At Black Hat 2025, NotSosecure Training brings you the one of the most advanced, hands-on training from instructors who have been raining at Black Hat for years. Whether you're a penetration tester, red teamer, or security enthusiast, mastering these exploits will give you a crucial edge in identifying and defending against modern cyber threats. 

1. Advanced Windows 11 Attack Chain (Course: Advanced Infrastructure Hacking)

Windows remains the dominant OS in enterprise environments. Mastering these attack chains helps uncover critical security gaps before adversaries do.  

• Learn to bypass hardened Windows 11 systems, including TPM-based security.

• Master post-exploitation tradecraft and stealthy persistence.

• Explore kernel-level attack vectors used in real operations. 

3. Cloud Infrastructure Breach Techniques (Course: Hacking and Securing Cloud Infrastructure)

As more organizations move to the cloud, understanding cloud-specific threats is essential for securing modern infrastructure. 

• Understand how default configurations and overlooked "shadow admin" roles can create security gaps within cloud environments.

• Engage in kill-chain-style labs that simulate real-world attack scenarios, allowing you to escalate privileges by chaining together multiple misconfigurations and service abuses across various cloud services.

• Learn how to identify and remediate common cloud misconfigurations, while exploring practical strategies to reduce the blast radius of compromised accounts through segmentation, least privilege, and policy hardening. 

4. Container and Kubernetes Exploits (Course: Advanced Infrastructure Hacking)

Containers are ubiquitous in DevOps; securing them requires specialized skills to prevent devastating breaches

• Understand container breakout methods and Kubernetes cluster attacks. 

• Learn how to pivot from compromised containers to the underlying host.

• Mitigation strategies to protect your containerized workloads.  

5. Server-Side Request Forgery (SSRF) (Course: The Art of Hacking)

SSRF attacks are a rising threat in modern applications, often bypassing traditional defenses. By mastering these techniques, you can better understand how to mitigate these risks and secure your applications effectively. 

• Understand the fundamentals of Server-Side Request Forgery (SSRF) and how it works.

• Learn how attackers manipulate server-side requests to interact with internal systems.

• Explore common SSRF targets, such as metadata services, internal APIs, and admin panels.

• Analyze the various impacts of SSRF attacks — from sensitive data exposure to remote code execution. 

Win a Steam Deck OLED at Black Hat USA 2025!

All registered participants in our Black Hat USA 2025 training courses will automatically be entered into a special prize drawing to win one of three Steam Deck OLEDs! To be eligible, simply register and attend one of our expert-led courses.

Missed the in-person event? Don’t worry.

As is tradition, anyone can enter to win a complimentary seat to one of our upcoming virtual NotSoSecure Training courses. Whether you're looking to level up your skills or explore new areas of cybersecurity, this is your chance! Register here to win your free seat

You're Invited: The NotSoSober Party!

Join us for a night of good vibes, great conversations, and plenty of fun at our NotSoSober Party on August 4th. It’s the perfect way to unwind and connect with the community during Black Hat. Register here!