Vous avez déjà un compte client ORSYS
Se connecter
Vous êtes nouveau chez ORSYS
Créer un compte
Vous ne souhaitez pas créer de compte
Poursuivre sans me connecter

Publication date : 01/07/2025

Course : Hacking and security, level 2, expertise

Practical course - 3d - 21h00 - Ref. HKE
Price : 2100 € E.T.

Hacking and security, level 2, expertise


Average of customer reviews Average of customer reviews Average of customer reviews Average of customer reviews
4,6 / 5

Required course

This course will teach you advanced hacking techniques. You'll create shellcodes and payloads to exploit application vulnerabilities on operating systems, so you can better understand vulnerabilities and raise your system's security level to remedy them.


INTER
IN-HOUSE
CUSTOM

Practical course in person or remote class
Disponible en anglais, à la demande

Ref. HKE
  3d - 21h00
2100 € E.T.

Download in PDF format

Share this course by email




This course will teach you advanced hacking techniques. You'll create shellcodes and payloads to exploit application vulnerabilities on operating systems, so you can better understand vulnerabilities and raise your system's security level to remedy them.


Teaching objectives
At the end of the training, the participant will be able to:
Understanding recent attacks and system exploits
Understand modern techniques for bypassing application protections
Exploiting application vulnerabilities on Linux and Windows systems
Create shellcodes and payloads (Linux and Windows)

Intended audience
Security managers, architects, system and network administrators. Pentesters.

Prerequisites
Good knowledge of IS security, C, Python and assembler is required.

Course schedule

1
State of the art in offense and defense

  • A bit of current news: 5G, blockchain, smart contracts, IoTs (connected objects), AI, IPv4, IPv6.
  • The latest attack techniques.
  • The latest defensive strategies.

2
From C to assembler to machine code

  • What is assembler and machine code. Compiling.
  • How a processor works.
  • Assembler basics and C language basics.
  • Encoding concepts (addressing modes, registers, instructions, operations, etc.).

3
Application attacks

  • The concepts of malware (virus, rootkit, etc.).
  • State of the art of backdoors on Windows and Unix/Linux.
  • Setting up backdoors and trojans.
  • Shellcodes, TCP reverse shell, TCP bind shell.
  • Shellcode encoding, NULL bytes removal.
  • Process exploits: buffer overflow, ROP, Dangling Pointers.
  • Protection and bypassing: GS flag, ASLR, PIE, RELRO, Safe SEH, DEP. Shellcodes with hard-coded addresses, LSD.
  • Advanced Metasploit: architecture, features, interfaces, workspaces, exploit writing, shellcode generation.
Hands-on work
Shellcode exploitation: buffer overflow (Windows or Linux). Bypass protections. Obtain a root shell using various types of buffer overflow. Use Metasploit to generate shellcode.

4
Analysis techniques

  • Static analysis of binaries.
  • Dynamic analysis tools.
  • Safety in the sandbox.
  • Reverse engineering and debugging.
  • Modern packers and crypters.
Hands-on work
Malware analysis using different analysis techniques.

5
Cryptanalysis

  • Cryptanalysis concepts (processes, encryption, etc.).
  • Algorithm identification.
  • Attacks on stream ciphers, ECB and CBC modes.
  • Side-channel attacks.
  • Attacks on blockchain.


Customer reviews
4,6 / 5
Customer reviews are based on end-of-course evaluations. The score is calculated from all evaluations within the past year. Only reviews with a textual comment are displayed.
AXEL T.
13/10/25
5 / 5

Content balanced between theoretical knowledge and practical work
STÉPHANE T.
13/10/25
5 / 5

nothing to say, very good. The trainer lacked a few tips and tricks that were out of the ordinary. After 3 days, seems pretty limited, maybe one more day wouldn't have been bad.
ROMAIN G.
13/10/25
4 / 5

CLEAR



PARTICIPANTS
Security managers, architects, system and network administrators. Pentesters.

PREREQUISITES
Good knowledge of IS security, C, Python and assembler is required.

TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.

ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.

TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.

TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.

ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class

Dernières places
Date garantie en présentiel ou à distance
Session garantie

REMOTE CLASS
2026 : 16 Mar., 22 June, 7 Oct., 16 Nov.

PARIS LA DÉFENSE
2026 : 16 Mar., 22 June, 7 Oct., 16 Nov.