Scroll Top

Hacking Enterprises – 2023 Edition

Course Description

Updated for 2023, our Hacking Enterprises training is the natural counterpart to our popular Defending Enterprises course.

In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this  immersive hands-on course that covers a multitude of TTP’s. Targeting modern operating systems including Windows 11, you’ll use modern techniques and focus on exploiting configuration  weaknesses rather than throwing traditional exploits. Logical thinking and creativity will definitely be  put to the test! 

You will work to get initial access in a fictional organisation where multiple networks exist, some easily  accessible, others not so. You’ll implant and establish C2, but manual techniques will always be  emphasised so you’re equipped with the knowledge to work without reliance on frameworks.  

Course content has been designed to reflect real-world challenges and you’ll perform numerous  hands-on exercises including executing exploitative phishing campaigns against our simulated users  for initial access, finding new networks that in turn bringing new challenges including IPv6  exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, AD CS  abuse, userland and privileged persistence via OOB channels and much more!

We realise that training courses are limited for time and therefore students are also provided with the following: 

  • 14-day extended LAB access after the course finishes 
  • 14-day access to a CTF platform with subnets/hosts not seen during training! 
  • Discord support channel access where our security consultants are available

Course contents

Day 1

  • MITRE ATT&CK framework 
  • Overview on using the in-LAB SIEM 
  • Offensive OSINT 
  • IPv6 discovery, enumeration and exploitation 
  • Pivoting, routing, tunnelling and SOCKS proxies 
  • Application enumeration and exploitation via pivots 
  • Linux living off the land and post exploitation 
  • C2 infrastructure and beacon deployment

Day 2

  • Exploitative phishing against our simulated enterprise users 
  • Living off the land tricks and techniques in Windows 
  • P@ssw0rd and p@ssphras3 cracking 
  • Windows exploitation and privilege escalation techniques 
  • Windows Defender/AMSI and UAC bypasses 
  • Situational awareness and domain reconnaissance 
  • RDP hijacking

Day 3:

  • Bypassing AWL (AppLocker, PowerShell CLM and Group Policy)
  • Extracting LAPS secrets
  • Active Directory Certificate Services (AD CS) abuse
  • Lateral movement for domain trust exploitation
  • WMI Event Subscriptions for persistence
  • Out of Band (OOB) data exfiltration
  • Domain Fronting

Target audience

This training is suited to a variety of students, including:

  • Penetration testers / Red Team operators
  • SOC analysts
  • Security professionals
  • IT Support, administrative and network personnel


  • A firm familiarity of Windows and Linux command line syntax
  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience is advantageous, but not required

Hardware/Software Requirements

  • Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
  • Students will need to have access to VNC, RDP, SSH and OpenVPN clients on their laptop

Trainers Biography

Will Hunt co-founded in 2018. Will’s been in infosec for over a decade and has  helped secure many organisations through technical security services and training. Will’s delivered  hacking courses globally at several conferences including Black Hat and has spoken at various  conferences and events. Will also assists the UK government in various technical, educational and  advisory capacities. Before Will was a security consultant he was an experienced digital forensics  consultant and trainer.

Twitter : @Stealthsploit

Owen Shearing is a co-founder of, a specialist cyber security consultancy offering  technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided  technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’  Fest, NolaCon, 44CON, TROOPERS, BruCON and Hack in Paris. He keeps projects at

Twitter : @rebootuser

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.