Professional Hacker Training Course - 2 days bootcamp

A technical penetration testing course for software engineers, testers, architects, system admins and anyone who wants to get into penetration testing field!

Let's get it straight. The majority of the security training courses have two major shortcomings:

they don't teach you the "hacker mindset"; and they don't give you a good understanding of the many complexities associated with a penetration testing project.

Therefore, armed only with technical skills, you lack the solid problem-solving foundation required to perform a real security testing project.

The Professional Hacker® is a course to teach you 'how to fish'—which means how to think like a hacker and test a system as a security professional. You will learn how to apply a penetration testing methodology developed and used by seasoned security experts in the field. (In fact, it is the penetration testing methodology that elttam Security Consultants rely on!)

This course is rare in that it teaches you the true hacker mindset. (After all, give a man a fish and he eats for a day; teach him how to fish and he eats for a lifetime.)

This course is not about:

Teaching tool man pages, an approach that makes you too reliant on tools.

Teaching security vulnerabilities from the 1990s that will rarely be found in today’s environments.

Practicing in a game or unrealistic environment that does not effectively simulate real-world systems.

Instead, the course teaches you how to approach, start, perform and close down a penetration testing project. Finally, it enables you to address many complexities related to real-life security projects such as time constraints, usability requirements, etc.

By the end of this training, you will have a solid foundation to enter the security profession and will possess the skillset needed to execute successful penetration testing projects.

Course structure

Theory

Each module starts with theory so you have the necessary knowledge to understand important security topics. Topics within a module are aligned with what matters the most in today's penetration testing world.

Hands-on

Each module has a practical piece, filled with many examples and hands-on exercises. The exercises are from a real-life penetration testing project. The instructor will guide you, step by step, to reach the objective of each exercise.

Exercises

Some topics will be covered in the exercises that will be given to you at the end of the module or part of the Workbook. The exercises help you to master the skillset required.

References

Those who are new to penetration testing sometimes feel challenged to navigate the abundance of available books and materials on security testing. That’s why each module offers you a hand-picked set of references for further study, if desired.

24x7 Lab

As part of this course, you will have access to elttam's online training lab which represents a real-life environment. The lab has a mix of modern vulnerabilities where you can practice identifying and exploiting these vulnerabilities.

Course Syllabus (2 days bootcamp)

The syllabus is aligned with a real-life penetration testing methodology that security professionals use in their daily work.

Know where to start (reconnaissance)

This module teaches you how to start a penetration testing project including things a tester should always check, how to perform reconnaissance and more importantly how to prioritise. In real-life, a tester has limited time to execute and report on a test, so it is important to know where to start and when to stop.

Create a hacker mindset (test-case design and threat modelling)

This module is where you will start their journey into thinking like a hacker. Several brain logic exercises will be covered, followed by golden questions a hacker keeps in mind when she tests a system. You will learn what Misuse Cases are and how to create them. Five Hats®, a proprietary elttam technique, will give you the ability to identify all possible threats against a system. Eventually, you are going to learn what a hacker does after hours! Most topics in this module are novel, so you will hear them for the first time.

Identify and exploit security defects (Web application hacking 101)

This module starts with the Whys of application security defects, then covers different mapping techniques, and moves into attack surface analysis and prioritisation. It then dives into different flavours of security defects that can be found in today's modern application technology stack. You will learn about common security defects in the following software components:





Output rendering Session management Error handling Authentication and authorisation Input handling User interface Code logic File handling





Security Hackathon (CTF)

Most beginners find it difficult to create an exploit for a software vulnerability. If real-life testers don't have a Proof of Concept (PoC) for an identified vulnerability, they find it difficult to assess its impact and tell others about it. In this module, you will learn techniques to turn a vulnerability into a fully blown exploit in a fun hacking competition.

Who will be teaching?

Your elttam's Professional Hacker® course will be delivered by Dr. Pedram Hayati, a seasoned security expert who provides specialised consulting and training services to Australia’s Top ASX listed companies. Pedram is a passionate security consultant and teacher by day and founder of Australia's largest security meetup (SecTalks) by night.

Pedram delivers security courses to customers and presents at security conferences around the world. He also loves to share his in-field experiences with people to increase their vigilance against security attacks.

Student Testimonials

“Overall the course was great, but I particularly enjoyed the "Create your hacker mindset" module. As a software engineer, I feel like those techniques are going to be very useful in the next security planning session.” - Software engineer, Financial services

“I really liked the integration of business concerns, like UX, when coming up with a security patch. I also loved the hacker mindset component and problems in multiple ways, like inverse thinking. Loved the practical exercises and how they encompassed the whole flow including patching.” - Software engineer, Financial services

“Keep the practical stuff. Also the modules on reporting and patching make this better than other courses I've done.” - Software engineer team lead

FAQs

What is the ticket price is inclusive of?

Ticket price is inclusive of 2 days instructor lead class, access to local and online elttam training lab, Workbook, Hacking competition, Internet access, lunch, tea and coffee on both days.

What should I bring into the class?

Laptop with a hypervisor software such as Virtualbox or VMWare Player. Download and run recent version of Kali for Virtualbox or VMWare player Pen or pencil to take notes.

How can I contact the organiser with any questions?

Please email us at hello@elttam.com.au

What are my transport/parking options for getting to and from the venue?

Train: The closest train station to Cliftons Sydney is Wynyard Station. Exit Wynyard station via the George Street exit and turn left toward Circular Quay, then turn left onto Margaret Street. Head 50 metres up Margaret Street and the venue is located on the right hand side – next door to Max Brenners.

Bus: Closest Bus Interchange: Clarence Street (170m). Frequent buses run along George Street adjacent to venue.

Parking: Secure parking station - Jamison Street, Australia Square Parking - 264-278 George Street

Airport: Driving distance from the Sydney's Kingsford Smith Airport is approximately 17km. Estimated taxi fare: $50.00 AUD (one way). Airport Link train fare: $16.40 (one way) from the domestic terminal & $17.20 (one way) from the international terminal.

Ferry: Circular Quay is a 5 minute walk from Cliftons Sydney. Ferries regularly depart to destinations including Manly and Parramatta.

Do you also run this course privately?

Yes, we have ran this course many times privately for companies. For more informaiton, please contact us at hello@elttam.com.au

Do you have any other security courses?

Yes, please visit https://www.elttam.com.au/training





We are specialised Australian IT security firm that provides independent security consulting and training services.