Applied Hands-On Infrastructure Security Assessment Training

Master the art of exploiting corporate and enterprise environments where standard tools fail. Learn to develop custom exploits, navigate Active Directory, and compromise hardened targets.

Join Next Training View Syllabus

Training Overview

A 2 or 3 day training (depending on venue) covering advanced infrastructure penetration testing techniques

Beyond Standard Tools

Learn to exploit and compromise targets where Metasploit and other standard tools won't work by default. Analyze and modify exploit code for specific targets.

Corporate and Enterprise Networks

Navigate corporate and enterprise networks with a diverse set of heterogenous systems, including Linux and Windows. Discover, enumerate, and compromise services, systems, servers, and domain controllers.

Exploit Development

Develop custom exploits and chain vulnerabilities. Manual exploitation techniques that bypass modern security controls.

Who Should Attend

IT-Security practitioners, Penetration Testers, Security Analysts, Security Engineers, and Junior to Senior Red-Teamers with prior pentesting experience.

Training Contents

Our comprehensive curriculum spans from initial web exploitation to full Active Directory compromise. Each training covers a selection of these topics based on duration and venue.

Web & Network Exploitation

  • Introduction & Lab Setup
  • Leveraging AI for Penetration Testing
  • Exploiting Hardened Web Applications
  • WAF Bypasses & Advanced Web Hacking
  • Manual Exploit Development
  • Vulnerability Chaining
  • Evading Network Isolation
  • Discovering Backend Systems
  • Overcoming Reverse Shell Obstacles
  • Breaking Security Boundaries
  • Privilege Escalation & Persistence
  • ... and more

Active Directory & Windows Exploitation

  • AD Overview: Domain Controllers, FSMO, Replication
  • AD Reconnaissance: LDAP, Users, Groups, ACLs
  • Credential Extraction: SAM, NTDS.dit, LSASS
  • DPAPI, Credential Guard Bypass
  • Pass-the-Hash & Pass-the-Ticket
  • Kerberoasting & NTLM/SMB Relay
  • DCSync, Golden & Silver Tickets
  • Detection & Monitoring Techniques
  • Hybrid Environments & Entra ID
  • Access Token Theft & Sync Attacks
  • ... and more

Learning Outcomes

  • Linux & Windows CLI usage
  • Information Gathering & Enumeration
  • Network Scanning, Pivoting and Reverse Shells
  • Pentest frameworks
  • Exploit development
  • Web hacking & WAF bypasses
  • AI assisted hacking
  • Local Privilege Escalations
  • Breaking Isolation Boundaries
  • Abusing misconfigurations
  • Gaining persistence
  • ... and more

Prerequisites

  • Laptop capable of running virtual machines (admin privileges required)
  • Working Kali Linux VM
  • GitHub account and basic git usage
  • Basic Linux and Windows command line knowledge
  • Basic networking and security knowledge
  • Familiarity with penetration testing tools and methodologies

Your Trainers

Learn from industry experts with decades of combined experience

Prashant Mahajan

Prashant Mahajan

Payatu Australia & OzHack

Operates Payatu Australia and OzHack, teaching at TAFENSW with over a decade of experience in penetration testing, vulnerability analysis, and incident response. Creator of the popular open-source tools ADRecon and AzureADRecon.

Website LinkedIn
Sebastian Neef

Sebastian Neef

PhD candidate & IT-Security Freelancer

PhD researcher at Technical University of Berlin specializing in web and network security. With 15+ years of freelance experience, Sebastian has worked with Google, PayPal, and ranks highly on Bugcrowd and Detectify platforms.

Website LinkedIn

Ready to Level Up Your Skills?

Join our next Advanced Infrastructure Security Assessment training and learn to compromise the most hardened enterprise environments.

Registration open

c0c0n 2026

October 6-8, 2026

Grand Hyatt, Kochi, India

Register now
Sold Out

Nullcon Goa 2026

March 2-4, 2026

Heritage Village Resort, Goa, India

Training group photo at Nullcon
Training session in progress
Hands-on training session