c0c0n 2026

c0c0n is a 19 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Venue & Date

Contact Us

Applied Infrastructure Security Assessment

c0c0n 3-Day Professional Training

Applied Infrastructure Security Assessment

Objective

Modern enterprise infrastructure is built in layers: Diverse operating systems, mixed-generation servers, legacy and custom applications, firewalls, and Active Directory/EntraID.

This three-day, hands-on training is for you (IT security practitioners) who want to develop or deepen their skills to operate effectively against realistic, complex enterprise targets. The goal is direct: After the training you can plan and execute a complete infrastructure compromise chain against environments that actively resist it.

Every successful compromise of the network infrastructure has to evade multiple layers of security in a perfect sequence. Imagine yourself in an environment with diverse operating systems, servers, and applications with a legacy as well as in-house developed products and security solutions such as firewall, AV, etc. How do you plan to go ahead and pwn them all? Learn to exploit and compromise targets where Metasploit will not work by default. Look inside exploit code, and tweak them to make it work against your targets. Perform a wide array of tricks to discover, enumerate and pwn services, systems, and domain controllers. Move around in an enterprise network with Active Directory/EntraID. Analyze and exploit enterprise software components. Attack AI-based systems and leverage AI to your advantage in pentesting.

We have prepared a large lab for you to test and extend your skills. You will spend the majority of their time hacking systems, making decisions, and finding solutions to the problems that arise when an exploiting real-world systems. After going through our labs, you will have better skills, more tricks & tools and higher confidence in your next engagements.

Course Content

The course has a strong practical focus. After a short setup-phase, exercises will be hands-on with guidance. Contents and exercises are selected based on the groups' speed and interests. In general, we aim to cover the following contents:

Day 1 "From the outside"
  • Reconnaissance & Information Gathering
  • Network Scanning & Enumeration
  • Pentesting Frameworks
  • Leveraging AI for hacking
  • Advanced Web hacking & WAF bypasses
  • Manual Exploit Development
  • Gaining Remote Code/Command Execution
  • Modern Reverse Shells
Day 2 "From the inside"
  • Gaining Persistence on compromised systems
  • Network Pivoting & Tunnelling
  • Breaking Isolation Boundaries
  • Abusing Misconfigurations
  • Cracking passwords
  • Privilege Escalation to Administrator
Day 3 "Windows & AD"
  • Windows Privilege Escalation
  • Active Directory Overview & Internals
  • Reconnaissance, Kerberoasting, Pass-The-Ticket, NTLM / SMB relay, DCSync, Silver Ticket, Golden Ticket, ADCS, etc.
  • EntraID Reconnaissance
  • Access Token Theft
Learning Outcomes

We aim to provide the participants with the following learning outcomes at the end of the course:

  • how to be more proficient on the Linux and Windows CLI
  • how to use AI for hacking
  • how to identify networks, systems and vulnerabilities
  • how to tunnel and pivot through multiple networks
  • how to develop custom exploits and use public exploits
  • how to escalate privileges and escape isolation boundaries
  • how to exploit Linux and Windows systems with known and unknown vulnerabilities
  • how to use pentesting frameworks

The variety of exercises and the self-assessment capabilities of the lab allow all participants to individually extend and improve their skillset.

Pre-requisite

  • Basic knowledge of networking, the Linux-CLI and Powershell-CLI
  • Basic familiarity with Linux, Windows, Web Applications, Active Directory and EntraID
  • Experience with vulnerability assessment and penetration testing tools such as nmap, metasploit, Burp (or similar), netexec
  • Familiarity with virtualization tools like VMware / VirtualBox / UTM
  • Personal GitHub Account ID and basic git usage

Participant's Requirements (Hardware / Software / Cloud Accounts, etc)

  • A laptop with administrator privileges and permissions to run VMs
  • Network connectivity over WiFi (and optional: ethernet)
  • Ability to disable security controls such as AV (if applicable)
  • Ability to connect USB Drives for transfer of VMs (optional)
  • Minimum 50 GB of free hard disk space
  • Minimum 8 GB RAM for virtual machines
  • VM Player or VMWare Workstation or Oracle VirtualBox or UTM installed
  • ARM/Apple Silicon (M) will be supported with x86/amd64 emulation which might be a bit slow

Who Should Attend

  • IT-Security practitioners (Penetration Tester, Security Analyst, Security Engineer)
  • (Junior & Senior) Red-Teamers

What to expect

  • 3 intensive days of infrastructure penetration testing tools and techniques
  • Practical exercises to strengthen your skills and deepen your knowledge
  • Extensive lab environment with many vulnerabilities of increasing difficulty
  • Exploiting known and unknown vulnerabilities
  • Developing custom exploits
  • Using AI / LLMs for hacking
  • Hacking real-world scenarios
  • A large take-home slide-deck with the contents, cheat-sheet-style documentation of the lab and solution videos.

What Not to Expect

  • This is not a beginner's course.
  • Some labs used during the course will not be provided/accessible after the training.

Trainers

Sebastian Neef>
Sebastian Neef

IT Security Research by <3

PhD Candidate. Freelancer. CTF-Player. & more ;-)

Prashant Mahajan>
Prashant Mahajan

Founder & Director Australia Pty Ltd

Organizer @ OzHack

Training Information

  • Duration 3 Day Training
  • Dates 6th Oct, 2026 to 8th Oct, 2026
  • Time 09:30 IST - 17:30 IST
  • Venue Grand Hyatt, Bolgatty, Kochi, Kerala

Register Now