3-DAY TRAINING 9 – Advanced Real-World Penetration Testing


CAPACITY: 25 pax


EUR2599 (early bird)

EUR3199 (normal)

Early bird registration rate ends on the 28th of February



This fast-paced course will teach you how to leverage bleeding edge toolsets and techniques to conduct effective, in-depth penetration tests on the latest, real world network, web and application components. This highly intense, completely hands-on lab based curriculum has been created by our team of industry leading experts with experience in training thousands of professionals from Fortune 500 enterprises, defense and law enforcement agencies.

The class will be conducted on our cloud based, state of the art lab platform where attendees will be doing 100 unique lab exercises in class! Over 90% of class time will be spend on these hands-on, live penetration tests!

Apart from the presentation PDFs, lab handouts, workbooks, video solutions etc. we will also be providing all students 100 Days of free access to our online lab platform after the class! This will ensure you have enough time to revisit the concepts and try the demos again later.

Key Learning Objectives

  • Learn to pentest modern infrastructures, server components and networks
  • Gain a deep understanding of how to pentest complex applications running on public-private clouds and server farms
  • Try out advanced attacks on a live infrastructure to cement your learning (over 100 labs done in class)

Who Should Attend

  • Penetration testers
  • Red/Blue/Purple teams
  • Security researchers, analysts and students with interest in learning real world advanced pentesting techniques

Prerequisite Knowledge

  • Basics of penetration testing
  • Familiarity with tools such as Nmap, Metasploit, Burpsuite, Wireshark
  • Able to read and understand code written in Python (need not be a proficient programmer)

Hardware / Software Requirements

  • Laptop with at least 8GB RAM and administrative access
  • Latest version of Google Chrome and Firefox installed

Agenda – Day 1:

Module A: Getting Started

  • Modern networks, components and application stacks
  • Challenges in testing modern architectures
  • Attack surface mapping: Direct and Cloud based
  • Tools of the trade used in the training
  • Logging onto the class lab
  • Warmup lab exercises

Module B: Web Servers

Lab Components: Apache, Nginx, Tomcat, Gunicorn, Tornado, Nodejs

  • Evolution of web servers and deployment architectures
  • Generic, Application and Framework specific deployment issues
  • Server specific misconfigurations
  • Application specific misconfigurations
  • Enumeration, Data Leakage and Exploitation
  • Lab Exercises and case studies

Module C: Caching Servers

Lab Components: Memcached, Amazon Elastic Cache

  • Caching server architectures in modern deployments
  • Fingerprinting and cache data enumeration
  • Direct and App based attack vectors
  • Cache poisoning and invalidation attacks
  • Serialization attacks via stored cache data
  • Attack chaining via applications using cache
  • Lab exercises

Module D: Web Frameworks

Lab Components: Ruby on Rails, Django, Nodejs applications

  • MVC and web framework architectures
  • Language based vulnerabilities (Python, Ruby, JS)
  • Framework based vulnerabilities
  • Fingerprinting and exploitation
  • Web to root strategies
  • RCE via webapps
  • Lab exercises

Module E: Databases – SQL and NoSQL Based

Lab Components:  SQL Databases- MySQL, Postgresql, Sqlite and NoSQL Databases- MongoDB, CouchDB, ArangoDB, Couchbase

  • Differences between SQL and NoSQL databases
  • Pentesting test cases for SQL and NoSQL
  • Injection attacks on NoSQL databases
  • Privilege escalation and chaining attacks
  • Common misconfigurations and exploitation
  • Runtime specific vulnerabilities
  • Lab exercises

Agenda – Day 2:

Module F: Distributed Queues and Brokers

Lab Components: RabbitMQ, Celery, Kafka, ActiveMQ

  • Queue and Broker Basics: Deployment Architectures
  • Enumeration, Data Extraction and Manipulation
  • Interacting remotely via clients and libraries
  • Attacking authentication and access control mechanisms
  • Implementation challenges and misconfigurations
  • Exploiting plugins and other 3rd party integrations
  • Chaining attacks and escalations
  • Use of SASL and SSL
  • Lab exercises

Module G : Serverless Apps

Lab Components: AWS Lambda, API Gateways, Google Cloud Functions, Azure Functions

  • Understanding Serverless Architectures
  • Comparison of security models between serverless providers
  • Discovering and Enumerating API endpoints
  • Malicious injection in event data fields
  • Exploitation via untrusted components
  • Data Leakage attacks
  • Attack chaining
  • Internal infrastructure Pivot
  • Lab exercises

Module H : PaaS Platforms

Lab Components: Google App Engine

  • PaaS platform pentesting challenges
  • Case Study: Google App Engine applications
  • Understanding traffic routing and ephemeral instances
  • Ndb: Cloud Data Store application based injection attacks
  • Cache injection and poisoning attacks
  • Namespaces and multi-tenancy boundary attacks
  • Lab exercises

Module I: Log Analysis and SIEM Systems

Lab Components: Log analysis and SIEM platform attack vectors: ELK, Graylog

  • Limitations of Log analysis and SIEM platforms
  • Log collection architectures and attack surface
  • Log poisoning attacks
  • Compromising the agent
  • Attacking the collection infrastructure
  • Lab exercises

Module J: Datacenter and Container Technologies

Lab Components: ESX, KVM, Docker, Kubernetes

  • Deployment architectures and distributed configuration management
  • Fingerprinting and exploiting misconfigurations in ESX and KVM
  • Docker and Kubernetes: Resource isolation challenges
  • Attacking containerized networks and applications
  • Privilege escalation to host system
  • Lab exercises

Module K:  Cloud Services and Apps

Lab Components: AWS, Azure, Google Cloud Platform

  • Configuration flaws in public clouds
  • Enumerating public cloud servers and APIs
  • Attacking public cloud infrastructures
  • Pivoting into VPCs and compromising the internal infrastructures
  • Privilege escalation and account takeovers
  • Lab exercisers from different public cloud services

Agenda – Day 3:

Module L: VoIP Systems

Lab Components: Asterisk Now, Free PBX, Soft VoIP Phones

  • VoIP deployment architectures
  • Pentesting VoIP servers
  • VoIP traffic analysis: SIP-RTP, SIP over TLS + RTP
  • Decrypting VoIP traffic: SIP-SRTP, SIP over TLS + SRTP
  • Recovering voice data, messages from VoIP traffic
  • Lab exercises

Module M: IoT Network Attacks

Lab Components: Mosquitto,  CoAPthon, FreeCoAP, ActiveMQ, Apache Qpid

  • IoT backbone network architectures
  • Server misconfigurations and Client insecurities
  • Attack Surface: MQTT, CoAP, AMQP protocols
  • Enumeration, Data Leakage and Exfiltration
  • Attacking IoT endpoints via Server compromise
  • Remote IoT RCEs and other exploitations
  • Lab exercises

Module N: Privilege Escalation and Subverting Defenses

Lab Components: Combination of Servers and Applications

  • Post exploitation reconnaissance
  • Privilege levels and escalation strategies
  • Understanding system defenses and subverting them
  • Lateral privilege escalation to other accounts
  • Vertical privilege escalation to root
  • Lab exercises 

Module O : Pivoting and Lateral Movement

Lab Components: Combination of Servers and Applications

  • Pivoting, port forwarding and lateral movement
  • Single pivot exercises
  • Double pivot exercises
  • Multi pivot strategies and exercises

Module P: Persistence Techniques

Lab Components: Combination of Servers and Applications

  • Network and application backdoors
  • Kernel mode backdoors
  • Tunneling strategies and tools
  • Data exfiltration via covert channels
  • Lab exercises

Module Q : Hardening and Course Conclusion

  • Hardening strategies for modern infrastructures
  • Threat and attack surface modelling
  • Course conclusion and next steps
  • Accessing labs 100 days after class

Location: Training Rooms Date: May 6, 2019 Time: 9:00 am - 6:00 pm Vivek Ramachandran Nishant Sharma