Special Notices

We realise that training courses are limited for time and therefore students are also provided a complementary in.security hackpack!
This includes:
  • 14-day extended LAB access after the course finishes
  • 14-day Slack support channel access where our security consultants are available
  • 14-day access to a CTF platform with subnets/hosts not seen during training!
  • A hard copy of the RTFM
  • A Hak5 LAN Turtle
  • The ‘Hacking Enterprises’ certificate of completion at the end of training


This is an immersive hands-on course aimed at a technical audience. The training covers a multitude of security topics, is based around modern operating systems and using modern techniques, with an emphasis on exploiting configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.

Learners will access a blended cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform over 30 hands-on exercises including using OSINT skills to retrieve useful data, perform host/service enumeration and exploitation as well as perform phishing attacks against our live in-LAB users’ to gain access to new networks, bringing new challenges and in the process teaching new sets of skills in post exploitation, network reconnaissance, lateral movement and data exfiltration.

We also like to do things with a difference. In this training you’ll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, as an attacker, as a blue teamer, to understand the types of artefacts your attacks leave, therefore understanding
how you might catch, or be caught in the real word.

Target Audience

  • Penetration testers
  • SOC analysts
  • Security professionals
  • IT Support, administrative and network personnel


  • A firm familiarity of Windows and Linux command line syntax
  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience is advantageous, but not required

Learning Outcomes

  • Performing effective OSINT activities
  • Identifying live hosts and services using IPv4 and IPv6
  • Unauthenticated and authenticated target enumeration using manual techniques and tools using IPv4 and IPv6
  • Identifying and exploiting configuration weaknesses in targets from both unauthenticated and authenticated perspectives
  • Password hash identification, extraction and cracking from Linux, Windows variants and other applications
  • Password cracking techniques including dictionary/rule, brute force and mask attacks
  • Performing effective post exploitation attacks, enumeration and data gathering
  • Using tools and techniques introduced during the training to create bespoke payloads that can be used in phishing attacks
  • Pivoting, lateral movement and routing traffic to hidden networks
  • Exploiting application weaknesses over tunnels, routed connections and shells using manual techniques and tools
  • Understanding Active Directory trusts and how they can be abused
  • Gaining persistence using modern techniques and exfiltrating data via out of band channels
  • Understanding how defensive monitoring can be used to identify malicious activities

Course Outline

Day 1

  • An introduction into monitoring and alerting using our in-LAB ELK stack
  • Leveraging OSINT activities
  • Enumerating and targeting IPv4 and IPv6 hosts
  • Linux enumeration (remote and local targets)
  • Living off the land tricks and techniques in Linux

Day 2

  • Linux shells, post exploitation and privilege escalation
  • P@ssw0rd cracking (*nix specifics)
  • Living off the land tricks and techniques in Windows
  • Creating and executing Phishing campaigns against our simulated enterprise users

Day 3

  • P@ssw0rd cracking (Windows specifics)
  • Windows enumeration (remote and local targets)
  • Windows exploitation and privilege escalation techniques
  • Windows Defender/AMSI and UAC bypasses
  • Defensive monitoring
  • Bypassing AppLocker and Group Policy restrictions
  • RDP hijacking
  • Enumerating and extracting LAPS secrets
  • Situational awareness and further enumeration of other subnets

Day 4

  • Lateral movement and pivoting, routing, tunnelling and SOCKS proxies
  • Application enumeration and exploitation via pivots
  • Domain exploitation
  • Leveraging domain trusts

Day 5 (morning)

  • Gaining persistence using Scheduled Tasks and WMI Event Subscriptions
  • Data exfiltration over OOB channels (ICMP and DNS)
  • Domain Fronting and C2

CTF (afternoon)

  • Practical CTF to put newly learned skills into practice!

Please complete this form and we'll be in touch

Hide form
Please enter a date or timescale
Please type in a preferred location or region...