O'Reilly logo
live online training icon Live Online training

Advanced Hands-On Ethical Hacking Bootcamp

Topic: Security
Omar Santos

Advanced Hands-On Ethical Hacking Bootcamp is an intensive 3-day, hands-on course where you will dive into advanced techniques of exploitation, enumeration, reconnaissance, and obfuscation. Through discussions and labs you will learn the advanced skills needed to get the job done. Skills learned include:

  • Recon methodologies using open source intelligence (OSINT)
  • How to automate network scanning and enumeration
  • How to apply different fuzzing techniques to compromise web applications
  • How to search for other input validation vulnerabilities, such as buffer overflows
  • How attackers can steal cookies, redirect users to malicious sites, and steal sensitive information by leveraging Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF) vulnerabilities.

This training also includes a series of active exercises to give you real-world skills. You will

  • Create payloads for persistence and exfiltration and create shellcode;
  • Establish different Command and Control (C2) Environments;
  • Use Proxychains and Tor for obfuscation
  • Perform penetration testing in cloud environments such as AWS, Google Cloud Platform, Azure and Digital Ocean.
  • Build a quick wireless lab to learn how to attack WiFi networks.

This training also provides several hands-on exercises where you will learn different techniques on how to leverage Linux, Bash, and Python for penetration testing and bug hunting. At the end of this training, you will test your knowledge with a capture-the-flag-like environment where you will try to compromise a system by applying all the knowledge acquired in the previous exercises.

What you'll learn-and how you can apply it

  • Learn intermediate-to-advanced exploitation techniques.
  • Get hands-on skills to perform enumeration, reconnaissance, and find vulnerabilities in bug bounty hunting and ethical hacking engagements.
  • Create payloads, shellcode, and leverage different living-of-the-land (LoTL) utilities and applications.
  • Learn through step-by-step demonstrations.
  • Complete hands-on exercises and participate in interactive discussions.

This training course is for you because...

  • You have an understanding of cybersecurity fundamentals.
  • This training helps candidates preparing for certifications such as OSCP, OSWE, GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), and the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
  • You want to learn how to advance their cybersecurity career.
  • Anyone interested in cybersecurity, bug bounties, and penetration testing (ethical hacking) will benefit from this training.


Course participants must have a basic understanding of cybersecurity, virtualization technologies (i.e., VirtualBox, VMWare, Proxmox), and networking concepts.

The following books and video courses provides a good overview of cybersecurity fundamentals that are prerequisites for this course:

Course Set-up

Recommended Preparation

Recommended Follow-up

About your instructor

  • Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is the lead of the DEF CON Red Team Village; the chair of the Common Security Advisory Framework (CSAF) technical committee; the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group; and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

    Omar is the author of over twenty books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io and you can follow Omar on Twitter @santosomar.


The timeframes are only estimates and may vary according to how the class is progressing


Introduction and Lab Setup - 50 mins

Break - 10 mins

OSINT and Passive Reconnaissance- 50 mins

Break - 10 mins

Network Scanning and Enumeration - 50 mins

Break - 10 mins

Fuzzing Web Applications and Searching for Buffer Overflows - 60 mins


Stealing Cookies with Cross-site Scripting (XSS) and Cross-site Request Forgery - 50 mins

Break - 10 mins

Creating Payloads for Persistence and Exfiltration - 50 mins

Break - 10 mins

Creating Your Own Shellcode - 50 mins

Break - 10 mins

Establishing Different Command and Control (C2) Environments - 30 mins

Using Proxychains and Tor for Obfuscation - 50 mins


Penetration Testing in the Cloud - 50 mins

Break - 10 mins

Attacking WiFi Networks - 50 mins

Break - 10 mins

Linux, Bash, and Python Tricks for Pen Testing - 50 mins

Break - 10 mins

Test Your Knowledge: Capture the Flag Exercise - 60 mins