Hands-On Hacking Advanced (HOHA)

Hands-on Hacking Advanced (HOHA) is a follow-up course to Hands-on Hacking Essentials (HOHE) training.

Training duration: 3 days of pure hacking and feeling “1337” (24 ac h)

Group size: 12 participants maximum

Target audience: System administrators, information security specialists and -managers and any other IT personnel that is not afraid of the shell or command prompt

Pre-requisites: Prior HOHE participation is required to take this course to ensure to ensure minimum same level of participants

The training is held by our partner Clarified Security.

Trainer: (in English or Estonian upon demand)

• Mihkel Raba (01-03 December 2025)
• Taavi Sonets
• Karl Kristjan Raik

Contents of the training

Training methods: Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Ideology of this training: The main differences between hacking and penetration testing are the intent and (imposed) limitations. Therefore, the idea behind this training is to see practical information security from the attacker’s or “opposing team’s” point of view and to deliver first-hand experience or running attacks. Everyone will walk through the phases of an attack until successfully owning various systems and services. There are plenty of attack scenarios to play through and to complete scored objectives. Since the expected participants’ skill and experience level is varying to a large degree, we cover a mix of *nix and Windows world and focus on explaining key concepts and on showing real attacks even to those who have never compiled or launched any exploits before.

Hands-on Hacking Advanced (HOHA) is a follow-up to our Hands-on Hacking Essentials (HOHE) course. While HOHE is an eye-opening “shock therapy” training mostly for defenders, HOHA introduces more of the attacker and red teaming perspective.

With HOHA course we deliver 3 days of first-hand, pure hacking experience where a large „Network Takeover” scenario takes a center stage.

Day 1

Warm-up scenario – Introduction to C2 frameworks using Tuoni. Learn to create and deliver client-side attacks that are not recognized as malicious neither by the user nor various security products. Examples of common initial access vectors. Since all participants are expected to have completed our HOHE (Hands-on Hacking Essentials) course, we pick up speed fast and there is no time for much “spoon feeding”.

Mission:

Your mission, should you choose to accept it, is to help a victim of ransomware attack.

From the darknet ransomware site you discover that there is an actual company offering ransomware as SaaS and you dig deeper…

Iron Argon Development – a company “Network Takeover ” scenario of fully patched and properly configured networks. After initial reconnaissance of the target domain and public facing services we gain an initial foothold by sending phishing e-mail. Using in memory execution of different tools we gather information from infected workstation and set up persistence.

Day 2

Iron Argon Development – a company “Network Takeover ” scenario (continues)

Explanation of common .NET offensive tools for enumeration. Using Python and Tuoni API we enhance our C2 user experience. Explanation of kerberoasting. Side mission to recover domain accounts passwords from kerberoasted hashes with Hashcat. Enumeration of AD using Bloodhound. Discovering next targets and potential attack paths from Bloodhound. Lateral movement using different tunneling and C2 features inside the organization network. Bypassing applocker restrictions to execute our malware.

Day 3

Iron Argon Development – a company “Network Takeover ” scenario (continues)

We continue moving around inside the network, elevating our privileges using common misconfiguration. We steal kerberos ticket from the owned system and implant it into memory to gain more access inside the domain. ADCS misconfigurations are common and Iron Argon Development network is not an exception here. We abuse ADCS misconfiguration to gain even more access inside the domain and then laterally move with new permissions inside the isolated development network segment relaying our C2 traffic via SMB beacon. Side mission to take over other servers including source code repository and backdoor the ransomware.

Mission ending

Having obtained the ransomware binary, we reverse engineer it and discover a decryption key for the victims.

We finish the course with the final feedback round, re-iterate what we learned in the process and ask your opinion of the course to continuously improve the content and learning experience.

Delivery: We can deliver on-site at group pricing anywhere in the world where good broadband connection is available. Ask us for the group pricing or for times and locations of our public courses.

Training objectives

During the 3 days hands-on training experience the participants should build upon HOHE training in understanding of current attacker tool-sets, attack types and methods. By experiencing the attacker mindset and point of view via hands-on exercises the participants will use Tuoni C2 and other tools from a Red Teaming perspective in order to understand what it takes in terms of individual skills to be a red team member.

Intended outcome: During the 3 day hands-on training experience the participants should form a good understanding of current attacker tool-set, attack types and methods. By experiencing the attacker mindset and point of view via hands-on exercises the participants not only will gain much higher appreciation for attack threats, but will be much more alert and better prepared for their own IT systems defense.

Technical requirements for the training

You will need to bring your own laptop.

Be sure to bring your laptop, charger and, if necessary, other things necessary (mouse, etc.). The laptop must have a network cable slot or the ability to connect to a Wi-Fi network and a screen resolution of at least 1920 x 1080. All operating systems are suitable, the main thing is to have a remote desktop client. All training activities take place in our training environment. If you want to install a remote desktop client on your computer in advance, our recommendations are:

• Linux: Remmina, rdesktop
• macOS: Microsoft Remote Desktop client (Available in Mac App Stores)
• Windows: Windows 10 built-in