Course Overview | Basic Infrastructure Hacking
Develop essential skills in infrastructure security with this 3-day hands-on course. Learn to identify and exploit vulnerabilities, apply industry standards, and think like a threat actor. With 80% lab-based exercises, you'll gain practical experience in lifelike environments under the guidance of seasoned penetration testers. Ideal for beginners or professionals looking to enhance their expertise.

IT infrastructure is more complex and dynamic than it’s ever been, demanding comprehensive, modern, and well-rehearsed security skills to match. Join this hands-on, 3-day course to develop a strong baseline in infrastructure hacking and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.
Who it’s for • Students and graduates: improve your employability and enhance your CV. • Infrastructure penetration testers (1-2 years’ experience): build up your ability with the guidance of experienced pentesters and researchers. • Penetration testers in other fields (e.g., web, mobile): develop your infrastructure hacking skills and knowledge. • Network admins: understand how your environment could be attacked. • SOC analysts and engineers: develop your awareness of potential indicators of compromise (IoCs) and more complex malicious behaviors. • Security/IT managers and team leads: update your knowledge of the threat landscape.
This course is designed to help individuals bring their proficiency in infrastructure hacking and defense up to the industry baseline. It’s a foundation course that can lead on to our Advanced courses after a year or more spent using your new skills out in the wild.
Basic Infrastructure Hacking BY
3 day class
Delegates must have the following to make the most of the course:
• Basic knowledge of infrastructure application security (at least 1 year experience). • Basic familiarity with common command line syntax.
Top 3 takeaways • The ability to find and exploit vulnerabilities and other weaknesses in different infrastructure environments. • Knowledge of how to apply the leading industry infrastructure security standards and approaches. • Time spent with experienced, practicing penetration testers who can answer your questions.
What you’ll learn This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is over. By the end, you’ll know:
• Everything you need to about the risks associated with various infrastructure-based vulnerabilities. • How to think and behave like a real threat actor. • How to exploit vulnerabilities seen recently in the wild, as well as older but still prevalent vulnerabilities. • The fundamental principles of infrastructure hacking. • How to identify a list of IPs in your network all the way up to getting system level access on the domain controller.
What you’ll be doing You’ll be learning hands on: • Spending most of the session (~80%) on lab-based exercises. • Using lab-based flows to explore and hack lifelike infrastructure environments.
Basic TrackGet Certified
H A C K I N G P O I N T
• Trying out different hacking techniques to exploit common infrastructure misconfiguration. • Discussing the real-world impact of the hacks covered with the course trainer.
Why it’s relevant Infrastructure security must move at the incredible speed of software development, cloud innovation, and workplace evolution to remain relevant and useful. What’s needed is a thorough, contextual understanding of how and why your architecture and systems get targeted by threat actors, which are at risk, and what happens when those attacks succeed. Our Basic Infrastructure Hacking course provides delegates with this knowledge and more, by providing them with an up-to-date arsenal of basic offensive testing and remediation skills.
Delegates with solid baseline knowledge and a consistent approach to ethical hacking tend to develop faster in the long-term, so we’ve created a syllabus designed to comprehensively improve your subject matter understanding and practical methodology. It does this by analyzing both archaic and modern techniques, which once mastered, will help you progress further into advanced topics.
What’s in the syllabus Note: our syllabuses are subject to change based on new vulnerabilities found and exploits released.
THE ART OF PORT SCANNING • Methodology: basic concepts of hacking • Enumeration techniques and port scanning
THE ART OF ONLINE PASSWORD ATTACKS • Configure online password attack • Exploiting network service misconfiguration • MySQL and PostgreSQL • Attack chaining techniques
METASPLOIT BASICS • Exploitation concepts: manual exploitation methodology • Metasploit framework
PASSWORD CRACKING • Basic cryptography concepts • Design an offline brute force attack
HACKING UNIX • Linux vulnerabilities and misconfigurations • Privilege escalation techniques
HACKING APPLICATION SERVERS ON UNIX • Web server misconfiguration • Multiple exploitation techniques
HACKING THIRD PARTY CONTENT MANAGEMENT SYSTEM (CMS) SOFTWARE • CMS software overview • Vulnerability scanning and exploitation
WINDOWS ENUMERATION • Windows enumeration techniques and configuration issues • Attack chaining
CLIENT-SIDE ATTACKS • Various Windows client-side attack techniques
PRIVILEGE ESCALATION ON WINDOWS • Post-exploitation techniques • Windows privilege escalation techniques
HACKING APPLICATION SERVERS ON WINDOWS • Web server misconfiguration • Exploiting application servers
POST EXPLOITATION • Metasploit post-exploitation techniques • Window 10 security features and bypass techniques
HACKING WINDOWS DOMAINS • Understanding Windows authentication • Gaining access to a domain controller
H A C K I N G P O I N T
Course highlights What delegates love: • Intensive format: three days of focused learning to give you a crash course you won’t forget. • Our labs: probably the biggest selling point for our courses. Not only will you spend most of the course hacking hands-on in a lifelike web environments, you’ll get 30+ days access to practice your new skills afterwards. • Dedicated Kali instance: you’ll have your own infrastructure to play with, enabling you to hack at your own speed. • Real-world learning: where many of the leading cyber security training courses are based on theory, our scenario-led, research-based approach ensures you learn how real threat actors think and behave. • Specialist-led training: you’ll learn from highly skilled and experienced practicing penetration testers and red teamers.
What you’ll get • Certificate of completion • 30 days lab access after the course (with the opportunity to extend) • 8 Continuing Professional Education (CPE) credits awarded per day of training fulfilled. • Learning pack: question & answer sheets, setup documents, and command cheat sheets.
Outcomes for budget holders This course is designed to bring your organisation’s infrastructure security testing competency up to an advanced industry standard, helping you: • Respond to the security skills shortage in your organization from the ground up. • Take the first steps towards building a team of advanced infrastructure security testers. • Create a stronger case for securing your organization’s software development and procurement practices. • Build a closer relationship between network admin and security teams.
H A C K I N G P O I N T
• Nurture and retain passionate, highly skilled, and security conscious employees. • Keep your own infrastructure security knowledge up to date. • Demonstrate commitment to security through training, compliance, and change management. • Develop the organization’s competitive advantage for security-conscious customers.