerate targets, discover vulnerabilities and succesfully exploit them.

SensePost Training Portal

We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.

Who should take this course?

This course is ideal for those wanting to learn how attackers are gaining access to networks, penetration testers who are new to network penetration testing, and/or those who wish to brush up on effective ways to own companies from the net and internally. This course is also ideal for administrators who want to defend against these attacks.

The hands-on nature of the course ensures that you will be familiar enough with the tools and techniques that you'll be able to verify whether your organization is vulnerable, and how to defend yourself if you are.

Location

If you wish to have training, please get in touch with our sales team to discuss further.