On This Page

Advanced Infrastructure Hacking

Notsosecure Ltd | August 1-4


***More Seats Added!***

Whether you are penetration testing, Red Teaming, or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques for infrastructure devices and systems is critical.

The Advanced Infrastructure course will get the attendees familiarized with a wealth of hacking techniques for common Operating systems and networking devices. Attendees will also be given 1 month FREE access to an online lab (after the class) to help them practice the concepts taught in the class. While prior pentest experience is not a strict requirement, a prior use of common hacking tools such as metasploit is recommended for the class. The following is the syllabus for the class:

Day 1:

  • TCP/IP basics
  • Network Enumeration
  • Port scanning
  • TCP/UDP/ICMP scanning
  • Windows/Linux enumeration
  • The Art of brute-forcing
  • Database Exploitation (Oracle, Postgres, Mysql)
  • Hacking Application servers
  • Password Hashes/salt/rainbow tables
  • Advanced Password cracking


  • Windows Vulnerabilities
  • Mastering Metasploit
  • Latest remote exploits
  • Local privilege escalation
  • Pass the hash/Pass the ticket
  • Custom payloads
  • Antivirus evasion
  • Post-exploitation


  • Linux Vulnerabilities
  • Finger
  • Rservices
  • NFS Hacks
  • SSH hacks
  • X11 vulnerabilities
  • Local Privilege escalation
  • Kernel exploits
  • Weak file permissions
  • SUID/SGID scripts
  • CRON Jobs
  • Inetd services

Day 4:

  • VLAN Hopping
  • Hacking VoIP
  • VPN
  • Exploiting insecure VPN configuration
  • Switch/Router vulnerabilities
  • Insecure SNMP configuration
  • B33r 101

Who Should Take this Course

System Administrators, Penetration testers, security enthusiasts and anyone who wants to take their skills to next level.

Student Requirements

Attendees should bring their own laptop with Kali Linux running either natively or in a VMware platform. A previous knowledge of common hacking/enumeration tools such as nmap, metasploit etc is recommended for the class. The course is also ideal for those who have successfuly obtained CREST CRT certification and are now preparing for the Advanced CCT certification.

What Students Should Bring

Same as above.

What Students Will Be Provided With

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. The lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the training, along with student hand-outs.


Sumit "sid" Siddharth is the founder of NotSoSecure Ltd, a specialist IT security firm delivering high-end IT security consultancy and Training. Prior to NotSoSecure, he worked as Head of Penetration Testing for a leading IT security company in UK. He has more than 9 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB etc. Sid is also a co-author of the book SQL Injection: Attacks and Defence (2nd edition).

Over the years, Sid has identified several critical flaws in leading software and helped fix these bugs. These include products from Microsoft, Oracle, Intel, Wordpress etc. He has trained several security consultants/penetration testers and helped them get better at their jobs. Sid also holds both CREST certifications (Application and Infrastructure).


Anant Shrivastava is an information security professional with 7 yrs of corporate experience with expertise in Mobile, application and Linux Security. He has trained ~200 delegates at various conferences (Nullcon - 2015, g0s - 2013, c0c0n - 2013, Nullcon - 2012). He holds various industry recognized certifications such as SANS GWAPT (GIAC Certified Web Application Testing and RHCE (RedHat certified Engineer).

Co-author for OWASP Testing guide version4. He is credited with multiple responsible public disclosures (refer www.osvdb.org/creditees/10234-anant-shrivastava). He has built a security solutions repository for WordPressCMS which contains open source code snippets to provide protection against known attack patterns (github.com/anantshri/wp-security). He is also a lead for a project named as Code Vigilant (www.codevigilant.com), which aims to identify security, issues in open source software's and currently holds 150+ vulnerability disclosures.

Harman Singh brings along more than 7 years of Information Security consulting experience, mainly in the infrastructure and device security field. Over the years, Harman has worked for leading IT security companies. Harman is a Crest Certificate Infrastructure Tester (CCT) and now works with NotSoSecure where he provides information security training and penetration testing services.

Video Preview (Training Description Above - Top of Page)