Ready Steady Hack
This short Ready, Steady, Hack experience helps you to think like a real-world threat actor and plan your security tactics with the same offensive mindset.
Half day Course
Not Available by Partners
Live, online available
Basic
Course Overview
Is it for me?
The routine, operational demands of a busy cybersecurity and IT department can often get in the way
of good security strategy and leave you with little time to prepare for the decisions that really matter. If
this sounds like your day-to-day, join this short, hands-on experience. It’s designed to take you temporarily
out of the ring and put you into the minds of those targeting your organization so you can
adopt a more calculated approach. Plus, you can get your hands dirty with our popular virtual labs and
learn from experienced, practicing Penetration Testers with a legacy of training at Black Hat as you do
it.
Interested?
1. Our courses are available directly from us; through our training partners or at worldwide technical conferences.
2. You can find course dates and prices on the Courses and Webinars page.
3. Take a look below at a few of the upcoming courses for this specific training.
4. For more information including private course requests, complete the short form below.
Courses and webinars
Enquire about your training
We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.
Details of the course content:
THE ENUMERATION PHASE
- Approaches to enumeration: opportunistic vs targeted
- IP and open port search engines
- Research-based Open-Source Intelligence Gathering (OSINT) techniques
- Vulnerability scanning
- Exercise: use OSINT to gather key information on your target
GETTING A FOOTHOLD
- Intro to Metasploit Framework (MSF)
- Search for auxiliary modules and exploits
- Exercise: use MSF to configure an exploit and get a reverse shell
ENUMERATING THE SYSTEM AND PIVOTING
- Find Privilege Escalation opportunities in Linux systems
- Enumerate internal network
- Pivot across internal systems
- Exercise: use shell to enumerate website host
TAKING A DIFFERENT APPROACH
- Server-Side Forgery (SSRF)
- Use AWS metadata API to obtain temporary credentials
- AWS CLI and list S3 buckets configuration
- Exercise: abuse SSRF vulnerability to access credentials
THE GREAT ESCAPE
- Cloud container risks
- Cloud orchestration risks
- How to abuse Docker socket
- Exercise: escape Docker container onto host OS
Prerequisites
Who should take this class?
- Security and IT decision makes
- CISOs and Heads of...
- Budget holding managers
- CTOs and Development Team leads
- Network Managers
This course is not suitable for technical practitioners, such as SOC analysts, Penetration Testers, and so on
What you will learn:
Course Information
You can download a copy of the course information below.
In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.
Your Training Roadmap
Offensive Classes
Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration testers wishing to add to their existing skill set.
Defensive Classes
Giving you the skills needed to get ahead and secure your business by design. We specialise in application security (both secure coding and building security testing into your software development lifecycle) and cloud security. Build security capability into your teams enabling you to move fast and stay secure.
Our accreditations
