Check Point HackingPoint™ Advanced Infrastrucure Hacking PenTesting Expert (CCPM)

Vendor: Check Point
Course Code: WGAC-CKP-HP-AIH
Course Outline

This class continues the Art of Web Hacking series The class covers a wide range of offensive hacking techniques. The curriculum was written by real penetration testers with a world-wide reputation (BlackHat, AppSec, OWASP, Defcon).

The Advanced Infrastructure Hacking class is designed for those who want to enrich their knowledge. The fast-paced class teaches:

  • Hacking techniques to compromise operating systems and networking devices
  • Advanced penetration techniques to achieve exploitation
  • Hacking domain controllers to local root, VLAN hopping and VoIP hacking
Prerequisites & Audience

Check Point HackingPoint™ Infrastrucure Hacking

Experience with common hacking tools such as Metasploit is
recommended, but not a requirement

Course Objectives

HackingPoint is a new Global Education program for security experts (customers, partners, or network admins) to help master all types of Pen Testing techniques and Cyber Security practices

World-class trainers and Pen-testing experts in the field (BlackHat & Check Point RnD trainers) provide students deep knowledge in cutting-edge Cyber Security threats

Understanding Advanced Hacking techniques for infrastructure devices and systems, is critical for penetration testing, red teaming, and managing vulnerabilities in your environment.

Students will become familiar with hacking techniques for common operating systems and networking devices.

Course Topics

IPv4 and IPv6 refresher

  • Advanced topics in network scanning
  • Undertanding and exploiting IPv6 targets
  • OSINT, DVCS exploitation
  • Advanced OSINT data gathering
  • Exploiting git and continuous integration (CI) servers
  • MySQL
  • Postgres
  • Oracle
  • Heart-Bleed and Shell-Shock
  • PHP serialization exploit
  • Web-sphere Java exploits

Database servers

  • MySQL
  • Postgres
  • Oracle

Recent vulnerabilities

  • Heart-Bleed and Shell-Shock
  • PHP serialization exploit
  • Web-sphere Java exploits

Windows exploitation

  • Domain and user enumeration
  • AppLocker/GPO restriction bypass
  • Local privilege escalation
  • Post exploitation #1 (AMSI bypass & Mimikatz)
  • Post exploitation #2 (LSASecrets)

AD exploitation

  • Active Directory delegation issues
  • WOW64
  • Pivoting and WinRM
  • Persistence (Golden Ticket and DCSync)
  • Lateral movement using WMIC

Linux exploitation

  • Port scanning and enumeration
  • FS + SSH
  • Privilege escalation
  • Rservices
  • Apache
  • X11 services

Container breakout

  • Docker breakout

VLAN exploitation

  • VLAN concepts
  • VLAN hopping attacks

VPN exploitation

  • VPN

VoIP exploitation

  • VoIP enumeration
  • VoIP exploitation
Top of page

On Demand Training

This course is available as an onsite, closed course and can be delivered at your premises. This may be a cost effective option where you have a group of delegates who require the same training. Additionally, it has the benefit that course content can be tailored to the needs of your organisation.

Register or Log in to submit your enquiry.