Penetration Testing 10-Day Boot Camp

Infosec’s penetration testing training — delivered in the form of a 10-day, boot-camp style course — is the information security industry’s most comprehensive penetration testing course available.

★★★★★

4.7

(8,755 ratings)

93% exam pass rate

View Pricing

Become a certified pentester, guaranteed!

Exam Pass Guarantee
100% Satisfaction Guarantee
Certified Ethical Hacker (CEH) exam voucher
PenTest+ exam voucher
Certified Penetration Tester (CPT) exam voucher
Certified Expert Penetration Tester (CEPT) exam voucher
Unlimited practice exam attempts
Ten days live, expert security training instruction (live online or in-person)
Immediate access to Infosec Skills — including a bonus security training boot camp prep course — from the minute you enroll to 90 days after your boot camp
Learn by doing with 100s of additional hands-on courses and labs
90-day access to all boot camp video replays and materials
Knowledge Transfer Guarantee

Hands-on labs

Hundreds of exercises in over 30 separate hands-on labs bring you up to speed with the latest threats to which your organization is most vulnerable. Practice penetration testing in our virtualized environment that simulates a full range of servers and services used in a real company. Learn how to compromise web servers, virtual machines, databases, routers and firewalls, and then put it all together in an unscripted evening Capture the Flag (CTF) exercise.

Nightly capture the flag exercises

CTF exercises are an opportunity for you to practice your hacking skills in a real-world environment. Infosec sets up a mock company that you can freely attack without having to worry about damaging production systems. The purpose of the CTF exercises is to ensure you understand how to apply the skills you learned during the day to a real-world, ethical hacking scenario.

Course benefits

Gain the in-demand career skills of a professional security tester — learn the methodologies, tools and manual hacking techniques used by penetration testers
Stay ethical — get hands-on hacking skills in our lab that are difficult to gain in a corporate or government working environment, such as anti-forensics and unauthorized data extraction
Move beyond automated vulnerability scans and simple security testing into the world of ethical penetration testing and hacking
More than interesting theories and lecture — get your hands dirty in our cyber range

View full course schedule

Training overview

In this 10-day boot camp, you will learn everything there is to know about penetration testing, from the use of network reconnaissance tools to the writing of custom zero-day buffer overflow exploits. The goal of this course is to help you master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or hacking situation.

This penetration testing training course has a significant return on investment: you walk out the door with hacking skills that are highly in demand, as well as up to four certifications:

Certified Ethical Hacker (CEH)
CompTIA PenTest+
Certified Penetration Tester (CPT)
Certified Expert Penetration Tester (CEPT)

What you’ll learn

Writing buffer overflow exploits
dlmalloc Heap Overflow exploits
Win32 Heap Overflow exploits
Linux stack overflow exploits
Defeating non-exec stacks
Return-to-libc shellcode
Function pointer overwrites
Crafting injectable shellcode
Defeating non-executable stacks
Linux LKM rootkits
Windows kernel rootkits
Reverse engineering training
Vulnerability development and discovery
Attacking and blinding IDSs
Hiding your attacks from IDSs
Encrypted covert channels
Global offset table overwrites
Windows shellcode
Integer overflows
Linux shellcode
“No listening port” Trojans
A whole day on breaking through enterprise DMZs
Reconstructing binaries from sniffed traffic
Circumventing antivirus
Bi-directional spoofed communication
Session fixation
Advanced SQL injection
Justifying a penetration test to management and customers
Defensive techniques

Hands-on activities

Capture the flag exercises every night!
Writing a stack buffer overflow
Porting exploits to metasploit modules
Find socket shellcode
Writing shellcode for Linux
Using Ollydbg for Win32 Exploits
Using IDA Pro for reversing
Reconstructing sniffed images
Reverse engineering Windows PE binaries
Session hijacking
Passive network analysis
Exploitation with a remote GUI
Sniffing SSL encrypted sessions
Format string exploits
Heap overflow exploits
Windows exploits
Calculating offsets
Reversing with SoftIce
OS determination without touching the target
SQL injection timing attacks
Port redirection
ASP source disclosure attacks
Call-back backdoors
Encrypted covert channels
Remote keyloggers
PHP/MySQL SQL injection
Inserting malicious code into unix binaries

Who should attend

Penetration testers
Security analysts
Cybersecurity consultants
Anyone with a desire to learn penetration testing skills!

Prerequisites

Firm understanding of the Windows Operating System
Exposure to the Linux Operating System or other Unix-based OS
Firm understanding of the TCP/IP protocols
Exposure to network reconnaissance and associated tools (nmap, nessus, netcat)
Programming knowledge is NOT required
Desire to learn about ethical hacking, and get great penetration testing training!

Everything you need to become a certified penetration tester

Exam Pass Guarantee
100% Satisfaction Guarantee
Certified Ethical Hacker (CEH) exam voucher
PenTest+ exam voucher
Certified Penetration Tester (CPT) exam voucher
Certified Expert Penetration Tester (CEPT) exam voucher
10 days live, expert security training instruction (live online or in-person)
Security training boot camp prep course
Learn by doing with 100s of additional hands-on courses and labs
90-day access to all boot camp video replays and materials
Knowledge Transfer Guarantee

View Pricing

Exam Pass Guarantee

We guarantee you’ll pass your exam on the first attempt. Learn more.

Pentesting training schedule

Infosec’s 10-day pentesting training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth security training prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- Day 1 to Day 5
  
  Testing methodologies
  
  Security testing methodologies
  
  The ethical hacking profession
  
  Planning and scoping an engagement
  
  Legal and compliance considerations
  
  Ethical hacking methodologies
  
  Tools of the trade
  
  Linux overview
  
  Passive intelligence gathering
  
  Abusing DNS
  
  Abusing SNMP
  
  Security testing methodologies
  
  Network scanning and service identification
  
  Understanding TCP packets and structuresPassive network discovery and scanning
  
  TCP scanning
  
  Using differences in RFC implementations to your advantage
  
  Scanning through firewalls
  
  How to prevent the discovery of your reconnaissance activities
  
  Using zombies to mask network scanning
  
  Avoiding IDS/IPS detection
  
  Proper identification of services
  
  Vulnerability identification
  
  Exploiting vulnerabilities and social engineering techniques
  
  Vulnerability life cycles
  
  Types of vulnerabilities
  
  Flaws in encryption
  
  Configuration errors
  
  Buffer overflows
  
  Stack overflows
  
  Vulnerability mapping
  
  Exploit utilization and delivery methods
  
  Client side exploits
  
  Server side exploits
  
  Password security
  
  Social engineering techniques
  
  Attacking physical controls
  
  Hashing
  
  Rainbow tables
  
  Attacking Windows password security
  
  Weaknesses in Windows authentication protocols
  
  Rainbow tables
  
  SQL injection and attacks
  
  Use of Trojans
  
  Redirecting ports to thwart firewall rules
  
  Avoiding anti-virus detection
  
  Lateral movement and persistence
  
  Use of keyloggers
  
  IDS operations and avoidance
  
  Encrypting your communications
  
  Protocol abuse for covert communications
  
  Creating custom encryption tunneling applications
  
  E-shoplifting
  
  XSS attacks
  
  Cross site forgery
  
  Circumventing authentication
  
  SQL injection discovery and exploitation
  
  SQL data extraction
  
  Scripts for ethical hacking and mitigation strategies
  
  Sniffing in different environments
  
  Attack sniffers
  
  Man-in-the-middle attacks
  
  Wireless networking
  
  Shared key authentication weaknesses
  
  WEP/WPA/WPA2 cracking
  
  Anti-forensics
  
  Log modification/deletion
  
  Rootkits
  
  Introduction to scripting
  
  Common script components
  
  Writing effective reports
  
  Providing mitigation recommendations
  
  CEH exam review
  
  PenTest+ exam review
  
  Day 6 to Day 10
  
  Introduction to Advanced Hacking
  
  Overview of current security
  
  Advanced recon
  
  Stealth strategies
  
  Evading IDS/IPS
  
  Passive network recon
  
  Idle scanning
  
  Automated metadata gathering
  
  Blinding IDSs
  
  Intrusion detection overview
  
  Intrusion prevention
  
  Blinding IDSs
  
  Hiding from IDSs
  
  Vulnerability mapping
  
  Using nessus
  
  Manual vulnerability discovery
  
  Mapping client-side vulnerabilities
  
  x86 assembly for exploit development
  
  Computing fundamentals
  
  CPU registers
  
  Memory segments
  
  Assembly instructions
  
  Finding vulnerabilities with debuggers
  
  Debuggers
  
  Hardware vs software breakpoints
  
  Keygens
  
  Attacking keygen algorithms
  
  Protections against these attacks
  
  Reversing win32 applications with IDA
  
  Windows apps
  
  Breakpointing on APIs
  
  Breakpointing on messages
  
  IDA
  
  IDA FLIRT
  
  Other IDA features
  
  Fuzzing/fault injection
  
  Manual fault injecting
  
  Advances in fault injection
  
  Attacking complicated protocols
  
  Memory architecture and stack-based overflows
  
  Memory segments
  
  Introduction to stack
  
  Functions and stack
  
  Programming
  
  SEH exploits
  
  Introduction
  
  Structured exception handling
  
  Controlling SEH chains
  
  SEH exploit mitigation techniques
  
  SEHOP
  
  Return oriented programming
  
  Operating system protections
  
  What is ROP?
  
  Why do we need it?
  
  How do we go about it?
  
  Writing shellcode
  
  Introduction
  
  Null Bytes
  
  Egghunters
  
  What are egghunters
  
  Why do we need them
  
  Notable egghunter code
  
  How do we go about it
  
  Bonus content
  
  Restricted character set exploitation
  
  What is restricted character set exploitation
  
  Bad characters
  
  Unicode filtering
  
  Alphanumeric shellcode
  
  Attacking format strings
  
  Introduction to format strings
  
  Using format functions
  
  Format string vulnerability
  
  Reading the stack
  
  Reading arbitrary memory addresses
  
  Payloads
  
  Payload use
  
  Bind shell
  
  Reverse connect
  
  SysCall proxy
  
  DLL injection
  
  Advanced exploitation
  
  Metasploit payloads
  
  Metasploit meterpreter
  
  Meterpreter scripts
  
  Windows adduser payload
  
  Writing metasploit module
  
  Advanced metasploit
  
  Metasploit framework
  
  Labs for programming
  
  More advanced metasploit
  
  Metasploit framework
  
  Auxiliary modules
  
  Post exploitation
  
  Compressors and encryptors
  
  Background on packers
  
  Why use a packer
  
  How a packer works
  
  Strategies for defeating packers
  
  Removing the packer with SofIce and ProcDump
  
  The JMP EIP trick
  
  Deleting the encryptor code segment
  
  Advanced client side exploits
  
  Client side vs server side
  
  Why client side is popular
  
  The advanced persistent threat
  
  Anatomy of a client side attack
  
  Types of defenses
  
  Attacking network-based protocols
  
  Attacking ARP
  
  Attacking SSL
  
  Traffic manipulation
  
  Exploiting web apps
  
  Web app scanning
  
  Tools for tracking vulnerabilities
  
  Manual investigation
  
  Web application hacking
  
  OWASP top 10
  
  Eshoplifting
  
  Deconstructing Java
  
  Manipulating GETs
  
  Manipulating POSTs
  
  Attacking Cookies
  
  SQL injection in MS SQL
  
  SQL command structure
  
  Discovering vulnerable apps
  
  Circumventing authentication
  
  Attacking availability
  
  Inserting data
  
  Retrieving data
  
  Deleting data
  
  Local system access
  
  SQL injection in MySQL
  
  Introduction
  
  SQL injection in string fields
  
  Circumventing strings
  
  Attacking the application
  
  CD & DVD-ROM protections
  
  Common CD check routines
  
  Cracking CD checks
  
  A commercial protection scheme- SafeDisc
  
  Cracking SafeDisc
After your boot camp
- Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your security training exams, get a head start on your next certification goal or start earning CPEs.

Free security training resources

PenTest+: Everything you need to know about CompTIA’s new certification

CompTIA’s new PenTest+ certification validates your knowledge around identifying, exploiting, reporting and managing vulnerabilities.

Watch now

What’s new in ethical hacking: Latest careers, skills and certifications

Want to be an ethical hacker? Find out everything you need to know in this webinar featuring Infosec instructor Keatron Evans.