Penetration Testing and Ethical Hacking in WANs (HCK2)

Cybersecurity, ICT Security

This practical course presents a structured method for penetration testing of WAN infrastructures, stressing realistic attack scenarios and intensive hands-on labs. Participants learn to map remote networks, identify and validate vulnerabilities, and plan safe tests on Windows and Linux.

The course trains use of security distributions like Kali Linux and professional Metasploit workflows for exploitation and privilege escalation. You will practice IDS/firewall evasion, VPN and DoS testing, shellcode handling and post forensic analysis.

Location, current course term

Brno + online (volitelně)	11/19/2025 - 11/21/2025 CZECH Order 2/11/2026 - 2/13/2026 CZECH Order
Praha + online (volitelně)	9/10/2025 - 9/12/2025 CZECH Order 10/20/2025 - 10/22/2025 CZECH Order
Custom	Customized Training (date, location, content, duration)

The course:

Hide detail

• Reconnaissance of targets on the Internet
1. Discovering the target's online presence
2. Determining the target's IP ranges

• Offensive tools for Linux and Windows
1. Basics of inventory and using network-layer scanners
2. Overview of different scanner types
3. Using scanners for higher-layer reconnaissance – amap, dsniff

• Tracing the route to a target and scouting firewalls using firewallking
1. Detection techniques

• Standard and specialized scanners
1. Using them to scan services
2. Inventory options via higher-layer protocols (LDAP, SNMP, etc.)

• Discovering vulnerabilities of WAN targets
1. Using independent vulnerability and weakness databases

• Using discovered vulnerabilities to gain and escalate privileges on remote systems
1. Using Metasploit in a WAN context
2. Modifying shellcode to bypass intrusion detection
3. Privilege escalation options and demonstrating remote system control

• Automating penetration tests with Metasploit

• Basics of writing shellcode, types and establishing connections to targets
1. Demonstration of shellcode usage
2. Kernel and memory manipulation by malicious code and rootkits
3. Practical removal of shellcode from an OS

• Description of attacks at the network layer
1. Attack forms against protocols and services such as DNS, HTTP and others
2. Direct attack possibilities on network devices, primarily Cisco IOS

• Use of stack-overflow techniques
1. Demonstrations of DoS attacks on various protocols and services
2. Ensuring response to unusual network activity
3. Examples of monitoring and detection tools

• Bypassing firewalls, IDS and honeypots
1. Logging options for standard and non-standard activity

• Demonstrations of attacks on web and proxy servers
1. Security review of MS IIS web server
2. Exploiting servers via dynamic code – ActiveX
3. Implementation flaws in the Java Virtual Machine
4. Browser weaknesses

• Reconnaissance of VPN services on remote systems and potential VPN attacks
1. Defenses using encryption – SSL, IPSec and other techniques

• Actions after confirming a system compromise
1. Tracing attacker activity
2. Hiding traces of illegal activity
3. Capabilities of standard security audit tools

Assumed knowledge:

Experience with Windows and Linux; basic understanding of TCP/IP network security.

Recommended previous course:

Penetration Testing and Ethical Hacking (HCK1)

Recommended subsequent course:

Real-World Ethical Hacking (HCK3)

Schedule:

3 days (9:00 AM - 5:00 PM )

Course price:

756.00 € ( 914.76 € incl. 21% VAT)

Language: