Special Notices

We realise that training courses are limited for time and therefore students are also provided a
complementary in.security hackpack! This includes:

  • 14-day extended LAB access after the course finishes
  • 14-day access to a CTF platform with subnets/hosts not seen during training!


This is an immersive accelerated virtual learning hands-on 3 day bootcamp course aimed at a technical audience. The training covers a multitude of security topics, is based around modern operating systems and using modern techniques, with an emphasis on exploiting configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.

Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including using OSINT skills to retrieve useful data, perform host/service enumeration and exploitation as well as perform phishing attacks against our live in-LAB users’ to gain access to new networks, bringing new challenges and in the process teaching new sets of skills in post exploitation, network reconnaissance, lateral movement and data exfiltration.

We also like to do things with a difference. In this training you’ll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, as an attacker, as a blue teamer, to understand the types of artefacts your attacks leave, therefore understanding how you might catch, or be caught in the real word.


This training is suited to a variety of students, including:

  • Penetration testers
  • SOC analysts
  • Security professionals
  • IT Support, administrative and network personnel


  • A firm familiarity of Windows and Linux command line syntax
  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience is advantageous, but not required

Delegates will learn how to

  • Performing effective OSINT activities
  • Identifying live hosts and services using IPv4 and IPv6
  • Unauthenticated and authenticated target enumeration using manual techniques and tools using IPv4 and IPv6
  • Identifying and exploiting configuration weaknesses in targets from both unauthenticated and authenticated perspectives
  • Password hash identification, extraction and cracking from Linux, Windows variants and other applications
  • Password cracking techniques including dictionary/rule, brute force and mask attacks
  • Performing effective post exploitation attacks, enumeration and data gathering
  • Using tools and techniques introduced during the training to create bespoke payloads that can be used in phishing attacks
  • Pivoting, lateral movement and routing traffic to hidden networks
  • Exploiting application weaknesses over tunnels, routed connections and shells using manual techniques and tools
  • Understanding Active Directory trusts and how they can be abused
  • Gaining persistence using modern techniques and exfiltrating data via out of band channels
  • Understanding how defensive monitoring can be used to identify malicious activities


Day 1

  • Getting familiar with the MITRE ATT&CK framework
  • An introduction into monitoring and alerting using our in-LAB ELK stack
  • Leveraging OSINT activities
  • Enumerating and targeting IPv4 and IPv6 hosts
  • Remote/local Linux enumeration and living off the land
  • Linux shells, post exploitation and privilege escalation
  • P@ssw0rd cracking (*nix specifics)
  • Kubernetes and container security
  • Creating and executing Phishing campaigns against our simulated enterprise users
  • Living off the land tricks and techniques in Windows

Day 2

  • P@ssw0rd cracking (Windows specifics)
  • Remote/local Windows enumeration
  • Windows exploitation and privilege escalation techniques
  • Windows Defender/AMSI and UAC bypasses
  • Bypassing AppLocker, PowerShell CLM and Group Policy restrictions
  • Enumerating and extracting LAPS secrets
  • RDP hijacking
  • Lateral movement, pivoting, routing, tunnelling and SOCKS proxies

Day 3:

  • Application enumeration and exploitation via pivots
  • Leveraging domain trusts
  • Gaining persistence using Scheduled Tasks and WMI Event Subscriptions
  • Data exfiltration over OOB channels (ICMP and DNS)
  • Domain Fronting and C2