black hat
On-Demand
Training Courses

Users can select the first five modules in any order. Lab simulations are locked until all prior modules are completed.

This course is aimed at kickstarting a technical career and is applicable to all.

• A background knowledge of IT and technical fundamentals.
• Linux and Windows with the focus of using or abusing it later in a pentesting journey, command-line usage and a deeper understanding of tools and underlying functions of the operating systems.
• A solid understanding of networking fundamentals required for a learning journey into pentesting or offensive security practices.
• An introduction and recap of programming and transfer the fundamental requirements in order to utilize and understand programming in relation to pentesting.
• Databases and the key understandings and usages thereof which will be required to grow into an offensive security practice.

• Understand Infrastructure Fundamentals: Gain a comprehensive understanding of the basic concepts of infrastructure and its role and significance in cybersecurity.
• Learn Infrastructure Penetration Testing Methodologies: Acquire knowledge of various methodologies and tools used in infrastructure penetration testing.
• Explore Ethical Hacking Principles: Understand the principles of ethical hacking and their application in cybersecurity practices.
• Utilize Kali Linux for Penetration Testing: Develop proficiency in using Kali Linux for conducting penetration testing activities.

• Real-World Attack Scenarios: Receive access to three courses covering Infrastructure Security, Penetration Testing, and Web Application Security and experience common vulnerabilities in a controlled environment.
• Guided Learning: Step-by-step challenges ensure you're never lost, making complex topics easier to grasp.
• Browser Based Labs: Complete the challenges on live machines that emulate a live development environment.
• No Prior Experience Needed: Whether you're an aspiring ethical hacker or a developer looking to secure your applications, our labs cater to all skill levels.
• Instant Feedback: Test your skills, see the impact of your exploits, and learn how to defend against them.

This course contains 3 modules, each representing a different assessment type:

• Security Architecture Reviews (no interaction with endpoints)
• Network Capture Assessments (minimal interaction with network devices)
• Port and Vulnerability Scanning (minimal interaction with endpoints)

Attendees will walk away from this course with actionable tools and techniques they can use to work with HSNs safely. They will be able to create asset inventories, record flow records, and discover vulnerabilities on networks that they have not been able to work with in the past due to sensitivity or safety concerns.

This course was developed in partnership with Justin Searle

Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).

Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. He is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT.

Justin leads prominent open source projects including the The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), Samurai Security Testing Framework for Utilities (SamuraiSTFU). He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP).

1. Why Traditional Security is Not Enough
2. AI Fundamentals
3. AI Red Teaming Process
4. Overview of GenAI models
5. Introduction to Guardrails
6. Introduction to Prompt Injection Attacks

Attendees will walk away from this course with:

• Understanding of how generative AI models (LLMs, agents, reasoning models) work and where their vulnerabilities lie.
• Hands-on experience performing prompt injection, jailbreaks, multi-turn attacks, and agent manipulation.
• Ability to use open-source tools and frameworks (e.g., Garak, PyRIT, LangChain) to automate testing and evaluate model behavior.
• Skills to build custom Python scripts that simulate attacks and analyze model responses.
• Capability to recognize and assess broader risks, including bias, persuasion, deception, and societal harms caused by AI misuse.
• Confidence in translating technical findings into risk insights for decision-makers to strengthen AI security posture.

Tinycode, LLC.

Dr. Amanda Minnich is a Principal Research Manager at Microsoft on the Microsoft AI Red Team, where she red teams Microsoft's foundational models and Copilots for safety and security vulnerabilities. Prior to Microsoft, Dr. Minnich worked at Twitter, focusing on identifying international election interference and other types of abuse and spam campaigns using graph clustering algorithms. She also previously worked at Sandia National Laboratories and Mandiant, where she applied machine learning research techniques to malware classification and malware family identification. Dr. Minnich is heavily involved with tech outreach efforts, especially for women in tech. She received her MS and PhD in Computer Science with Distinction from the University of New Mexico.

Gary Lopez is a Senior Security Researcher on Microsoft's AI Red Team, where he leverages an attacker's mindset to test and improve the security and safety of AI systems. Gary collaborates with a diverse group of interdisciplinary experts to identify and mitigate vulnerabilities to ensure robust and trustworthy AI. He is the creator of PyRIT, Microsoft's open-source automation framework designed for red-teaming generative AI systems. Before joining Microsoft, Gary was with Booz Allen Hamilton, specializing in cybersecurity. His work included developing advanced tools for reverse engineering and malware analysis, with a focus on securing critical infrastructure systems such as SCADA, ICS, and DCS.