Hacking in Practice 2 – Three-day training

Come and explore the mysterious world of hacking and its many nooks and corners. Sharing his knowledge with you on this exciting journey will be the co-founder of TandemSec and ethical hacker with many years of experience, Lukáš Antal.

You will learn

How to map a network and pick a suitable target? How to recognize server service vulnerabilities and exploit them to gain access to the server? How do you escalate privileges even further? How can you MS Windows workstation? And how to prevent it from happening? What are the typical and the most severe vulnerabilities of web applications? Is your VoIP infrastructure vulnerable? What is Darknet and what and OSINT? How does an ATM prevent attackers from getting to the money stored in the safe? Can you hack a car? What about a mobile phone and your vacuum cleaner?

All this and more will be discussed at the Hacking in Practice 2 course which directly follows up the Hacking in Practice 1 course.

Designed for

  • • Network and system admins
  • • Programmers, developers, testers
  • • Ethical hacking and IT Security enthusiasts in general.

Pre-requisite knowledge

  • • Knowledge of Windows and Linux operation system environments
  • • Elementary knowledge of TCP/IP security.

Curriculum

The curriculum of this course is built around many years of experience as the ethical hacker and covers a variety of topics from different areas of computer security. The emphasis of this course is on sharing knowledge of real-life penetration testing, attacks, and its analysis.

  • Network Security
  • Kali Linux - Introduction
  • Network reconnaissance
  • Port Scanning
  • OS and network services identification
  • Vulnerability scanning a comparison of vulnerability scanners
  • Exploitation – live demonstration
  • Privilege escalation
  • Metasploitable2 and Metasploitable3
  • Vulnhub and HackTheBox
  • Live hacking demonstration of several vulnerable servers
  • Linux – Password dumping and cracking
  • Linux – Plaintext passwords extraction
  • Red Teaming, Purple Teaming
  • Workstation Hacking
  • Physical access attacks
  • Privilege escalation methods
  • System services hacking
  • Startup Repair Attack
  • Sticky Keys Attack
  • Firewire Inception Attack
  • Cold Boot Attack
  • Workstation Hardening
  • Role of Antivirus
  • Encryption
  • Patch management
  • Physical hardening
  • Web Applications Security
  • OWASP Testing Guide methodology
  • OWASP Top 10
  • SQLi, XSS, CSRF, XXE, …
  • Live demonstration of exploiting severe vulnerabilities
  • Tools comparison
  • Experience from a real penetration test of web application
  • VoIP Security
  • SIP Caller number/name spoofing
  • SIP Denial of Service
  • Call eavesdropping
  • Vulnerabilities of VoIP end-points
  • PBX hacking
  • Mobile phones and IoT Security
  • SMS of Death
  • Calls encryption
  • Attack vectors of mobile communication
  • Physical security
  • Pattern vs PIN
  • Smudge Attack, Spearphone Attack
  • Biometry hacking
  • Vacuum cleaners, Smart TV, Sex toys, and IP cameras hacking
  • ATM Hacking in Practice
  • ATM types, hardware and software
  • AMT security and vulnerabilities
  • Description of different attack vectors
  • Money Jackpotting
  • Skimming
  • Physical brute force attacks
  • Experience from real ATM penetration test
  • Hacking automobilů
  • Keyless Entry and Keyless Ignition hacking
  • Attacking sensors
  • CAN bus hacking
  • Ecosystem of Darknet
  • Anonymous networks, Deepnet and Darknet, TOR and its structure
  • Hidden Service – real examples
  • Black Markets and its goods and services
  • Drugs, guns, fake banknotes, passports, ...
  • Bitcoin mixing services
  • TOR specific attack (deanonymization of users, service providers, Hidden Services)
  • TOR and Bitcoin scandals
  • NSA Hacking Tools
  • ShadowBrokers leaked hacking tools analysis
  • Live demonstration and description of leaked tools and exploits
  • EternalBlue, EternalRomance, EternalSynergy, EternalChampion
  • Fuzzbench, DoublePulsar, DanderSpritz
  • Social Networks – Big brother and anonymity
  • Summary of social networks with a focus on Facebook
  • Shadow profiles
  • Facebook Graph API Explorer
  • Spying by Google
  • Steganography
  • History
  • Modern usage with examples
  • Subliminal advertising
  • Microdotting – conspiracy theory or reality?
  • Hiding files inside files
  • Alternate Data Stream in NTFS filesystem
  • DoS and DDoS attacks
  • Botnets and its trends
  • Line congestion attacks
  • Amplification attack
  • Slow HTTP DoS
  • Hash Collision DoS
  • XML Bomb
  • DDoS as a service
  • DDoS as a means of blackmail

Back to homepage