Skip to content
O'Reilly home
Wireless Technology

The Ultimate Offensive Security and Hacker Bootcamp in 4 Weeks

Published by Pearson

Bug Hunting, Recon, Cloud and DevOps Automation, and More

Dec. 1, 8, 15 & 22, 2021

6 - 10 p.m. Coordinated Universal Time

144 Spots Remaining

Sign up for a free trial!

or sign in.

Registration closes Nov. 30, 2021 11 p.m. Coordinated Universal Time

What you’ll learn and how you can apply it

By the end of the live online course, you’ll understand:

  • Ethical hacking methodologies
  • How to get started with bug bounties and penetration testing
  • How to perform vulnerability assessment of networks
  • How to hack web applications
  • Advanced exploitation with Metasploit and other exploitation frameworks

And you’ll be able to:

  • Perform post-exploitation activities such as pivoting, obfuscation, and exfiltration
  • Hack application programming interfaces (APIs)
  • Learn how to perform information gathering and reconnaissance
  • Perform privilege escalation and persistence
  • Learn principles of exploit development and creating payloads

This live event is for you because…

  • You have an understanding of cybersecurity fundamentals.
  • You want to learn different methodologies and best practices to mimic advanced adversaries and find vulnerabilities in applications, systems, networks and the cloud.
  • You want to learn more about cybersecurity red teams and their practices.
  • You want to learn how to enhance your ethical hacking skills.

Prerequisites

Course Set-up

Recommended Preparation

Recommended Follow-up

Schedule

The timeframes are only estimates and may vary according to how the class is progressing.

Week 1: Ethical Hacking and Bug Hunting Methodologies, Reconnaissance, and Enumeration

Introduction to Ethical Hacking, Bug Hunting, and Course Setup (50 minutes)

  • Exercise: Building your hacking environment and lab for this course

Break (10 minutes)

Ethical Hacking Methodologies (30 minutes)

Ethical Hacking Certifications (20 minutes)

  • Exercise: Building a Cyber Range in the cloud

Break (10 minutes)

Open Source Intelligence and Passive Reconnaissance (50 minutes)

  • Exercise: Gathering intelligence and performing passive recon

Break (10 minutes)

Network Scanning and Enumeration (60 minutes)

  • Exercise: Scanning networks, systems, and applications to find vulnerabilities
  • Homework Assignment: Perform additional OSINT passive recon with the resources shared during class.
    Complete the Skills Challenge Interactive Scenarios (provided in the class Resource List during training)

Week 2: Hacking Modern Applications

Review Week 1 Homework Assignment (10 minutes)

Exploiting Cross-site Scripting (XSS) Vulnerabilities (50 minutes)

  • Exercise: Finding reflected, stored, and DOM-based XSS

Break (10 minutes)

Stealing Cookies and Bypassing Multifactor Authentication (50 minutes)

  • Exercise: Abusing applications to steal cookies and bypassing multifactor authentication

Break: 10 minutes

Exploiting Insecure direct object references (IDOR) vulnerabilities (20 minutes)

Exploiting XML External Entity (XXE) Vulnerabilities (30 minutes)

  • Exercise: Exploiting IDOR and XXE

Break (10 minutes)

Hacking Databases (50 minutes)

  • Exercise: Exploiting SQL injection Vulnerabilities
  • Homework Assignment: Setup the VM to be used in week 3. Practice the exploitation techniques learned during class and familiarize yourself with common web application frameworks and content management systems (CMS).

Week 3: Intermediate-to-Advanced Exploitation

Review Week 2 Homework Assignment (10 minutes)

Intermediate-Level Lab Setup (50 minutes)

  • Exercise: Setting up an additional VM to completely compromise a system (boot-to-root)

Break (10 minutes)

Web Application Frameworks and Content Management Systems (CMS) (60 minutes)

  • Exercise: Compromising Web Application Frameworks and CMS

Break (10 minutes)

Buffer Overflows (60 minutes)

  • Exercise: Exploiting buffer overflow vulnerabilities

Break (10 minutes)

Exploitation Payloads and Privilege Escalation (60 minutes)

  • Exercise: Creating Payloads and Performing Privilege Escalation
  • Homework Assignment: Become familiar with container technology and Kubernetes using the resources in the Kubernetes: From Basics to Guru expert playlist: https://learning.oreilly.com/playlists/330a1112-13ee-4e72-8b2a-6fd8766fddae/
  • Complete the Skills Challenge Interactive Scenarios (provided in the class Resource List during training)

Week 4: Hacking Containers, Kubernetes, Cloud Technologies, and Bypassing the Security Operation Center (SOC)

Review Week 2 Homework Assignment (10 minutes)

Hacking Cloud Environments (20 minutes)

Hacking Containers and Kubernetes (20 minutes)

  • Exercise: Performing penetration testing of cloud applications

Break (10 minutes)

Advanced Lab Setup (20 minutes)

Adversarial Obfuscation Techniques and Bypassing the Security Operation Center (SOC) monitoring capabilities (30 minutes)

  • Exercise: Setting up the advanced lab and starting

Break (10 minutes)

Additional Post-Exploitation Techniques (60 minutes)

  • Exercise: Intermediate-to-Advanced Capture the Flag (CTF) Exercise

Break (10 minutes)

Introduction to Exploit Development (30 minutes)

Return Oriented Programming (ROP), Reverse Engineering for Exploitation, and Bypassing ASRL tips (30 minutes)

  • Exercise: Navigating through several ROP and exploit development tasks.
  • Final Project Homework: Complete the return-oriented programming (ROP) and advanced exploitation exercise provided during class.

Your Instructor

  • Omar Santos

    Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is the lead of the DEF CON Red Team Village; the chair of the Common Security Advisory Framework (CSAF) technical committee; the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group; and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

    Omar is the author of over twenty books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io and you can follow Omar on Twitter @santosomar.

Start your free 10-day trial

Get started

Want to learn more at events like these?

Get full access to O'Reilly online learning for 10 days—free.

  • checkmark50k+ videos, live online training, learning paths, books, and more.
  • checkmarkBuild playlists of content to share with friends and colleagues.
  • checkmarkLearn anywhere with our iOS and Android apps.
Start Free TrialNo credit card required.