HITB-Invoice-Logo-1.png

3-day hands-on technical Workshop in HITB⁺in{:cyber} Abu Dhabi 2024

Penetration Testing as a Day Job

Attend In-person$3,299.00

If you're serious about becoming a capable and productive penetration tester, then this course will equip you with the skills, techniques and confidence that you will need to make that jump, whilst rarely feeling all that serious at all!

Duration

3-day

Delivery Method

In-Person

Level

beginner / intermediate

Seats Available

20

ATTEND IN-PERSON: Onsite in Phuket

DATE: 21-23 August 2023

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
21 Aug Monday 0900-17:00 ICT/GMT+7 8 Hours
22 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
23 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

Exclusive for HITB, this class will include :-

– Multiple HITB exclusive hands-on labs
– HITB exclusive CTF at the end of the course
– 30 days of on-demand lab access.


Many introductory hacking courses show attendees tools & exploit scenarios, yet don’t prepare attendees to work towards a pentesting career, with a methodical approach to beginning, “middling”, ending, or reporting on an actual real pentest.
We take attendees on a light-hearted and hopefully humorous journey from start to finish through a very real (totally simulated) pen test engagement. Pwning our way through our real (fictional) organisation’s apps and infra, including webapps through internal infra and even some physical device silliness (think lights / sounds / maybe even some foam darts), before telling our “client” our findings in a professional (mostly) pentest report.

Hugely lab driven, with a “narrative over the top” almost continuously hands-on approach.

If you didn’t have fun then honestly we totally screwed this up, yet we will ensure that you come away feeling confident and ready to practise your skills flying solo, with plenty of advice included on next steps.

Key Learning Objectives
  • Learn a huge number of skills, tools, concepts and techniques used by real pentesters on real engagements
  • Learn how to apply those skills in an actual pentest-like scenario
  • Learn to proactively prepare for and produce a meaningful report at the end of the engagement
  • Have fun along the way!

(Course is also fully aligned to the published syllabus to prepare for CREST CPSA and CRT examinations)

Student will be provided with
  • Full slide deck.
  • Handouts with lab walkthroughs
  • 30 days worth of on-demand lab access (HITB exclusive)

 

Topics covered

1. Introduction, Soft Skills & Assessment Management

  • How to approach a pentest
  • Engagement Lifecycle
  • Law & Compliance
  • Methodology
  • Scoping
  • Understanding, Explaining, and Managing Risk
  • Good report writing skills: before, during, and after the assessment

 

2. Background Information Gathering and Open Source (OSINT)

  • Records: Registration / DNS / CT Logs
  • Customer Web Site Analysis
  • Google Hacking and Web Enumeration
  • NNTP Newsgroups and Mailing Lists
  • Information Leakage from Mail & News Headers
  • Social Engineering and Physical Security

 

3. Security Fundamentals

  • Cryptography
  • Applications of Cryptography
  • Encoding / Encryption / Hashing
  • Hash cracking
  • File System Permissions
  • Audit Techniques
  • Source Code Review

4. Web Technologies

  • Web Servers
  • Web Enterprise Architectures
  • Web Protocols
  • Web Mark-up Languages
  • Web Programming Languages
  • Web Application Servers
  • Web APIs
  • Web SubComponents

5. Web Application Security Assessment

  • Web Application Reconnaissance
  • Identifying vulnerabilities
  • Web Site Structure Discovery
  • Information Gathering from Web Mark-up
  • Information Disclosure in Error Messages
  • Enumerating CMSs
  • Threat Modelling and Attack Vectors
  • Authentication Mechanisms
  • Authentication bypasses / flow abuses
  • Authorization Mechanisms
  • Session Handling: Predictability / Termination / Hijacking / Fixation
  • Access control bypasses
  • Object referencing issues
  • Input Validation
  • Cross-Site Scripting Attacks (XSS)
  • SQL Injection
  • Parameter Manipulation
  • Web form input abuse
  • CSRF
  • Open redirects
  • Command injection
  • XXE
  • Feature abuses
  • Generating payloads

6. Databases

  • MySQL
  • PostgreSQL
  • Microsoft SQL Server
  • Oracle RDBMS
  • Web / App / Database Connectivity

7. Networking

  • IP Protocols
  • Network Architectures
  • Networking Protocols
  • Network Mapping & Target Identification
  • Interpreting Tool Output
  • Filtering Avoidance Techniques
  • OS Fingerprinting
  • Windows vs Linux enumeration
  • Application Fingerprinting and Evaluating Unknown Services
  • Network Access Control Analysis
  • Management Protocols
  • Network Traffic Analysis
  • IPSec
  • VoIP
  • Wireless
  • Configuration Analysis

8. Windows Security Assessment

  • Domain Reconnaissance
  • User Enumeration
  • Active Directory
  • Windows Passwords
  • Windows Vulnerabilities
  • Windows Patch Management Strategies
  • Desktop Lockdown
  • Exchange
  • Common Windows Applications

9. Unix/Linux Security Assessment

  • User Enumeration
  • Unix vulnerabilities
  • FTP (Unix)
  • Sendmail / SMTP (Unix)
  • Network File System (NFS) (Unix)
  • R* services (Unix)
  • X11 (Unix)
  • RPC services (Unix)
  • SSH (Unix)

10. Finishing Up

  • Good report writing skills: after the assessment

TRAINER

Why You Should Take This Course

If you’re serious about becoming a capable and productive penetration tester, then this course will equip you with the skills, techniques and confidence that you will need to make that jump, whilst rarely feeling all that serious at all!

Who Should Attend

Pen Testing Noobs (no total tech noobs please!), and those who already took other hacking courses but came away thinking “I really don’t feel like that taught me how to actually conduct a pentest” (or at least words to that effect)

Prerequisite Knowledge

The only requirement is that you are keen and willing to learn, and to step outside of your comfort zone! You may not enjoy this course as a literal tech noob, all other experience levels welcome.

Hardware / Software Requirements

  • A laptop (Chromebook will be sufficient) with a browser (all our labs are hosted in a virtual environment).
  • In case of a virtual delivery, unrestricted Internet access might be necessary (corporate VPNs can cause problems)