Advanced Infrastructure Hacking 2019 Edition

Our Advanced Infrastructure Hacking class is designed for those who wish to push their knowledge. Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical.

This class teaches the audience a wealth of advanced penetration testing techniques, from the neat, to the new, to the ridiculous, to compromise modern Operating Systems, networking devices and Cloud environments. From hacking Domain Controllers to local root, to VLAN Hopping, to VoIP Hacking, to compromising Cloud account keys, we have got everything covered.

Class Outline

Module 1:

  • IPv4 / IPv6 Refresher, Host Discovery, OSINT

Module 2:

  • Exploiting DVCS / CI-CD & other web technologies

Module 3:

  • MySQL, Postgres, Oracle & MongoDB

Module 4:

  • Windows enumeration & Exploitation
    • Configuration issues
    • AppLocker bypass techniques
    • AV & AMSI Bypass techniques

Module 5:

  • Hacking AD Environment
    • Active Directory Delegation
    • Persistence and backdooring Techniques
    • Lateral Movement

Module 6:

  • Hacking *nix
    • Unix Exploitation
    • Persistence and backdooring Techniques
    • NFS Attacks
    • Shell Escapes
    • TTY hacks & SSH Tunneling
    • Exploiting *nix misconfigurations
    • Web Server Hacks
    • X11 Hacks
    • Privilege Escalation and credential harvesting

Module 7:

  • Container Technologies (Docker & Kubernetes)

Module 8:

  • VPN Hacking

Module 9:

  • VoIP Hacking

Module 10:

  • VLAN Hacking

Module 11:

  • Cloud Pentesting
Prerequisites

The only requirement for this class is that you must bring your own laptop and have admin/root access on it. During the class, we will give you VPN access to our state-of-art Hacklab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab, accessed using SSH. So, you don’t need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!

Attendees may optionally come prepared with an OpenVPN client (e.g. OpenVPN Client for Windows, we suggest Tunnelblick for Mac, the OpenVPN client is often included natively for Linux but may need installing/updating) and an SSH client (e.g. PuTTY for Windows, generally included natively for Linux/Mac) installed

Who should attend

System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed. Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.

The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set

On Completion of this class Attendees will be able to:

Enumerate, investigate, target and exploit weaknesses in an organisation’s network devices, online presence, and people

Understand complex vulnerabilities and chained exploitation processes in order to gain access and perform restriction bypasses, privilege escalation, data exfiltration and gain long term persistence in: Web facing services, databases, Windows, Active Directory, *nix, container-based, VPN, VLAN, VoIP and Cloud environments.

Use compromised devices to pivot onto other private networks and/or access services protected by whitelisting or only accessible via the loopback interface

What Students Receive

Access to our hacking lab not just during the class but for 30 days after the class too. This gives students plenty of time to practice the concepts taught in the class. The lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the training, along with student handouts

Speaker Profile

Workshop - 1
Anthony Webb

Principal Security Consultant

NotSoSecure


What he does for NotSoSecure

Ant is one of NotSoSecure’s Infrastructure Security Experts working from the UK. He manages a small team performing Penetration Testing for internal, external and cloud network infrastructure and web applications, as well as delivering Cyber Security Training from entry level through to Advanced Hacking courses for audiences from small classroom groups up to large global conferences such as Black Hat. Research projects include areas such as Cloud Infrastructure Security, Windows Domains and Unix networking security, and he Is looking forward to beginning work on a new open-source pen testing toolkit in the near future – watch this space!

Background

Ant first discovered coding on a BBC Micro in the early 90s at around six years old, by 10 he was building custom PCs, and he has remained a dedicated “tech geek” ever since. He has been working specifically in Information Security since 2015 and holds a number of specialist certifications such as OSCP (Offensive Security Certified Professional), CRT (CREST Registered Penetration Tester) and ACSAA / ACDA (Amazon Certified Solutions Architect / Developer Associate), as well as a BSc (Bachelor of Science degree) with First-Class Honours in Mathematics and Computer Science.

What he likes about his work

Having always felt compelled to take everything apart, understand how it operates, and (usually) put it back together so that it works again, Ant loves that Penetration Testing is a world where he gets to indulge this, while the thrill of finding and exploiting a vulnerability is hard to beat. Being extremely passionate about the subject of cyber security, having the opportunity to share that passion and to help others understand technology from that alternative perspective on training courses is fantastic

In his own words

Being a part of such a supportive and collaborative team, sharing information and experiences with each other throughout every day, is truly amazing. There is always something new to learn, a way to better myself and to be challenged. You should never shy away from a challenge

Remember these Dates!

CFP/CFW Opens

October 26th, 2019

CFP Closing Date

December 1st, 2019

Conference Dates

June 17th to 18th, 2020

Workshop Dates

June 15th to 16th, 2020