Advanced Infrastructure Hacking

Virtual Learning: 3,180€ + IVA

REF: NSSAIH Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure), Cybersecurity

Duração icon

Duração:

5 dias

Próxima Data icon

Próxima Data:

Consulte-nos

Local icon

Local:

Online

Descrição

IT infrastructure is more complex and dynamic than it’s ever been demanding comprehensive, up-todate, and well-rehearsed security skills to match. Join this hands-on, 5-day course to push your infrastructure hacking to the next level and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Penetration testers and red teamers
  • Security consultants and architects
  • Network admins with security experience
  • CSIRT/SOC teams/blue teamers
  • Security/IT managers and team leads
  • Área: Cybersecurity

  • Certificação Associada: NSSAIH

Quero inscrever-me.

Programa:

IPV4/IPV6 SCANNING AND OPEN-SOURCE INTELLIGENCE GATHERING (OSINT)

  • IPv6 service discovery and enumeration
  • Exploiting systems/services over IPv6
  • Host discovery and enumeration
  • Advanced OSINT and asset discovery
  • Exploiting DVCS and CI-CD server

HACKING DATABASES

  • PostgreSQL / MySQL
  • Oracle
  • NoSQL

WINDOWS EXPLOITATION

  • Windows enumeration and configuration Issues
  • Windows desktop breakout and AppLocker bypass techniques (Win 10)
  • Local privilege escalation
  • Windows Antivirus
  • Offensive PowerShell /Offsec Development
  • AMSI bypass Techniques
  • AV Evasion Techniques
  • Post-exploitation Tips, Tools, and Methodology

ACTIVE DIRECTORY ATTACKS

  • Active Directory delegation reviews and pwnage (Win 2016 Server)
  • Pass the hash/ticket
  • Cross domain and forest attacks
  • Pivoting, port forwarding, and lateral movement techniques
  • Persistence and backdooring techniques (Golden and Diamond Ticket)
  • Command and Control (C2) frameworks

LINUX

  • Linux vulnerabilities and configuration issues
  • Treasure hunting via enumeration
  • File share/SSH Hacks
  • X11 Vulnerabilities
  • Restricted shells breakouts
  • Breaking hardened web servers
  • Local privilege escalation
  • MongoDB exploitation
  • TTY “Teletype” hacks and pivoting
  • Gaining root access via misconfigurations
  • Kernel exploitation
  • Post exploitation
  • Persistence techniques

CONTAINER BREAKOUT

  • Kerberos authentication
  • Breaking and abusing Docker
  • Exploiting Kubernetes vulnerabilities
  • Breaking out of Kubernetes containers

CLOUD HACKING

  • AWS, MS Azure, and GCP specific attacks
  • Storage misconfigurations
  • Credentials, APIs, and token abuse
  • Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Container as a Service (CaaS), and serverless exploitation
  • Azure AD attacks
  • Exploiting insecure VPN configuration
  • VLAN hopping attacks

Pré-requisitos:

Delegates must have the following to make the most of the course:

  • Intermediate knowledge of infrastructure application security (at least 2 years’ experience)
  • Common command line syntax competency
  • Experience using virtual labs for pentesting and/or offensive research

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

A background of the Ignit sparks