We are happy to advise you!
+43 1 6000 880-0     Contact

Cyber Security & ANTI-HACKING Workshop (HACK)

Detailed Course Outline

Detailed course content
Cybersecurity Basics
  • What is hacking?
  • What is IT security?
  • Attacker types, motivation and tactics
  • General definitions and metrics
  • Mitre Att&ck
Social Engineering
  • Types of social engineering
  • Examples of pentests and current campaigns
  • Detect and prevent phishing
  • Email-based attacks
  • Browser-based attacks
  • Attacks with peripherals
  • Exploit vs. Social Engineering
  • Physical attacks
Infrastructure Security
  • Introduction of the attack chain
  • Footprinting, Discovery
  • Enumeration, Port Scanning
  • Storage of passwords
  • Hashing procedure
  • Online / Offline brute forcing
  • Pros and cons of password policies
  • Shells
  • Classification and assessment of vulnerabilities
  • Command Injections
  • Introduction to Metasploit
Linux Security
  • Linux Basics
  • Linux Exploitation
  • Lateral Movement and Pivoting
  • Privilege Escalation
  • Post Exploitation
  • Case studies
Windows Security
  • Windows Basics
  • Active Directory Basics
  • Windows Credential System
  • IPS Evasion
  • Pivoting
  • Memory Corruptions
  • Exploit Mitigations
  • Meterpreter Advanced
  • Proxy Whitelisting Evasion
  • Keylogging
  • Pass the Hash (PTH)
  • Pass the Ticket (PTT)
  • Kerberoasting
  • Native Malware, Powershell Malware, .NET Malware
  • Empire Post Exploitation
  • A/V Evasion
  • Spoofing attacks
  • Exfiltration and C+C
  • Client Side Exploitation
  • Mimikatz
  • AD Persistenz (Golden Tickets, Silver Tickets)
  • Impersonation
  • Volatility
  • Sysinternals Tools
  • Library Hijacking
Post Exploitation
  • Post Exploitation Overview
  • Advanced Post Exploitation
  • Native and meterpreter commands for post exploitation
  • Living off the Land Attacks
  • Fileless Malware
  • Lateral Movemenent (RDP, WMI, WinRM, DCOM RPC)
  • Windows hardening
Defense in Depth
  • Introduction to concept Defense in Depth
  • The Kill Chain
  • Basic network defense
  • Basics of ISMS
  • Advanced network defense
  • Threat modelling and protection crown jewels
  • Construction and operation of Security Operation Centers
  • Incident Response Guidelines
  • Threat Intelligence
Web Security
  • Introducing web applications, services and http
  • OWASP TOP 10
  • Mapping a website
  • Working with Intercepting Proxies
  • Using Browser Developer Tools
  • Web vulnerabilities server-side (SSRF, Command Injections, Deserialization, SQLi, File Inclusion)
  • Web vulnerabilities browser supported (XSS, XSRF, etc)
  • Vulnerabilities in Web Services
Network Security
  • Introduction Wireshark and Scapy
  • Different types of MiTM attacks
  • Sniffing and injection
  • Switching security
  • Microsegementation
  • Wifi security main threats
  • Attacks on TCP/IP Stack
  • TCP, UDP, IPv4/ IPv6 Threats
  • Network Access Control
Secure communication
  • Encryption basics
  • Various cryptosuites
  • Public Key Infrastructure
  • Krypto Hardening
  • Practical use of cryptography
  • Introduction to TLS/SSL
  • TLS/SSL attacks and defense
  • Disk encryption
Denial of Service
  • Types of Denial of Service
  • Motives of the attackers
  • Memory Corruption DoS
  • Focus on volume-based DDoS
  • Denial of Service defense
  • Incident Response at DoS
Exercises
Basics
  • Setting up a phishing page
  • DNS Reconnaissance
  • Port Scanning
  • IIS Double Decode
Linux
  • Exploitation of a Linux server
  • Post Exploitation of the Linux Server
  • Linux Lateral Movement
  • Heartbleed
  • Dev Ops compromise
Windows
  • Pivot to Windows
  • Lateral Movement in Active Directory
  • Post Exploitation with Empire
  • Kerberoasting
  • Windows Client Side Exploitation
  • Stack Buffer Overflow
  • Windows Post Exploitation
  • Extraction of meterpreter from process memory
Web
  • Web Bruteforcing
  • XSS Vulnerability
  • SQL Injection
  • Exploitation Wordpress RCE
Networking
  • Scapy Basics
  • Analysis of MiTM attacks
  • Wireshark Basics
  • VoIP eavesdropping on WebRTC traffic
  • TLS stripping with HSTS bypass
Demos
  • Attack on Keepass
  • Windows DLL Hijacking
  • Exploitable cronjob
  • Examples of Virustotal and Any.run
  • CSRF Demo
  • Backdoor with MSFvenom
  • Targeted breaking of an A/V signature
Case Studies
  • Debian SSH Vulnerability
  • XSS Evasion
  • Fuzzing of a Memory Corruption DoS
  • Linux Command Injections
  • Linux Exploitation with Metasploit
  • Itch Web App
  • Root on Sisyphus