Training on CREST Practitioner Security Analyst (CPSA)

Similar documents
CompTIA Cybersecurity Analyst+

ISDP 2018 Industry Skill Development Program In association with

Certified Secure Web Application Engineer

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

IE156: ICS410: ICS/SCADA Security Essentials

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

Web Application Penetration Testing

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Certified Ethical Hacker V9

CSWAE Certified Secure Web Application Engineer

Protect Your Organization from Cyber Attacks

Online Intensive Ethical Hacking Training

A Passage to Penetration Testing!

DIS10.1:Ethical Hacking and Countermeasures

Descriptions for CIS Classes (Fall 2017)

Cloud Security Certification CCSP Certified Cloud Security Professional

INFORMATION SYSTEMS AUDITOR EXAM PREPARATION COURSE NICOSIA LIVE ON-LINE. 1 P a g e

CyberVista Certify cybervista.net

Sage Data Security Services Directory

Certified Ethical Hacker

Ingram Micro Cyber Security Portfolio

DIS10.1 Ethical Hacking and Countermeasures

CREST EXAMINATIONS. CREST (International) 2019 All Rights Reserved

Certified Ethical Hacker (CEH)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

CCNA Cybersecurity Operations. Program Overview

Advanced Penetration Testing The Ultimate Penetration Testing Standard

Instructor: Eric Rettke Phone: (every few days)

Certified Cyber Security Specialist

CRAW Security. CRAW Security

Hands-On Hacking Course Syllabus

Advanced Certificate for ECF on Anti-Money Laundering and Counter-Financing of Terrorism (AML / CFT)

SECURITY TRAINING SECURITY TRAINING

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

August 18-19, 2018 (Saturday-Sunday)

Penetration testing.

Apprenticeships CYBER SECURITY HIGHER APPRENTICESHIP FROM IT TECHNICIAN TO SKILLED INFORMATION SECURITY PROFESSIONAL

Cisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018

INFORMATION TECHNOLOGY AUDIT &

BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS

The fast track to top skills and top jobs in cyber. FREE TO TRANSITIONING VETERANS

Introduction to Ethical Hacking. General Introduction to Ethical Hacking Practitioner

The fast track to top skills and top jobs in cyber. Guaranteed.

Pluralsight CEU-Eligible Courses for CompTIA Network+ updated March 2018

The CEH exam (312-50) is available at the ECC Exam Centre and Pearson Vue testing centers.

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CYBER SECURITY TRAINING

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Standard Course Outline IS 656 Information Systems Security and Assurance

A United States Cyber Academy Program

DXC Security Training

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Tiger Scheme QST/CTM Standard

Definitive Guide to PENETRATION TESTING

The GenCyber Program. By Chris Ralph

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Ethical Hacker Foundation and Security Analysts Course Semester 2

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

BHConsulting. Your trusted cybersecurity partner

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

CEH: CERTIFIED ETHICAL HACKER v9

Department of Management Services REQUEST FOR INFORMATION

Career Paths In Cybersecurity

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Course 831 Certified Ethical Hacker v9

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

Becoming a Penetration Tester. An attempt to guide you from my mistakes.. By Perla Caston

Certified Cyber Security Analyst VS-1160

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

ICS Penetration Testing

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Ethical Hacking Foundation Exam Syllabus

Job Specification & Recruiting Profile of Vacancy

to Enhance Your Cyber Security Needs

RastaLabs Red Team Simulation Lab

Why MyITstudy is the best solution for your IT training needs

SensePost Training Overview 2011/2012

SESSION 803 Wednesday, November 4, 10:15am - 11:15am Track: Advancing ITSM

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Taking Control of Your Application Security

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

Cyber Security CYBER SECURITY

IT Audit Essentials. Date: 10 th 12 th March 2015 Time: 9 am to 5.30 pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur

CompTIA IT Fundamentals:

BCS Level 3 Certificate in Programming Syllabus QAN 603/1192/7

BHConsulting. Your trusted cybersecurity partner

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Computer Information Systems

ECF on Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) Frequently Asked Questions

Bachelor of Information Technology (Network Security)

VMEdu. 94 (Out of 100) D&B Rating. A+ BBB Rating. VMEdu Training. VMEdu Platform

ISM 324: Information Systems Security Spring 2014

Transcription:

1 Training on CREST Practitioner Security Analyst (CPSA) Objectives This programme introduces to you to the CPSA, CREST Practitioner Security Analyst, and certification. This instructor led course covers both the technical concepts and the practical knowledge covered in the certification. On top of the lecture-based teaching, we offer in-class labs to reinforce the concepts learnt. After taking this course, you will have the basic understanding of the CPSA certification. Day 1 Introduce what penetration testing (pen-testing) is. It will cover the fundamental knowledge such as Law & Compliance, different types of pen-testing, and assessment methodologies. Introduce the network security assessment methodology, the TCP/IP protocol suite and the cryptography. We conduct practical labs such as network scanning. Day 2 Introduce the knowledge in carrying security assessment on both the Windows and the UNIX systems. Practical labs will also be included. Day 3 Introduce the assessment methodologies on web-based applications. Candidates are required to bring their own laptop for the practical exercises Speakers Harris RAMLI Senior Security Engineer, ASTRI CISSP, CISA, OSCP, OSWP, OSCE, CRT Harris has extensive hands-on experience working in penetration testing, information security advisory, and general IT control reviews. He has led several high profile technical security reviews and penetration testing engagements for mainly financial services clients in the APAC region. Dr. Mole T.Y. WONG Dr. Mole T.Y. WONG is a senior software engineer of ASTRI Security Lab (ASL). Mole is currently overseeing the software development process in ASL. Before joining ASTRI, Mole was a senior lecturer at The Chinese University of Hong Kong (CUHK). Mole is an exceptional teacher. He has received several teaching awards, including the most prestigious VC Exemplary Teaching Award in 2010. Target Audience Entry requirements IT professional, including, but not limited to, system administrators, application / system developers, IT security officer; Experienced in using UNIX / Windows systems. Code : HP-P17-0610 Date : 30 June; 7 & 14 July 2017 (Friday) Venue : 3/F Guangdong Investment Tower, 148 Connaught Road Central, Hong Kong Fee : HK$ 7,500 per participant Enquiries : programme@hkib.org (Enrollment Enquiries) ; 1

Objectives 2 Training on CREST Certified Simulated Attack Manager (CCSAM) and CREST Certified Simulated Attack Specialist (CCSAS) CREST Certified Simulated Attack Manager (CCSAM) Understand the steps required to simulate an advanced cyber attack, including planning, execution and clean-up. Gain knowledge of tactics used by real-life attackers and how these can be safely simulated. Discuss the risks of performing simulated attacks and actions that can be taken to mitigate these risks. Develop your knowledge of the CCASP/CREST code of ethics and how this applies to executing simulated attacks. CREST Certified Simulated Attack Specialist (CCSAS) Understand how to perform a red-team simulated attack exercise from planning, through execution to delivery and lateral movement. Identify the tools that you will need to successfully run a simulated attack exercise. Consider the risks to client's systems from executing a simulated attack and be able to list some measures you can take to minimise these risks. Learn how to identify and exploit weaknesses on the internal network whilst minimising the chance of discovery. Test yourself against a real-life exercise. CREST Certified Simulated Attack Manager (CCSAM) The CCSAM is designed for people running and overseeing simulated attack exercises. It will cover the theoretical aspects of executing simulated attacks, sometimes known as "red-teaming", together with common tactics used by attackers. The focus will be on the methodology, techniques and procedures that would be needed to execute a simulated attack. It will cover what can go wrong in executing a simulated attack and how to manage these risks. CREST Certified Simulated Attack Specialist (CCSAS) This course is designed to introduce you to the techniques used to simulate advanced attacks against client's networks. The focus will be on executing the tactics used by real threat groups in the wild such as spear-phishing and browser based attacks, followed by operating covertly within a client's network. These simulations are sometimes referred to as "red-teaming". It covers exploitation of the human factor to gain a foothold on clients networks, how to establish communications in modern corporate networks and how to exploit weaknesses within internal networks from outside the perimeter. The course will focus primarily on corporate Windows networks with common security controls in place, including detective and monitoring controls. The content of this programme is designed to help participants prepare for the CREST CCSAM and/or CCSAS exams and will cover a significant portion of the syllabus. 2

Speakers Sam Kitchen Sam is a double CREST Certified Tester with over 6 years experience in red teaming, web application, mobile application and infrastructure penetration testing. He also holds both of CREST s Simulated Attack certifications for delivering advanced threat-intelligence led penetration tests. He has delivered training courses both externally and internally within a global consultancy firm, where he currently runs the graduate training course on ethical hacking. Kit Barnes Kit is a Crest Certified Simulated Attack Manager (CCSAM) with over 6 years experience spanning red teaming, penetration testing and incident response. He currently focuses on leading complex threat intelligence driven red team exercises and physical social engineering. He has delivered several training courses and workshops in the fields of red team management. Target Audience Entry requirements: 1. Participants should possess a minimum of at least five (5) years of hands-on experience on cybersecurity assessments and related areas such as: penetration tests on networks, web apps or mobile apps; cybersecurity vulnerability research on Windows, Unix, Linux security and administration; and/or the usage of security tools and scripting languages for conducting cybersecurity assessments. 2. Participants should have passed, or be capable of passing, the CREST Certified Tester (CCT) Infrastructure level examination before attending this course. 3. Candidates should be familiar with working with Linux and Windows systems, including the ability to write reasonably complex command line scripts on both. 4. Participants will be required to submit a description of the relevant work experience and certification certificates and will be assessed by CREST independently for fulfilling the entry requirements upon registration. 5. Participants must bring a laptop suitable for use on the course or they will not be able to join in the group exercises. This means: at least 8GB RAM and 30GB HDD space; ability to connect to 802.11n wireless networks; Kali Linux OS -OR- VMware Player virtualization software installed and working and able to plug in and read from a USB HDD. *Please refer to CREST s website for more details about CCSAM and CCSAS. Code : HP-P17-0812 Date : 7-11 August 2017 (Monday - Friday) Venue : Hong Kong Applied Science and Technology Research Institute Company Limited 5th Floor, Photonics Centre, 2 Science Park East Avenue Hong Kong Science Park, New Territories, Shatin, Hong Kong Fee : HK $42,500 Enquiries : programme@hkib.org (Enrollment Enquiries) ; 3

Objectives 3 Training on CREST Registered Tester (CRT) and CREST Certified Infrastructure Tester (CCT ICE) Understand the techniques used in both basic and advanced ethical hacking activities. Gain hands on experience with a variety of tools applicable to all phases of an ethical hacking engagement. Identify common issues encountered during different phases of an ethical security test and ways to work around them. Test yourself against a real-life vulnerable network in a Capture-The-Flag (CTF) challenge at the end of the CCT ICE course. Gain valuable insight into CREST certifications. This course will cover advanced penetration testing techniques against Windows and Linux networks. We will cover the penetration testing lifecycle from network mapping and reconnaissance through to exploitation and post-exploitation activities. The course will introduce participants to methodologies and tools used throughout the phases of a penetration test and how to use them effectively. We will also look at common issues participants might encounter and how to work around them. The content of this programme is designed to help participants prepare for the CREST CRT and/or CCT ICE exams and will cover a significant portion of the syllabus. Speakers Sam Kitchen Sam is a double CREST Certified Tester with over 6 years experience in red teaming, web application, mobile application and infrastructure penetration testing. He also holds both of CREST s Simulated Attack certifications for delivering advanced threat-intelligence led penetration tests. He has delivered training courses both externally and internally within a global consultancy firm, where he currently runs the graduate training course on ethical hacking. Ryan Sui Ryan has achieved both CREST Certified Web application and infrastructure qualifications and has over 10 years experience in information security. He also has a large variety of penetration testing experience having been continuously CCT certified for 6 years. He has developed training courses and delivers web application training courses externally 4

Target Audience Entry requirements: 1. Participants should possess a minimum of at least two (2) years of hands-on experience on cybersecurity assessments and related areas such as: Penetration tests on networks, web apps or mobile apps; Cybersecurity vulnerability research on Windows, Unix, Linux security and administration; and/or The usage of security tools and scripting languages for conducting cybersecurity assessments. 2. Participants will be required to submit a description of the relevant work experience and certification certificates and will be assessed by CREST independently for fulfilling the entry requirements upon registration. 3. Participants MUST bring a laptop suitable for use on the course or they will not be able to join in the group exercises. This means: At least 8GB RAM and 30GB HDD space; Ability to connect to 802.11n wireless networks; Kali Linux OS -OR- VMware Player virtualization software installed and working and able to plug in and read from a USB HDD. *Please refer to CREST s website for more details about CRT and CCT ICE. CRT Training (2 Days) CCT ICE Training (3 Days) Code : HP-P17-0813 HP-P17-0814 Date : 14-15 August 2017 (Mon & Tue) 16-18 August 2017 (Wed Fri) Venue : Hong Kong Applied Science and Technology Research Institute Company Limited 5th Floor, Photonics Centre, 2 Science Park East Avenue Hong Kong Science Park, New Territories, Shatin, Hong Kong Fee : HK $10,000 HK $25,000 Enquiries : programme@hkib.org (Enrollment Enquiries) ; 5

Objectives 4 Training on CREST Certified Web Application Tester (CCT Web App) Understand the techniques used in web application tests. Gain an understanding on how to efficiently pinpoint and exploit vulnerabilities in web applications. Identify common issues encountered during different phases of an application test and ways to work around them. Test yourself against a real-life vulnerable web application in a real-life challenge. This three-day course will cover penetration testing techniques against web applications as well as the web application testing lifecycle from mapping and identifying threats within an application through to exploitation and logic flaws. It also enables candidates to gain understanding in exploitation of injection and scripting vulnerabilities such as SQL injection and cross-site scripting. The qualified trainers will also describe some common web application vulnerabilities, including those in the OWASP Top 10 and other prevention methods and how to quickly and efficiently pinpoint and exploit vulnerabilities in web applications. Speaker Ryan Sui Ryan has achieved both CREST Certified Web application and infrastructure qualifications and has over 10 years experience in information security. He also has a large variety of penetration testing experience having been continuously CCT certified for 6 years. He has developed training courses and delivers web application training courses externally 6

Target Audience Entry requirements: 1. We recommend that participants have around 2 years experience on web application cybersecurity assessments and related areas such as: penetration tests on networks, web apps or mobile apps; basic understanding of JavaScript, HTML, SSL and the HTTP Protocol basic understanding of the use of an intercepting proxy for web application assessment participants MUST bring a laptop (NOT a tablet or chromebook) and have administrative control over the laptop (allowing them to install Java) Participants with 1 year or less nearly always get a lot out of the course, but are unlikely to be able to take and pass the CREST CCT Web Application exam after the course. 2. Participants will be required to submit a description of the relevant work experience and certification certificates and will be assessed by CREST independently for fulfilling the entry requirements upon registration. 3. Participants must bring a laptop suitable for use on the course or they will not be able to join in the group exercises. This means: At least 8GB RAM and 30GB HDD space; Ability to connect to 802.11n wireless networks; Kali Linux OS -OR- VMware Player virtualization software installed and working and able to plug in and read from a USB HDD. *Please refer to CREST s website for more details about CCT Web App. Code : HP-P17-0819 Date : 21 23 August 2017 (Monday Wednesday) Venue : Hong Kong Applied Science and Technology Research Institute Company Limited 5th Floor, Photonics Centre, 2 Science Park East Avenue Hong Kong Science Park, New Territories, Shatin, Hong Kong Fee : HK $25,000 Enquiries : programme@hkib.org (Enrollment Enquiries) ; 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback