Advanced Ethical Hacking Training Boot Camp
Take your penetration testing skills to a new level! The industry’s most advanced ethical hacking training teaches you how to orchestrate and defend against advanced persistent threats (APT) attacks.
Become a Certified Expert Penetration Tester — guaranteed!
- Five days of expert, live Advance Ethical Hacking training
- Exam Pass Guarantee
- Exam vouchers
- Unlimited practice exam attempts
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($299 value!)
- 1-year access to all boot camp video replays and materials
- Pre-study learning path
- Knowledge Transfer Guarantee
Hands-on labs
Hundreds of exercises in over 30 separate hands-on labs bring you up to speed with the latest threats to which your organization is most vulnerable. Practice penetration testing in our virtualized environment that simulates a full range of servers and services used in a real company. Learn how to compromise web servers, virtual machines, databases, routers and firewalls, and then put it all together in an unscripted evening Capture the Flag (CTF) exercise.
Nightly capture the flag exercises
CTF exercises are an opportunity for you to practice your hacking skills in a real-world environment. Infosec sets up a mock company that you can freely attack without having to worry about damaging production systems. The purpose of the CTF exercises is to ensure you understand how to apply the skills you learned during the day to a real-world, ethical hacking scenario.
Training overview
Modern networks and systems are fully patched, hardened from attack and armored to the hilt with expensive security gear — but the bad guys still get in on a daily basis! How do they do this?
Infosec’s Advanced Ethical Hacking Boot Camp will teach you how to successfully attack fully patched and hardened systems, circumvent common security controls and access confidential data. You’ll bring this knowledge back to your organization so you can formulate ways to defend against these sophisticated attacks. By learning how to fully utilize zero-day attacks that replicate an APT attack, you become an extremely valuable member of any penetration testing team. This course also supports and prepares you for the Certified Penetration Tester (CPT) and Certified Expert Penetration Tester (CEPT) exams.
What you'll learn
- System exploitation process
- Replicating the process and architecture of APT attacks
- Attacking fully patched systems
- Attacking DMZs and other secured infrastructure
- Port redirection
- Compromising secured infrastructure
- Using egghunter and Meterpreter shellcode
- Metasploit scripting and automation
- NMAP automation
- Running exploits in RAM vs. on disk
- Hiding from IDSs
- Covert channels
- Privilege escalation attacks on Windows
- Advanced man-in-the-middle (MiTM) attacks
- Traffic interception
- Hijacking SSL encrypted sessions
- MiTM VoIP attacks
- Intercepting VoIP traffic and attacking ethernet-enabled PBXs
- Zero-day vulnerability discovery process
- Format string attacks
- Windows SEH stack overflows
- Writing Windows shellcode
- Heap spraying / JIT spraying
- Fuzzer selection and comparison
- Binary auditing with IDA Pro
- Portable Executable (PE) compression and encoding
- Using a disassembler
- Anti-disassembling detection circumvention
- Web app fuzzing
- Advanced SQL injection
- Cross-Site Request Forgery (CSRF) attacks
- XSS attacks and XSS redirection
- RFI and Source Code Injection attacks
- Proxy cache poisoning
Who should attend
- Penetration testers
- Security analysts
- Cybersecurity consultants
- Anyone with a desire to learn advanced ethical hacking skills!
Prerequisites
- Firm understanding of the Windows Operating System
- Exposure to the Linux Operating System or other Unix-based operating systems
- Grasp of the TCP/IP protocols
- Exposure to network reconnaissance and associated tools (nmap, nessus, netcat)
- Programming knowledge is NOT required
Everything you need to earn your certified expert penetration tester
- Five days of expert, live Advance Ethical Hacking training
- Exam Pass Guarantee
- Exam vouchers
- Unlimited practice exam attempts
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($299 value!)
- 1-year access to all boot camp video replays and materials
- Pre-study learning path
- Knowledge Transfer Guarantee

Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.
Advanced Ethical Hacking training schedule
Infosec’s Advanced Ethical Hacking training materials are always up to date because black hat hackers are always changing their tactics to get one step ahead of the good guys. We update our course materials to ensure that you learn about the current threats to your organization’s networks and systems. More than 93% of Infosec students pass their certification exams on their first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Introduction to Advanced Hacking
Overview of current security
Advanced recon
- Stealth strategies
- Evading IDS/IPS
- Passive network recon
- Idle scanning
- Automated metadata gathering
Blinding IDSs
- Intrusion detection overview
- Intrusion prevention
- Blinding IDSs
- Hiding from IDSs
Vulnerability mapping
- Using nessus
- Manual vulnerability discovery
- Mapping client-side vulnerabilities
x86 assembly for exploit development
- Computing fundamentals
- CPU registers
- Memory segments
- Assembly instructions
Finding vulnerabilities with debuggers
- Debuggers
- Hardware vs software breakpoints
- Keygens
- Attacking keygen algorithms
- Protections against these attacks
Reversing win32 applications with IDA
- Windows apps
- Breakpointing on APIs
- Breakpointing on messages
- IDA
- IDA FLIRT
- Other IDA features
Fuzzing/fault injection
- Manual fault injecting
- Advances in fault injection
- Attacking complicated protocols
Memory architecture and stack-based overflows
- Memory segments
- Introduction to stack
- Functions and stack
- Programming
SEH exploits
- Introduction
- Structured exception handling
- Controlling SEH chains
- SEH exploit mitigation techniques
- SEHOP
Return oriented programming
- Operating system protections
- What is ROP?
- Why do we need it?
- How do we go about it?
Writing shellcode
- Introduction
- Null Bytes
Egghunters
- What are egghunters
- Why do we need them
- Notable egghunter code
- How do we go about it
- Bonus content
Restricted character set exploitation
- What is restricted character set exploitation
- Bad characters
- Unicode filtering
- Alphanumeric shellcode
Attacking format strings
- Introduction to format strings
- Using format functions
- Format string vulnerability
- Reading the stack
- Reading arbitrary memory addresses
Payloads
- Payload use
- Bind shell
- Reverse connect
- SysCall proxy
- DLL injection
- Advanced exploitation
Metasploit payloads
- Metasploit meterpreter
- Meterpreter scripts
- Windows adduser payload
- Writing metasploit module
Advanced metasploit
- Metasploit framework
- Labs for programming
More advanced metasploit
- Metasploit framework
- Auxiliary modules
- Post exploitation
Compressors and encryptors
- Background on packers
- Why use a packer
- How a packer works
- Strategies for defeating packers
- Removing the packer with SofIce and ProcDump
- The JMP EIP trick
- Deleting the encryptor code segment
Advanced client side exploits
- Client side vs server side
- Why client side is popular
- The advanced persistent threat
- Anatomy of a client side attack
- Types of defenses
Attacking network-based protocols
- Attacking ARP
- Attacking SSL
- Traffic manipulation
Exploiting web apps
- Web app scanning
- Tools for tracking vulnerabilities
- Manual investigation
Web application hacking
- OWASP top 10
- Eshoplifting
- Deconstructing Java
- Manipulating GETs
- Manipulating POSTs
- Attacking Cookies
SQL injection in MS SQL
- SQL command structure
- Discovering vulnerable apps
- Circumventing authentication
- Attacking availability
- Inserting data
- Retrieving data
- Deleting data
- Local system access
SQL injection in MySQL
- Introduction
- SQL injection in string fields
- Circumventing strings
- Attacking the application
CD & DVD-ROM protections
- Common CD check routines
- Cracking CD checks
- A commercial protection scheme- SafeDisc
- Cracking SafeDisc
-
-
After your boot camp
-
Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-
Free ethical hacking training resources
Sign up