SensePost Training Overview 2011/2012

Similar documents
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

CSWAE Certified Secure Web Application Engineer

ISDP 2018 Industry Skill Development Program In association with

Hands-On Hacking Course Syllabus

Web Application Penetration Testing

Certified Secure Web Application Engineer

Descriptions for CIS Classes (Fall 2017)

CPTE: Certified Penetration Testing Engineer

CompTIA Cybersecurity Analyst+

DIS10.1 Ethical Hacking and Countermeasures

RiskSense Attack Surface Validation for Web Applications

Advanced Diploma on Information Security

Curso: Ethical Hacking and Countermeasures

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

DIS10.1:Ethical Hacking and Countermeasures

BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS

2018 Cyber Mission Training Course Catalog

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

Security in a Mainframe Emulator. Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

CEH: CERTIFIED ETHICAL HACKER v9

ShiftLeft. Real-World Runtime Protection Benchmarking

Advanced Penetration Testing The Ultimate Penetration Testing Standard

SECURITY TRAINING SECURITY TRAINING

Course 831 Certified Ethical Hacker v9

Audience. Pre-Requisites

Ethical Hacking and Prevention

ITSY 2330 Intrusion Detection Course Syllabus

Human vs Artificial intelligence Battle of Trust

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Penetration Testing with Kali Linux

Metasploit: The Penetration Tester's Guide PDF

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

PRACTICAL NETWORK DEFENSE VERSION 1

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

A Passage to Penetration Testing!

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

DIS10.2. DIS10.2:Advanced Penetration Testing and Security Analyst Certification. Online Training Classroom Training Workshops Seminars

Training on CREST Practitioner Security Analyst (CPSA)

EC-Council C EH. Certified Ethical Hacker. Program Brochure

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

Solutions Business Manager Web Application Security Assessment

Certified Ethical Hacker (CEH)

CYBERSECURITY PROFESSIONAL PENETRATION TESTER

PRACTICAL WEB DEFENSE VERSION 1

Principles of ICT Systems and Data Security

Configuring BIG-IP ASM v12.1 Application Security Manager

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Definitive Guide to PENETRATION TESTING

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

Certified Ethical Hacker V9

Penetration testing.

3+1+0 (3) IT 201 T. Principles of Information and Technology Systems. Prereq: CS 110T IT 222 T. Communications and Networks Fundamentals (4)

Aguascalientes Local Chapter. Kickoff

CRAW Security. CRAW Security

Practice Labs Ethical Hacker

Engineering Your Software For Attack

Certified Vulnerability Assessor

TRAINING CURRICULUM 2017 Q2

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018

CIW: Web Security Associate. Course Outline. CIW: Web Security Associate. 12 Oct ( Add-On )

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Hacking: The Beginners Crash Course: Penetration Testing, Computer Hacking & Basic Security PDF

Introduction. Goal of This Book. Audience for This Book

Application security : going quicker

Standard Course Outline IS 656 Information Systems Security and Assurance

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

C++: C++ And Hacking For Dummies. A Smart Way To Learn C Plus Plus And Beginners Guide To Computer Hacking (C Programming, HTML, Javascript,

Notice for procurement of Penetration Testing Tools for Islami Bank Bangladesh Limited.

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

Computer Information Systems

Matt Walker s All in One Course for the CEH Exam. Course Outline. Matt Walker s All in One Course for the CEH Exam.

Edge Foundational Training

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Information Technology Education and Training For the Lifelong Learner. Program Catalog. Effective 9/1/2016

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Ingram Micro Cyber Security Portfolio

Certified Network Security Open Source Software Developer VS-1145

Certified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov

Licensed Penetration Tester (Master) The Ultimate Penetration Testing Certification

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

CCNA Cybersecurity Operations. Program Overview

Hacking With Python: The Complete Beginner's Guide To Learn Hacking With Python, And Practical Examples By Owen Kriev

Agile Test Automation ICAgile

Hands-On CompTIA A+ Essentials / Practical Application Certification

Ethical Hacking Foundation Exam Syllabus

Cross Platform Penetration Testing Suite

WAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials

A Model for Penetration Testing

Introduction to Ethical Hacking. General Introduction to Ethical Hacking Practitioner

Transcription:

Training 08 July 2011

About SensePost Information Security... 3 Training Overview... 3 A. Cadet Edition... 4 B. Bootcamp Edition... 6 C. BlackOps Edition... 8 D. Combat Edition... 10 E. W^3 Edition... 11 F. Unplugged Edition... 13 Page 2 of 14

About SensePost Information Security As trusted advisors we deliver insight, information and systems to enable our customers to make informed decisions about Information Security that support their business performance. SensePost is an independent and objective organisation specialising in information security consulting, training, security assessment services and IT Vulnerability Management. SensePost is about security. Specifically - information security. Even more specifically - measuring information security. We've made it our mission to develop a set of competencies and services that deliver our customers with insight into the security posture of their information and information systems. Training Overview Page 3 of 14

A. Cadet Edition Hacking By Numbers Cadet Edition is offered as an introduction to the art and science of computer hacking. Even with no hacking experience whatsoever Cadet Edition will equip students with the basic thinking and technical skills necessary to start exploring this fascinating world. 'Cadet Edition' is an introductory course for technical people with no previous experience in the world of hacking. The course will present one with background information, technical skills and basic concepts required to get going. This includes some coding and scripting, networking and Internet technologies, basic methodologies, essential thinking skills, tools and current hacking techniques. Cadet Edition is the ideal training ground to prepare one for the HBN Bootcamp, further self-study or other hacking courses. Content 1. Introduction An introduction to hacker thinking and why hackers are different An introduction to method-based hacking A methodology for hacking into computers over a network Understanding Vulnerabilities & Exploits Vulnerabilities in Custom Applications 2. Essential Networking Technologies. A Hacker Perspective 3. Essential OS Technologies. A Hacker Perspective 4. More Scripting for Hackers 5. An Introduction to Hacker Tools & Techniques Intelligence o Useful Web Resources o Web Spiders o Search Engines and Hacking Footprinting o FDNS Mining o WHOIS Fingerprinting o Basic Port scanners o Service and OS Discovery Vulnerability Discovery o Nessus o Wikto o Web Proxy Exploiting Vulnerabilities 6. Putting it all together A real-world capture-the-flag exercise. Page 4 of 14

Context This course is the first in the Hacking By Numbers series and is at an introductory level. It's aimed at beginners and serves to prepare students for the Bootcamp Edition. Cadet and Bootcamp Edition can be taken back-to-back. There is a small amount of overlap between the courses. Prerequisites Cadet Edition is designed for technical people who have no skill or experience in hacking. The course remains technical however, and students are expected to have a solid practical grasp of computer operating systems, networks and databases. In order to complete students will be given pre-configured laptops that will serve all the needs of the environment, along with all other required materials. All you need is a fresh mind and maybe some coffee. Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class. What people say "This class provided a great overview of the thinking & methodology involved in hacking" Page 5 of 14

B. Bootcamp Edition This course is the "How did they do that?" of modern hacking attacks. From start to finish we will lead students through the full compromise of a company's IT systems, explaining the tools and technologies, but especially the thinking, strategies and the methodologies for every step along the way. "Hacking By Numbers - Bootcamp Edition" will give students a complete and practical window into the methods and thinking of hackers. 'Bootcamp' is SensePost s 'introduction to hacking' course. It is strongly method based and emphasizes structure, approach and thinking over tools and tricks. The course is popular with beginners, who gain their first view into the world of hacking, and experts, who appreciate the sound, structured approach. Content Bootcamp Edition follows a strict method-based approach to teach the fundamental technical and thinking skills used for hacking over the network. The content of this course mirrors the methodology step-by-step: 1. Introduction An introduction to method-based hacking A quick review of key concepts and technologies A method for hacking into computers over the network 2. A Review of Reconnaissance Intelligence Footprinting Verification Vitality 3. A Review of FingerPrinting Advanced Portscanning OS & Service Identification 4. Vulnerability Discovery Reviewing basic vulnerability types Understanding vulnerability scanners Using vulnerability scanners o o Nessus Wikto 5. Exploiting Vulnerabilities Understanding the link between exploits and vulnerabilities Exploiting known vulnerabilities o o The Metasploit Framework Exploits without code Discovering and Exploiting new vulnerabilities 6. Finding and Exploiting Vulnerabilities in Web Applications The issue with web applications Tools for attacking web applications Page 6 of 14

The common web application vulnerability categories Hacking other custom applications o Web Services o Java o C# 7. Owning the target The difference between exploiting and owning a system Building a channel Privilege Escalation Ensuring Repeat Access Hiding your tracks A strategy for phase 2 All of the areas above are illustrated with real-life technical labs capture-the-flag exercises. Context This course follows directly on from 'Cadet Edition' and serves as a prerequisite for the 'BlackOps Edition'. As always, the course can also be taken without any of the others. Bootcamp Edition can be taken back-to-back with either Cadet Edition (for beginners) or BlackOps Edition for more advanced students. Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, 'nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider 'Cadet Edition'. Cadet and Bootcamp Edition can be taken back-to-back. Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class. What people say The training from SensePost was one of the best I have ever attended! The SensePost courses are of a high standard and merit the highest recommendation. Page 7 of 14

C. BlackOps Edition Hacking By Numbers "BlackOps Edition" is your final course in the HBN series before being deployed into "Combat". Here, you'll sharpen your skills in real scenarios before being shipped off to battle. Where Bootcamp focuses on methodology and Combat focuses on thinking, BlackOps covers tools and techniques to brush up your skills on data exfiltration, privilege escalation, pivoting, client-side attacks and even a little exploit writing. You'll also focus on practical elements of attacking commonly found systems. The course is instructor-lead, with slides and structured labs that guide students through numerous scenarios. This is hands-on hacking made fun. Content 1. Scripting o Introduction to Python o Basic code patterns o Justification for Python o Python for pentesters 2. Targeting o Yeti/BidiBLAH/Foca o Service discovery o Rapid fingerprinting o Network mapping 3. Compromise o Network layer tricks o Executable dropping o Abusing network trust o Bypassing protections 4. Privilege Escalation o Windows o Linux o *BSD 5. Pivoting o Traffic redirection o Syscall proxying o Trusted links 6. Exfiltration o Direct connection o Alternate channels o Dead drops o Avoid detection 7. Client-Side o Lures o Payloads o Effective exploitation 8. Exploit Writing Context BlackOps naturally follows directly from Bootcamp Edition, and prepares students for Combat Edition - our ultimate hands-on course. It should not be your first hacking course, but can be taken back-to-back with Bootcamp or with Combat, depending on your existing level of experience. Although prior participation in an HBN course is not a prerequisite, significant exposure to hacking training, tools and techniques is highly recommended. Page 8 of 14

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, 'nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider Bootcamp Edition'. Bootcamp and BlackOps Edition can be taken back-to-back. Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people with some basic technical experience will all benefit from the valuable insights provided by this class. Professional penetration testers just entering the field will also appreciate the structured, practical approach. What people say "Great training and great information. Entertaining and well taught via experience" Page 9 of 14

D. Combat Edition Combat Edition is our premier hacker training course. From the first hour, to the final minutes students are placed in different offensive scenarios as they race the clock to breach systems. Using experienced gained from thousands of assessments over the years, we have created dozens of real-life lab exercises whose solutions lie much more in the technique and an out-of-box thought process than in the use of scripts or tools. Each exercise is designed to teach a specific lesson and will be discussed in detail after completion; however there are no lab sheets or lectures as this course is non-stop hacking. In this way you learn from talented SensePost instructors, your colleagues and your own successes and failures. Content Combat is very much example and exercise driven and, as the course is constantly kept updated with new and exciting lab exercises, there is no fixed curriculum. Multiple scenario-style attacks aimed at getting students to apply knowledge learned from other courses in real world applications: Target discovery and reconnaissance; Network mapping; Network traffic analysis; Discovery and understanding known vulnerabilities; Exploiting known vulnerabilities Privilege escalation; Avoiding detection; Discovering and exploiting new vulnerabilities; Reverse engineering; Web application hacking; Database hacking; Tool and exploit writing. Context BlackOps naturally follows directly from Bootcamp Edition, and prepares students for Combat Edition - our ultimate hands-on course. It should not be your first hacking course, but can be taken back-to-back with Bootcamp or with Combat, depending on your existing level of experience. Although prior participation in an HBN course is not a prerequisite, significant exposure to hacking training, tools and techniques is highly recommended. Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, 'nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider Bootcamp Edition'. Bootcamp and BlackOps Edition can be taken back-to-back. Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people with some basic technical experience will all benefit from the valuable insights provided by this class. Professional penetration testers just entering the field will also appreciate the structured, practical approach. What people say "Nice work! This course wasn't just about tools; it was also theory and that helps. I recommend this training to other engineers." Page 10 of 14

E. W^3 Edition Hacking by Numbers - W^3 Edition is an intermediate web application hacking course for people with some experience in penetration testing. The course will provide a refresher of HTTP and associated technologies before commencing with some more advanced level attacks ranging from assessment techniques of traditional web applications to newer technologies - such as AJAX, rich client media and HTML 5. As with all courses in the Hacking by Numbers range, the W^3 course is a hands-on, highly practical course which intends to enable students to understand the trade and not the trick. Content HTTP protocol specification Automation of HTTP attacks Session attacks Command execution vulnerabilities Traversal vulnerabilities File inclusion Basic and advanced SQL Injection SQL truncation attacks Cross-Site Scripting Fragmented cross site scripting Cross-Site request forgery Web2.0 HTTP requests and responses (i.e.: JSON etc) Advanced XSS with CSRF, XSS and XmlHttpRequest JSON hijacking Flash and silverlight HTML5 XML Entity attacks XML injection LDAP injection Post exploitation: UDF uploading, establishing tunnels, pivoting Thick application assessment Attacking web services Context This course is the only course in the Hacking By Numbers focussing specifically on web-based technologies. This course is rated as 'intermediate'. It assumes some prior experience with Web Application hacking tools and techniques. It is not mandatory to complete any other SensePost courses before attending this course. However, previous exposure to hacker thinking, tools and techniques is a prerequisite and a basic understanding of web hacking concepts and techniques is assumed. Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. It is not mandatory to complete any other SensePost courses before attending this course. However, previous exposure to hacker thinking, tools and techniques is a prerequisite and a basic understanding of web hacking concepts and techniques is assumed. Students without the requisite technical skills are encouraged to consider Bootcamp Edition'. Bootcamp and W^3 Edition can be taken back-to-back. Page 11 of 14

Who should attend Security consultants, government agencies, developers, penetration testers and other nice people will all benefit from the valuable insights provided by this class. What people say Good job! <script>alert ( ;-) )</script> Page 12 of 14

F. Unplugged Edition SensePost's Hacking by Numbers Unplugged Edition is an entry-level wireless security training course. It is done in the same style as our other HBN courses; highly practical with a focus on learning how things work, not just the tricks. The course starts off with some practically focused fundamentals. This includes wireless fundamentals such as antenna selection and radio radiation patterns, network fundamentals such as TCP/IP and wireless protocols. This section is kept intentionally short, with the rest of the fundamentals explained as part of a scenario based course. Three scenarios are used: The first is how to approach hacking a residential wireless network. Here technologies such as WEP are discussed. The second scenario is how to attack corporate networks, where WPA/2 technologies and attacks are discussed. The final scenario is an open coffee shop network where monitoring and interception attacks are discussed. By the end of the course, a student should have a much better understanding of wireless networks, and their security failings, and how to exploit these. Content The Unplugged Edition will follow precisely the scenario based approach and content that was developed for AMS for this purpose. Further customizations can be undertaken as required. 1. Background 2. Thinking Like an Attacker a. Course Prerequisites b. Method-Based Hacking 3. Wireless Network Overview a. OSI Stack b. Networking Fundamentals c. Wi-Fi Fundamentals 4. Residential Scenario a. Finding Networks b. Wired Equivalency Protocol c. Consumer Routers 5. Corporate Scenario 6. Coffee Shop a. Wireless Protected Access b. Brute Force Cracking c. Enterprise Networks a. Layer 2 & 3 Attacks b. Attacking Users c. Attacking Servers Context This course is the only course in the Hacking By Numbers focussing specifically on Wi-Fi attack scenarios. It assumes no prior experience with Wi-Fi or Wi-Fi hacking, although attendance of Hacking By Numbers Bootcamp Edition would be beneficial. Page 13 of 14

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies and 'nix and Windows operating systems. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider Bootcamp Edition'. Bootcamp and Unplugged Edition can be taken back-to-back. Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class, as will penetration testers, red team members and analysts wishing to obtain practical Wi-Fi hacking skills. What people say Overall it s been one of the best courses I ve been to! Page 14 of 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback