We can host this training at your preferred location. Contact us!

Securing customer data is often crucial when deploying and managing web applications and network infrastructure. As such, IT administrators and web developers require security knowledge and awareness in order to secure their environment. Due to this requirement, operational staff often require hands-on training and experience to identify, control and prevent organisational threats. This introductory/intermediate technical class brings together Infrastructure Security and Web Application Security into a 5-day “Art of Hacking” class designed to teach the fundamentals of hacking. This hands-on training was written to address the market need around the world for a real hands-on, practical and hacking experience that focuses on what is really needed when conducting a penetration test.

This class teaches attendees a wealth of techniques to compromise the security of various operating systems, networking devices and web application components. The class starts from the very basic and builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also gain solid understanding of the concepts on which these tools are based. This class combines a formal hacking methodology with a variety of tools to teach the core principles of ethical hacking.

Approaches attackers take when targeting organisations
Conducting penetration testing engagements step by step and leveraging open source and publicly available tools to gain access to vulnerable systems
Understanding how to exploit your own network before attackers do

Target Audience

System Administrators who are interested in learning how to exploit Windows and Linux systems
Web Developers who want to find and exploit common web application vulnerabilities
Network Engineers who want to secure and defend their network infrastructure from malicious attacks
Security enthusiasts new to the information security field who wants to learn the art of ethical hacking
Security Consultants looking to relearn and refresh their foundational knowledge

Basic familiarity with Windows and Linux systems e.g. how to view a system’s IP address, installing software, file management
Basic understanding of Network fundamentals e.g. IP addressing, knowledge of protocols such as ICMP, HTTP and DNS
Basic understanding of HTTP fundamentals e.g. Structure of an HTTP request, HTTP method verbs, HTTP response codes

Start to build the skills and confidence within your team to harden your infrastructure and web application perimeter and make your organisation a less attractive target for attackers. Trained delegates can:

Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and bypass authentication, malicious file uploads, and more
Confidently articulate the intricacies of the HTTP protocol and how it can be manipulated to achieve a malicious goal
Understand complications related to cryptography and the effect on web applications
Understand how to use industry-standard tools, such as Burpsuite, to perform manual penetration testing against web applications
Identify the infrastructure and frameworks underlying a web attack surface
Use industry-standard tools, like Nmap, Hydra, and Metasploit, to perform penetration testing against your infrastructure
Find and exploit vulnerabilities in your infrastructure, including those that would lead to initial exploitation, attack chaining, privilege escalation, persistence, and more
Identify and recommend remediations for common misconfigurations
Understand and explain infrastructure-based hacking methodology for both Windows and Linux and tie this to attacks across the kill chain
Adapt their approach for different operating systems
Understand how to tie security testing and other offensive and defensive measures back to authentic attack vectors

Day 1

TCP/IP Basics
The Art of Port Scanning
Target Enumeration
- Exercise - ARP Scan (Enumeration)
- Exercise - Port Scanning (Service Enumeration)
Brute-Forcing
- Exercise - SNMP (Brute Force Attack)
- Exercise - SSH
- Exercise - Postgres
Metasploit Basics
- Exercise - Metasploit Basics

Day 2

Password Cracking
- Exercise - Password Cracking
Hacking Unix systems
- Exercise - Heartbleed
Hacking Application Servers on Unix
- Exercise - Hacking Application Servers (Tomcat)
- Exercise - Hacking Application Servers (Jenkins)
Hacking Third Party CMS Software
- Exercise - PHP Serialization Exploit
- Exercise - Wordpress Exploit

Day 3

Windows Enumeration
- Exercise - Windows Host Enumeration
Client-Side Attacks
- Exercise - Hacking Third Party Software
Hacking Application Servers on Windows
- Exercise - Hacking Application Servers on Windows
Post Exploitation
- Exercise - Windows Hacking - Password Extraction
Hacking Windows Domains
- Exercise - Hacking Windows Domains

Day 4

Understanding the HTTP protocol
- Exercise - Burp Demo
- Exercise - Manipulating Headers
Information gathering
- Exercise - Information Gathering
Username Enumeration & Faulty Password Reset
- Exercise - Username Enumeration
- Exercise - Password Brute-force Attack
- Exercise - Forgotten Password Functionality
SSL/TLS related vulnerabilities
- Exercise - TLS
Authorisation Bypasses
- Exercise - Authorization Bypass via Parameter Manipulation
- Exercise - Authorization Bypass
- Exercise - Arbitrary File Download

Day 5

Cross Site Scripting (XSS)
- Exercise - XSS (reflective)
- Exercise - XSS Session Hijacking
- Exercise - Stored XSS
Cross Site Request Forgery (CSRF)
- Exercise - CSRF (Demo)
SQL Injection
- Exercise - SQLite (Manual and slap based exploitation)
XML External Entity (XXE) Attacks
- Exercise - XXE
Insecure File Uploads
- Exercise - Insecure File Upload

Exam:

Online proctored exam taken in class on the final day of the course
Duration - 70 minutes
Questions 50, multiple choice (4 multiple choice answers only 1 of which is correct)
Pass Mark 50%

Results: Candidates will receive individual emails to access their AMPG candidate portal, typically available two weeks post exam. If you experience any issues, please contact the APMG technical help desk on 01494 4520450

Certified in The Art of Hacking Training Course in Finland

Finland is a country located in northern Europe. Helsinki is the capital and largest city of the country. The majority of the people are Finns but there is also a small Lapp population in Lapland, where the country is famous for the Northern Lights. Finland's national languages are Finnish and Swedish.

Known for its vast forests, lakes, and natural beauty, Finland is one of the world's largest producers of forest products, such as paper, pulp, and lumber. One of the world's largest sea fortresses Suomenlinna, Rovaniemi with the "White Nights", dogsled safaris and of course the Northern Lights are what makes Finland so popular for tourists. Finland is one of the best places in the world to see the Northern Lights and attracts millions of tourists during its seasons.

Finland is home to a thriving technology industry and is widely recognized as one of the world's leading technology hubs. Companies such as Nokia and Rovio (creator of the popular game Angry Birds) are based in Finland. Some of the key factors that have contributed to Finland's success in technology include; strong investment in research and development, a highly educated workforce and fundings.

Finland has a strong educational system, and is widely regarded as one of the world's most literate countries. In fact, Finland's literacy rate is one of the highest in the world, and its students consistently perform well in international tests of math and reading ability.

Also, as a pioneer in environmental sustainability, Finland is known for its efforts to reduce its carbon footprint and promote clean energy. This Nordic country is also famous for its unique and distinctive cultural heritage, including its traditional folk music and its elaborate traditional costumes.

Helsinki, Finland's capital city, is the country's business center. Helsinki is Finland's largest city, and it is home to many of the country's major corporations and organizations, including many of the country's leading technology firms. The city is also a commercial, trade, and financial center, as well as one of the busiest ports in the Nordic region.

Take advantage of our diverse IT course offerings, spanning programming, software development, business skills, data science, cybersecurity, cloud computing and virtualization. Our knowledgeable instructors will provide you with practical training and industry insights, delivered directly to your chosen venue in Finland.

Certified in The Art of Hacking Training in Finland

Target Audience

Upcoming Trainings

Related Trainings

Certified in The Art of Hacking Training in Finland

Target Audience

Prerequisites

What You Will Learn

Outline

Upcoming Trainings

Related Trainings