Our Training Courses

Penetration Testing as a Day Job

Almost like the real thing: A Guided Penetration Test Simulation

Target audience

Pen Testing Noobs (no total tech noobs please!), and those who already took other hacking courses but came away thinking "I really don't feel like that taught me how to actually conduct a pentest" (or at least words to that effect)

The course is also fully aligned to the published syllabus if you are looking to prepare for CREST CPSA and CRT examinations.

About the course

You probably get the idea already, but in our opinion the vast majority of introductory hacking courses might show attendees a bunch of tools and some exploit scenarios, yet rarely come anywhere close to preparing attendees to work towards a career as a penetration tester, with a methodical approach to beginning, managing, ending, or reporting on an actual real penetration test.


This course aims to take attendees on a light-hearted and hopefully humorous journey from start to finish through a very real (totally simulated) pentest engagement. Pwning our way through our real (fictional) organisation's apps and infra, including multiple targets from webapps through internal infra and even some physical device silliness (think lights / sounds / maybe even some foam darts), before finally telling our "client" all about our findings in a professional (mostly) pentest report.


Hugely lab driven, with more of a "narrative over the top" almost continuously hands-on approach than the more traditional theory -> demonstration -> practice style common in "general hacking techniques" courses.


If you didn't have fun then honestly we totally screwed this up, yet we will ensure that you come away feeling confident and ready to practise your skills flying solo, with plenty of advice included on next steps, such as how to take advantage of a wealth of public freely available hackable boxes as proper practice runs in preparation for the real thing.

Syllabus / Outline

1. Introduction, Soft Skills & Assessment Management

   - How to approach a pentest

   - Engagement Lifecycle

   - Law & Compliance

   - Methodology

   - Scoping

   - Understanding, Explaining, and Managing Risk

   - Good report writing skills: before, during, and after the assessment

2. Background Information Gathering and Open Source (OSINT)

   - Records: Registration / DNS / CT Logs

   - Customer Web Site Analysis

   - Google Hacking and Web Enumeration

   - NNTP Newsgroups and Mailing Lists

   - Information Leakage from Mail & News Headers

   - Social Engineering and Physical Security

3. Security Fundamentals

   - Cryptography

   - Applications of Cryptography

   - Encoding / Encryption / Hashing

   - Hash cracking

   - File System Permissions

   - Audit Techniques

   - Source Code Review

4. Web Technologies

   - Web Servers

   - Web Enterprise Architectures

   - Web Protocols

   - Web Mark-up Languages

   - Web Programming Languages

   - Web Application Servers

   - Web APIs

   - Web SubComponents

5. Web Application Security Assessment

   - Web Application Reconnaissance

   - Identifying vulnerabilities

   - Web Site Structure Discovery

   - Information Gathering from Web Mark-up

   - Information Disclosure in Error Messages

   - Enumerating CMSs

   - Threat Modelling and Attack Vectors

   - Authentication Mechanisms

   - Authentication bypasses / flow abuses

   - Authorization Mechanisms

   - Session Handling: Predictability / Termination / Hijacking / Fixation

   - Access control bypasses

   - Object referencing issues

   - Input Validation

   - Cross-Site Scripting Attacks (XSS)

   - SQL Injection

   - Parameter Manipulation

   - Web form input abuse

   - CSRF

   - Open redirects

   - Command injection

   - XXE

   - Feature abuses

   - Generating payloads

6. Databases

   - MySQL

   - PostgreSQL

   - Microsoft SQL Server

   - Oracle RDBMS

   - Web / App / Database Connectivity

7. Networking

   - IP Protocols

   - Network Architectures

   - Networking Protocols

   - Network Mapping & Target Identification

   - Interpreting Tool Output

   - Filtering Avoidance Techniques

   - OS Fingerprinting

   - Windows vs Linux enumeration

   - Application Fingerprinting and Evaluating Unknown Services

   - Network Access Control Analysis

   - Management Protocols

   - Network Traffic Analysis

   - IPSec

   - VoIP

   - Wireless

   - Configuration Analysis

8. Windows Security Assessment

   - Domain Reconnaissance

   - User Enumeration

   - Active Directory

   - Windows Passwords

   - Windows Vulnerabilities

   - Windows Patch Management Strategies

   - Desktop Lockdown

   - Exchange

   - Common Windows Applications

9. Unix/Linux Security Assessment

   - User Enumeration

   - Unix vulnerabilities

   - FTP (Unix)

   - Sendmail / SMTP (Unix)

   - Network File System (NFS) (Unix)

   - R* services (Unix)

   - X11 (Unix)

   - RPC services (Unix)

   - SSH (Unix)

10. Finishing Up

   - Good report writing skills: after the assessment