Hacking Classes - QA · PDF file2 DAY CLASS FOUNDATION TRACK Web ... • XXE Attacks • OS Code Injection ... OSINT, DVCS Exploitation Advanced OSINT Data gathering

Hacking Classes

75%

75% Hands-on Learning in

Our Modern Hack Lab

Updated Regularly to Include

Trending Techniques

Written by BlackHat

Trainers: Available Globally

transforming performancethrough learning

THE ART OF HACKING

THE ART OF HACKING .........................................................................................................................PAGE 2

INFRASTRUCTURE HACKING ..............................................................................................................PAGE 4

WEB HACKING ......................................................................................................................................PAGE 6

OTHER SPECIALIST CLASSES

ADVANCED INFRASTRUCTURE HACKING .........................................................................................PAGE 8

APPSEC FOR DEVELOPERS .............................................................................................................. PAGE 10

PRACTICAL INTERNET OF THINGS (IOT) HACKING ....................................................................... PAGE 12

= +

Hacking Classes

INFRASTRUCTURE HACKING3 DAYS

WEB HACKING2 DAYS ADVANCED


INTERMEDIATEBEGINNER EXPERT

5 DAYSTHE ART OF HACKING

ADVANCED WEB HACKINGBLACK BELT EDITION

5 DAYS

Becoming an information security expert

qa.com/notsosecure@NotSoSecure Global Services Limited, 2017 All Rights Reserved

NotSoSecure Global Services Limited (Company Registration 09600047, VAT Registration 215919989) | Trading As NotSoSecure

Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK

[email protected] Tel: +44 1223 653193

2 3

qa.co

m/n

otso

secu

re

Master the Art of Hacking by building your hands-on skills in a sophisticated hack-lab with material that is delivered on the world conference stage; certified, accredited, continually updated and available globally.

The ideal introductory / intermediate training that brings together both Infrastructure Hacking and Web

Hacking into a 5-day “Art of Hacking” class designed to teach the fundamentals of what Pen Testing

is all about. This hands-on training was written to address the market need around the world for a real

hands-on, practical and hack-lab experience that focuses on what is really needed when conducting

a Penetration Test. Whilst a variety of tools are used, they are the key tools that should be in any

Penetration Tester’s kit bag. This, when combined with a sharp focus on methodology will give you

what is necessary to start or formalise your testing career.

5 DAY CLASS FOUNDATION TRACK

The Art of Hacking

One of the best classes I have taken in a long time. The content was on

point and kept me engaged. I am new to Cyber Security after 25 years in

App Development and am very pleased with what I have learned

Delegate, Black Hat USA

Written & Continually Developed By Leading

Black Hat Trainers

Key Tools That Build A Must Have Pen Tester Kit

Updated Regularly To Include Trending Techniques

This class teaches the attendees a wealth of hacking techniques to compromise the security

of various operating systems, networking devices and web application components. The class

starts from the very basic, and builds up to the level where attendees can not only use the tools

and techniques to hack various components involved in infrastructure and web hacking, but

also walk away with a solid understanding of the concepts on which these tools are based. The

class comprises of 3 days of infrastructure hacking and 2 days of web hacking.

THE ART OF HACKING CLASS CONTENT

DAY 1Infrastructure Basics• TCP/IP Basics• The Art of Port Scanning• Target Enumeration• Brute-Forcing• Metasploit Basics• Password Cracking

DAY 2Hacking Unix, Databases and Applications• Hacking Recent Unix

Vulnerabilities• Hacking Databases• Hacking Application Servers• Hacking third party

applications (WordPress, Joomla, Drupal)

DAY 3Hacking Windows• Windows Enumeration• Hacking recent Windows

Vulnerabilities.• Hacking Third party software

(Browser, PDF, Java)• Post Exploitation: Dumping

Secrets• Hacking Windows Domains

DAY 4Information Gathering, Profiling and Cross-Site Scripting• Understanding HTTP protocol• Identifying the Attack Surface• Username Enumeration• Information Disclosure• Issues with SSL/TLS• Cross Site Scripting• Cross-Site Request Forgery

DAY 5Injection, Flaws, Files and Hacks• SQL Injection• XXE Attacks• OS Code Injection• Local/Remote File include• Cryptographic weakness• Business Logic Flaws• Insecure File Uploads

WHO SHOULD TAKE THIS CLASS?System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

INFRASTRUCTURE HACKING

WEB HACKING

4 5

qa.co

m/n

otso

secu

re

Introduction into Infrastructure Testing

Gain practical experience with tools that will last you well into the future

Learn core Infrastructure techniques

Leave with the basis to take your testing knowledge forward into more Advanced Infrastructure topics

This is an entry-level Infrastructure Security and testing class and is a recommended pre-requisite for

our Advanced Infrastructure Hacking class. This class familiarises the attendees with the basics of

network hacking. A number of tools and techniques will be taught during this 3-day class, If you would

like to step into the world of Ethical Hacking / Pen Testing this is the right class for you.


InfrastructureHacking

This class familiarises the attendees with a wealth of hacking tools and techniques. The class

starts from the very basic and gradually builds up to the level where attendees not only use the

tools and techniques to hack various components involved in infrastructure hacking, but also

walk away with a solid understanding of the concepts on which these tools work.

INFRASTRUCTURE HACKING CLASS CONTENT

DAY 1Infrastructure Basics• TCP/IP Basics• The Art of Port Scanning• Target Enumeration• Brute-Forcing• Metasploit Basics• Password Cracking

DAY 2Hacking Unix, Databases and Applications• Hacking Recent Unix

Vulnerabilities• Hacking Databases• Hacking Application Servers• Hacking third party

applications (WordPress, Joomla, Drupal)

DAY 3Hacking Windows• Windows Enumeration• Hacking recent Windows

Vulnerabilities.• Hacking Third party software

(Browser, PDF, Java)• Post Exploitation: Dumping

Secrets• Hacking Windows Domains


Very organized and clearly presented. Great having hands-on experience

with individuals ready to assist when help is needed


Infrastructure Hacking is the first part of the Art of Hacking Class.

6 7

qa.co

m/n

otso

secu

re

Introduction into Web Application hacking

Practical in focus, teaching how web application security flaws are discovered

Covers leading industry standards and approaches

Builds the foundation to progress your knowledge and move into more advanced Web Application topics

This is an entry-level web Application Security-testing class and is a recommended pre-requisite for

our Advanced Web Hacking class. This class familiarises the attendees with the basics of Web and

Application hacking. A number of tools and techniques will be taught during the 2 day class. If you

would like to step into the world of ethical hacking / pen testing with a focus on web applications, then

this is the right class for you.


WebHacking

This class familiarises the attendees with a wealth of tools and techniques needed to breach

the security of web applications. The class starts from the very basic, and gradually builds up to

a level where attendees can not only use the tools and techniques to hack various components

involved in Web Application hacking, but also walk away with a solid understanding of the

concepts on which these tools are based. The class also covers the industry standards such

as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees

understand the true impact of these vulnerabilities.


DAY 1Information Gathering, Profiling and Cross-Site Scripting• Understanding HTTP protocol• Identifying the Attack Surface• Username Enumeration• Information Disclosure• Issues with SSL/TLS• Cross Site Scripting• Cross-Site Request Forgery

DAY 2Injection, Flaws, Files and Hacks• SQL Injection• XXE Attacks• OS Code Injection• Local/Remote File include• Cryptographic weakness• Business Logic Flaws• Insecure File Uploads

WEB HACKING CLASS CONTENT

THE ART OF HACKING JOURNEY

Infrastructure Hacking is the second part of the Art of Hacking Class.

EXAM (CAPTURE THE FLAG)

1 DAY

CREST REGISTERED TESTER EXAM

Ninja

MASTER80-100%

60-80%

EXAM PREPERATION

OPTIONAL : PURCHASE EXTRA LAB TIME


WEB HACKING2 DAYS

CERTIFICATION

CREST REGISTERED TESTER

5 DAYSTHE ART OF HACKING

8 9

qa.co

m/n

otso

secu

re

5 DAY CLASS ADVANCED TRACK

Advanced Infrastructure Hacking

Latest exploits, highly relevant.

Teaching a wide variety of offensive hacking techniques.

Written by real Pen Testers with a world conference reputation (BlackHat, AppSec, OWASP, Defcon etc).

An Advanced Infrastructure Hacking class designed for those who wish to push their knowledge. The

fast-paced class teaches the audience a wealth of hacking techniques to compromise various operating

systems and networking devices. The class will cover advanced penetration techniques to achieve

exploitation and will familiarise you with hacking of common operating systems, networking devices

and much more. From hacking Domain Controllers to local root, VLAN Hopping to VoIP Hacking, we

have got everything covered.

Whether you are Penetration Testing, Red Teaming, or hoping to gain a better understanding of

managing vulnerabilities in your environment, understanding advanced hacking techniques for

infrastructure devices and systems is critical.

The Advanced Infrastructure class will get the attendees familiarised with a wealth of hacking

techniques for common Operating Systems and networking devices. While prior Pen Testing

experience is not a strict requirement, a prior use of common hacking tools such as Metasploit

is recommended for this class.

This course was exactly as described. It delivered good, solid information on the current state of infrastructure hacking at the rapid pace promised. This was a great way to get back into this area after years away from it.


CREST CCT EXAM

EXAM PREPERATION

OPTIONAL : PURCHASE EXTRA LAB TIME

ADVANCED INFRASTRUCTURE HACKING

5 DAYS

CCT INF CREST CERTIFIED

INFRASTRUCTURE TESTER

WHO SHOULD TAKE THIS CLASS?The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skillset.

DAY 1IPv4 and IPv6 RefresherAdvanced topics in network ScanningUnderstanding and exploiting IPv6 TargetsOSINT, DVCS ExploitationAdvanced OSINT Data gatheringExploiting git and Continuous Integration (CI) servers.Database ServersMysqlPostgresOracleRecent VulnerabilitiesHeart-Bleed and Shell-ShockPHP Serialization ExploitWeb-sphere Java Exploits

DAY 2Windows ExploitationDomain and User EnumerationAppLocker / GPO Restriction BypassLocal Privilege EscalationPost Exploitation #1 (AMSI Bypass & Mimikatz)Post Exploitation #2 (LSASecrets)

DAY 3AD ExploitationActive Directory Delegation issuesWOW64Pivoting and WinRMPersistence (Golden Ticket and DCSync)Lateral Movement Using WMIC

DAY 4Linux ExploitationPort scanning and EnumerationFS + SSHPrivilege EscalationrservicesApacheX11 Services

DAY 5Container BreakoutDocker breakoutVPN ExploitationVPNVoIP ExploitationVoIP enumerationVoIP exploitationVLAN ExploitationVLAN conceptsVLAN hopping attacks.

10 11

qa.co

m/n

otso

secu

re

2 DAY CLASS SPECIALIST TRACK

AppSec for Developers

Covers latest industry standards such as OWASP Top 10

Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)

Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc.)

References to real world analogy for each vulnerability

Hands-on labs

Internet distribution of all course materials

Pen Testing as an activity tends to capture security vulnerabilities at the end of the SDLC and is often

too late to be able to influence fundamental changes in the way code is written.

We wrote this class because of the need for developers to develop code and applications in a secure

manner. It does not need to be more time consuming, but it is critical to introduce security as a quality

component into the development cycle. The class does not target any particular web development

platform, but does target the general insecure coding flaws developers make while developing

applications. The examples used in the class include web development technologies such as ASP, .NET,

JAVA and PHP.

WHO SHOULD TAKE THIS CLASS?This class is Ideal for: Software/Web developers, PL/SQL developers, Penetration Testers, Security Auditors, Administrators and DBAs and Security Managers.

A highly-practical class that targets web developers, pen testers, and anyone else who would

like to learn about writing secure code, or to audit code against security flaws. The class covers

a variety of best security practices and defense in-depth approaches, which developers should

be aware of while developing applications.

Students will be provided access to infrastructure on which they will identify vulnerable code

and associated remediation. While the class covers industry standards such as OWASP Top

10 and SANS top 25 security issues, it also talks about real world issues that don’t find a

mention in these lists. The class does not focus on any particular web development language

/ technology but instead on the core principles. Examples include PHP, .NET, classic ASP and

Java.10 and SANS top 25 security issues.

DAY 1Module 1. Application Security Basics

Module 2. Understanding the HTTP protocol

Module 3. Issues with SSL/TLS

Module 4. Information Disclosure

Module 5. Authentication Flaws

Module 6. Authorization Bypass

DAY 2Module 7. Cross Site Scripting (XSS)

Module 8. Cross Site Request Forgery (CSRF)

Module 9. SQL Injection

Module 10. XML External Entity (XXE) Attacks

Module 11. Insecure File Uploads

Module 12. Client Side Security

Module 13. Source Code Review

12 13

qa.co

m/n

otso

secu

re

5 DAY BOOTCAMP SPECIALIST TRACK

Practical IoT Hacking Training

“The great power of Internet Of Things comes with the great responsibility of security”. Being the

hottest technology, the developments and innovations are happening at a stellar speed, but the

security of IoT is yet to catch up. Since the safety and security repercussions are serious and at

times life threatening, there is no way you can afford to neglect the security of IoT products.

“Practical Internet of Things (IoT) Hacking” is a research backed and unique course which offers

security professionals, a comprehensive understanding of the complete IoT Technology suite

including, IoT protocols, sensors, client side, mobile, cloud and their underlying weaknesses. The

extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit

or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.

The course focuses on the entire attack surface on current and evolving IoT technologies in

various domains such as home, enterprise and Industrial Automation. It covers grounds-up on

various IoT protocols including internals, specific attack scenarios for individual protocols and

open source software/hardware tools one needs to have in their IoT penetration testing arsenal.

We also discuss in detail how to attack the underlying hardware of the sensors using various

practical techniques. In addition to the protocols and hardware we will extensively focus on

reverse engineering mobile apps and native ARM/MIPS code to find weaknesses.

Throughout the course, we will use DRONA, a VM created by us specifically for IoT penetration

testing. DRONA is the result of our R&D and has most of the required tools for IoT security

analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on

exercises.

The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who

want to enhance their skills and move to/specialise in IoT security. The course is structured for

beginner to intermediate level attendees who do not have any experience in IoT, reversing or

hardware.

What to expect• Hands-on Labs

• Reversing fun

• Getting familiar with the IoT security

• This course will give you a direction to start performing pentests on IoT products

What not to expect• Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start

pentesting IoT devices and sharpen your skills.

WHO SHOULD TAKE THIS CLASS?• Penetration testers tasked with auditing IoT• Bug hunters who want to find new bugs in IoT products• Government officials from defensive or offensive units• Red team members tasked with compromising the IoT infrastructure• Security professionals who want to build IoT security skills• Embedded security enthusiasts• IoT Developers and testers• Anyone interested in IoT security

PRE-REQUISITES• Basic knowledge of web and mobile security• Basic knowledge of Linux OS• Basic knowledge of programming (C, python) would be a plus

WHAT WILL BE PROVIDED• Commercial IoT Devices for hands-on during the class• DIVA - IoT: custom vulnerable IoT sensor Testbed• Hardware tools for sensor analysis• Drona VM - Platform for IoT Penetration testing• DIVA - ICS: Custom Vulnerable ICS Testbed VM• Training material/slides (500+ pages) PDFs

14 15

qa.co

m/n

otso

secu

re

• Introduction to IOT• IOT Architecture• Identify attack surfaces

• IoT Protocols Overview

• MQTT – Introduction – Protocol Internals – Reconnaisance – Information leakage – Hands-on with open source tools

• CoAP – Introduction – Protocol Internals – Reconnaissance – Cross-protocol attacks – Hands-on with open source tools

• M2MXML – Introduction – m2mxml format – Security issues

• Industrial IoT Protocols Overview

• Modbus – Introduction and protocol

Overview – Reconnaissance (Active and

Passive) – Sniffing and Eavesdropping – Baseline Response Replay – Modbus Flooding – Modifying Coil and register

values of PLC – Rogue Interloper (PLC) – Hands-on with open source tools

• CanBus – Introduction and protocol


Passive) – Sniffing and Eavesdropping – Replay Attack – Hands-on with open source tools

• Understanding Radio – Signal Processing – Software Defined Radio – Gnuradio – Introduction to gnuradio

concepts – Creating a flow graph – Analysing radio signals – Recording specific radio signal – Replay Attacks – Reverse engineering OOK radio

signals to extract communication data

– Generating a signal – Hands-on with a wireless key fob

and door bell

• Radio IoT Protocols Overview

• Zigbee – Introduction and protocol


Passive) – Sniffing and Eavesdropping – Replay attacks – Encryption Attacks – Packet Forging attack – Zigbee hardware analysis – Hands-on with RZUSBstick and

open source tools

• Bluetooth Classic and BLE – Introduction and protocol


Passive) with HCI tools – GATT service Enumeration – Sniffing GATT protocol

communication – Reversing GATT protocol

communication – Read and writing on GATT protocol – L2cap smashing – Cracking encryption – MITM attacks – Hands-on with open source tools

• IoT hardware Overview• Device Reconnaissance• Conventional Attacks

• Firmware – Types – Firmware sources – Firmware analysis and reversing – Firmware modification – Firmware encryption – Simulating device environments

• External Storage Attacks – Symlink files – Compressed files

• Introduction to hardware – Components – PCB – Resistors, Capacitors,

Inductors, crystal etc – Micro-Controllers – Memory chips – SoC – Vcc & Gnd – DC/AC Voltage – Memory – CMOS – EEPROM – FLASH – Packages – Through hole – Surface mount – Ball Grid Array

• Hardware Tools – Bus Pirate – Jtagulator

– Logic Analyzer• Attacking Hardware Interfaces – Hardware Reconnaissance – Analyzing the board – Datasheets – UART – What is UART – Identifying UART interface – Method 1 – Method 2 – Accessing sensor via UART – I2C – Introduction – I2C Protocol – Interfacing with I2C – Manipulating Data via I2C – Sniffing run-time I2C

communication – SPI – Introduction – SPI Protocol – Interfacing with SPI – Manipulating data via SPI – Sniffing run-time SPI

communication – JTAG – Introduction – Identifying JTAG interface – Method 1 – Method 2 – Run-time analysis and data

extraction with openocd

• Side channel attacks – Clock Glitch Attack – VCC Glitch Attack – Timing Analysis with Power – Breaking AES with SCA

• Mobile security (Android) – Introduction to Android – App architecture – Security architecture – App reversing and Analysis – Input validation attacks – Insecure Storage – Access control attacks – Hardcoding issues

• ARM – Architecture – Instruction Set – Procedure call convention – System call convention – Reversing – Hands-on Labs

• MIPS – Architecture – Instruction Set – Procedure call convention – System call convention – Reversing – Hands-on Labs

Course Outline

About The TrainerAseem Jakhar is the Director, research at Payatu Software Labs payatu.com a boutique security testing

company. He is well known in the hacking and security community as the founder of null -The open

security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon

security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on

various security software including UTM appliances, messaging/security appliances, anti-spam engine,

anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He

currently spends his time researching on IoT security and hacking things. He is an active speaker and

trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, PHDays

and many more. He is the author of open source Linux thread injection kit - Jugaad and Indroid which

demonstrate a stealthy in-memory malware infection technique. He has also authored an open source App

DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is

used for learning Android Security issues.

At QA we have developed the most comprehensive end-to-end Cyber Security training portfolio with over 75 public cyber courses, from the QA 10 Cyber Domains, we offer Cyber Certifications, Cyber Assurance and Cyber Defence training, from end-user to executive board level courses as well as advanced programmes for Security Professionals. In a supportive, hands-on learning environment, our public, private and bespoke training courses meet the needs of individuals, employers and enterprise. Visit QA.COM/CYBER for more information.

Founded by world renowned Penetration Tester Sumit “Sid” Siddarth and well-known Cyber Security entrepreneur Dan Haagman, NotSoSecure is a specialist Firm focused on Hacking Training and Penetration Testing. A global Black Hat Training provider in US and Europe. We Hack. We Teach. Visit notsosecure.com for more information.


Call 0345 074 7978 to talk to QA on your NotSoSecure training needs.

Visit – qa.com/notsosecure for the latest course details.

Search #SkillsfortheDigitalAge


Documents

Hacking Classes - QA · PDF file2 DAY CLASS FOUNDATION TRACK Web ... • XXE Attacks • OS Code Injection ... OSINT, DVCS Exploitation Advanced OSINT Data gathering