About the course
This course teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course comprises of 3 days of infrastructure hacking and 2 days of web hacking.
System Administrators, Web Developers, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level.
This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications and infrastructures. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, and infrastructure platforms, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the virtual labs taught in this course.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab.
IISP Skills Alignment
This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.
- D2, E3, C2
Continuous Professional Development (CPD)
CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).
We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. It is essential that delegates have a good practical ‘hands-on’ experience of the Linux command line and Linux utilities.
- The QA Art of Hacking (QATAOH) course is written and released in 2016 and benefits from the latest vulnerabilities in current and future platforms /systems. E.g. we do not talk about hacking windows XP and 2003 servers (unlike CEH) but talk about circumventing controls in Modern OS such as Windows 2012 servers. Any high impact vulnerability such as heart-bleed, shellshock or the recent mass compromise vulnerability of Joomla software is taught in the class.
- Unlike CEH, where the focus is to run a tool to achieve an objective which helps attendees pass the exam, we focus on the underlying principles on which tools work and provide attendees an understanding on what is the root cause of the vulnerability and how does the tool work to exploit it. We also talk about how the vulnerability should be mitigated.
- The class benefits from a hands-on lab which is hosted in the NotSoSecure cloud. Every attendee gets their own dedicated Virtual Machines upon which they practice each and every vulnerability in detail.
- In terms of reputation, this course remains one of the most popular class's at BlackHat and other major events. The course is written and taught by pen testers and the training is based on real-life pen testing experience. The Infrastructure component of the class is featuring this year at BlackHat Las Vegas.
- TCP/IP Basics
- The Art of Port scanning
- Target Enumeration
- Metasploit Basics
- Password Cracking
- Hacking Recent Unix Vulnerabilities
- Hacking Databases
- Hacking Application Servers
- Hacking third party applications (Wordpress, Joomla, Drupal)
- Windows Enumeration
- Hacking recent Windows Vulnerabilities.
- Hacking Third party software (Browser, PDF, Java)
- Post Exploitation: Dumping Secrets
- Hacking Windows Domains
- Understanding HTTP protocol
- Identifying the attack surface
- Username Enumeration
- Information Disclosure
- Issues with SSL/TLS
- Cross Site Scripting
- Cross-Site Request Forgery
- SQL Injection
- XXE attacks
- OS Code Injection
- Local/Remote File include
- Cryptographic weakness
- Business Logic Flaws
- Insecure File Uploads
Designed to teach and build real-world skills, the Art of Hacking also features an optional certification component. The class prepares candidates to enhance their credentials to achieve Certification. However, certification is not simply a multi-choice exam at the end of the class…
- The Art of Hacking certification is provided by NotSoSecure and is designed to assess candidate’s applied, hands-on skills against over 60 competency-based learning objectives
- Certification can only be achieved by completing the Art of Hacking “Capture The Flag” (CTF) An examination following completion of your Art of Hacking class; be it face-to-face, live-feed training or through e-learning
- Certification is awarded against demonstrated skill level; if you pass you achieve Art of Hacking “Ninja” or Art of Hacking “Master”
Why create the Art of Hacking Certification?
- Simple – there is a clear market demand for hands-on, skill-based hacking certification that has an independent certification body behind it.
How do I prepare for the Certification?
- The best way to prepare is to purchase the Art of Hacking bundle which includes the complete course and Certification in one bundle.
What is the format for the Certification?
- The format is a Capture-the-Flag (CTF) exam designed to be representative of real-world challenges. Your exam session is booked ahead of time giving you time to prepare – when ready, we issue you with the keys to our unique exam hack-lab and from there you take over. It is open book and real-world; you have to use your hands-on skills to hunt for the various treasure we have created and submit your findings into the examination scoring portal. If you get stuck, you may opt for hints, however - this will also deduct from your available points.
How are my Certification answers scored?
Those are graded for completion and accuracy and at the end of the exercises a certification will be awarded as follows:
- Art of Hacking Ninja: score of 60 -79
- Art of Hacking Master: score of 80+
How much is the Certification?
- The Art of Hacking exam costs £350, only available via QA.
What do I get at the end of the Certification process?
- You will know instantly whether you have passed and whether you are Ninja or Master in the Art of Hacking. Once your score and performance is verified, you will be sent an impressive Art of Hacking Certificate stating your new credentials.
How long is the Certification valid?
- Certifications are valid for 3 years from issuance date. The re-certification and on-going knowledge maintenance programme will be announced in due course.
Is the Certification easy?
- That’s up to you! The Art of Hacking Certification is all about you showing that you have developed real-world, hands-on skill. The challenges are based on the material you will have learned but it’s up to you to prepare and demonstrate you have understood each component. You can tackle many of the challenges in the order that you see fit.