Becoming a Hacker
Published by Pearson
An Introduction to Ethical Hacking, Penetration Testing, and Bug Hunting
- Real-world and hands-on demos throughout
- Using AI for offensive security
- Expert insights to help jumpstart your career
Becoming a Hacker is your first step to starting your ethical hacking and penetration testing career. This intensive two-day training session is taught by Omar Santos, best-selling security author, speaker, and cybersecurity and AI expert. This training includes focused live discussions, real-world demos, and insights into hacking from someone who’s been on the front lines. You will benefit from expert insights of the methodologies used to assess and compromise a network using AI. You will learn to penetrate a wired and wireless network and the systems within that network. This course also covers many techniques to assess and compromise AI systems and applications (including LLMs, MCP servers, A2A, and AI agentic systems).
No prior penetration testing or ethical hacking experience is needed. You will be introduced to offensive cybersecurity concepts and then walk through a complete penetration test, from beginning to end. You will explore passive and active reconnaissance, fuzzing, enumeration, vulnerability assessment, exploitation, and post-exploitation techniques. This course is also helpful for those seeking certifications such as the Offensive Security Certified Professional (OSCP) Certification, CEH Practical, PenTest+, Cisco Certificate in Ethical Hacking, or the GIAC Penetration Tester (GPEN), this two-day training session is a great place to start. This live training can also help you if you want to start exploring the world of bug hunting and bug bounties.
What you’ll learn and how you can apply it
- Master the fundamentals and hands-on techniques of ethical hacking, penetration testing, and bug hunting, including lab setup with WebSploit, Ludus, Kali Linux, and Parrot Security.
- Conduct comprehensive network and application assessments: passive/active reconnaissance, OSINT, vulnerability scanning, fuzzing, and exploiting common vulnerabilities (web apps, credentials, networking devices, wireless networks, and buffer overflows).
- Apply AI-driven offensive security skills, using AI, MCP Servers, and AI coding agents to automate and enhance penetration testing, including attacking AI applications and agentic systems.
- Develop post-exploitation capabilities, maintaining persistence, pivoting, data exfiltration, and build professional reports for penetration tests, red teaming, and bug bounty findings.
This live event is for you because...
- You’re a Cybersecurity Professional (Analyst, Engineer, Architect, or Consultant) looking to upgrade your skills for the AI-driven era.
- You’re an Ethical Hacker seeking to automate and enhance your offensive security capabilities.
- You’re a Software Developer or DevOps Engineer focused on building secure applications and infrastructure.
- You’re an AI/ML Engineer or Data Scientist who wants to learn the latest trends at the intersection of AI and cybersecurity.
- You’re anyone interested in learning how real-world attackers compromise systems.
Prerequisites
- Course participants should have a basic understanding of cybersecurity and networking concepts.
The following video course provides a good overview of cybersecurity fundamentals that are prerequisites for this course
- The Complete Cybersecurity Bootcamp (Video Collection): Threat Defense, Ethical Hacking, and Incident Handling (video course)
Course Set-up:
- Setup WebSploit Labs as documented at: https://websploit.org
Recommended Preparation:
- Read: The AI Revolution in Networking, Cybersecurity, and Emerging Technologies by Omar Santos, Samer Salam, Hazim Dahir
- Watch: Practical Cybersecurity Fundamentals by Omar Santos
- Attend: Modern Cybersecurity Fundamentals by Omar Santos
- Attend: AI-Enabled Programming, Networking, and Cybersecurity by Omar Santos
- Watch: Building the Ultimate Cybersecurity Lab and Cyber Range by Omar Santos
Recommended Follow-up:
- Read: Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World by Omar Santos, Savannah Lazzara, and Wesley Thurner
- Watch: Build Your Own AI Lab by Omar Santos
- Watch: Securing Generative AI by Omar Santos
- Watch: Defending and Deploying AI by Omar Santos
- Practice: Ethical Hacking Labs by Omar and Derek Santos
- Attend: AI and LLM Cyber Risks and Mitigations by Omar Santos
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Segment 1: An Overview of Ethical Hacking, Red Teaming, Bug Hunting, and Penetration Testing Methodologies (50 minutes)
- Offensive security methodologies and techniques
- How to get started with ethical hacking and bug hunting
- Exploring certifications to help you get started with ethical hacking and bug hunting
- Building your own pen testing lab with WebSploit Labs, Ludus, Kali Linux, and Parrot Security
- Introduction to using AI, MCP Servers, and AI coding agents for offensive security
Break (10 minutes)
Segment 2: Passive Reconnaissance and Open Source Intelligence (OSINT) (50 minutes)
- Introduction to OSINT
- Gathering information about the target
- Tools for passive reconnaissance and OSINT
- Using AI for passive reconnaissance and OSINT
Break (10 minutes)
Segment 3: Active Reconnaissance, Scanning, and Fuzzing (50 minutes)
- Introduction to Active Reconnaissance
- Scanning and enumerating the target
- Introduction to Fuzzing
- Tools for active reconnaissance, scanning, and fuzzing
- Using AI for active reconnaissance, scanning, and fuzzing
Break (10 minutes)
Segment 4: Introduction to Hacking Web Applications (50 minutes)
- Introduction to Hacking Web Applications
- Deep dive into Web Application Reconnaissance
- Tools for web application reconnaissance
- Using AI for web application reconnaissance
- Using Burp Suite and Zed Attack Proxy for web application testing
- Introduction to web application vulnerabilities (XSS, SSRF, CSRF, XXE, IDOR, authentication and authorization vulnerabilities, etc.)
- Introduction to Hacking Databases
- Using AI for hacking web applications and databases
Q&A (10 minutes)
DAY TWO
Segment 1: Introduction to Hacking Networking Devices (50 minutes)
- Introduction to Hacking Networking Devices
- Tools for hacking networking devices
- Building Wireless Hacking Labs
- Creating packets and payloads using Python, Scapy, and AI coding agents
Break (10 minutes)
Segment 2: Introduction to Buffer Overflows (20 minutes)
- Introduction to Buffer Overflows
- Tools for buffer overflows
- Creating payloads and shellcode
- Tips for reverse engineering and debugging vulnerable applications
Segment 3: Fundamentals of Evasion and Post Exploitation Techniques (30 minutes)
- Fundamentals of Evasion and Post Exploitation Techniques
- Command and Control, Exfiltration, and Privilege Escalation
- Introduction to Living Off The Land (LOTL) techniques
- Using AI for evasion and post exploitation techniques
Break (10 minutes)
Segment 4: Hacking AI Applications and AI Agents Part 1 (50 minutes)
- Introduction to Hacking AI Applications and AI Agents
- Vulnerabilities in MCP Servers
- Introduction to AI Algorithmic Red Teaming
- Top 10 vulnerabilities in LLMs
- The MAESTRO Framework
- Vulnerabilities in Multi-agent systems
Break (10 minutes)
Segment 5: Hacking AI Applications and AI Agents Part 2 (40 minutes)
- Top 10 vulnerabilities in AI agentic applications
- Using tools for hacking AI applications and AI agents
- Using the MCP and A2A scanners
- Using Claude Code, Cursor, Codex, Windsurf, and Warp for offensive security.
Segment 6: Best Practices on How to Write Penetration Testing Reports (10 minutes)
- Writing Penetration Testing and Red Teaming Reports
- Writing Bug Bounty Reports
Event wrap-up and Q&A (10 minutes)
Your Instructor
Omar Santos
Omar Santos is a Distinguished Engineer at Cisco focusing on advanced AI security research, cybersecurity, incident response, and vulnerability disclosure. He is the co-chair of the Coalition for Secure AI (CoSAI) alongside leading AI companies such as OpenAI, Google, Anthropic, and NVIDIA. Omar has served in the board of the OASIS Open standards organization and is also the chair of the OpenEoX and the Common Security Advisory Framework (CSAF) technical committee. His work led the creation of the CSAF ISO standard. Omar's collaborative efforts extend to numerous organizations, including OWASP, FIRST, and he was the lead of the DEF CON Red Team Village for several years. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. Omar's work in cybersecurity is also recognized through multiple granted patents. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer, and Intelligence (C4I) systems.