Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Similar documents
Advanced Diploma on Information Security

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Ethical Hacking and Prevention

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Ethical Hacker Foundation and Security Analysts Course Semester 2

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Security+ SY0-501 Study Guide Table of Contents

Curso: Ethical Hacking and Countermeasures

Training for the cyber professionals of tomorrow

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

CompTIA Security+ (Exam SY0-401)

CCISO Blueprint v1. EC-Council

Software Development & Education Center Security+ Certification

Audience. Pre-Requisites

Hacker Academy UK. Black Suits, White Hats!

CPTE: Certified Penetration Testing Engineer

CHCSS. Certified Hands-on Cyber Security Specialist (510)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Certified Secure Web Application Engineer

IT Foundations Networking Specialist Certification with Exam

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Penetration Testing with Kali Linux

CoreMax Consulting s Cyber Security Roadmap

Cyber Security Audit & Roadmap Business Process and

CSWAE Certified Secure Web Application Engineer

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

Ingram Micro Cyber Security Portfolio

Erasable Programmable Read-Only Memory (EPROM) Electrically Erasable Programmable Read-Only Memory (EEPROM) CMOS 2.2.

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Course 831 Certified Ethical Hacker v9

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

CEH: CERTIFIED ETHICAL HACKER v9

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Security Issues and Best Practices for Water Facilities

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

PRACTICAL NETWORK DEFENSE VERSION 1

IT Services IT LOGGING POLICY

A Model for Penetration Testing

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

the SWIFT Customer Security

CompTIA Cybersecurity Analyst+

Pluralsight CEU-Eligible Courses for CompTIA Network+ updated March 2018

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

locuz.com SOC Services

CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]

Practice Labs Ethical Hacker

Understanding Cisco Cybersecurity Fundamentals

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

PROTECTING INFORMATION ASSETS NETWORK SECURITY

ISDP 2018 Industry Skill Development Program In association with

IC32E - Pre-Instructional Survey

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

IBM SmartCloud Notes Security

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Certified Vulnerability Assessor

Pearson CompTIA: Security+ SY0-401 (Course & Lab) Course Outline. Pearson CompTIA: Security+ SY0-401 (Course & Lab)

IE156: ICS410: ICS/SCADA Security Essentials

Education Network Security

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

Certified Ethical Hacker (CEH)

Cybersecurity Auditing in an Unsecure World

CompTIA Security+ SY Course Outline. CompTIA Security+ SY May 2018

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ANATOMY OF AN ATTACK!

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

External Supplier Control Obligations. Cyber Security

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Implementing Cisco Network Security (IINS) 3.0

Network Security. Thierry Sans

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?

CND Exam Blueprint v2.0

Information Security in Corporation

NEN The Education Network

Securing CS-MARS C H A P T E R

CYBER SECURITY AND MITIGATING RISKS

Advanced Security Tester Course Outline

CompTIA Security+ Certification

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

Implementing Cisco Cybersecurity Operations

Total Security Management PCI DSS Compliance Guide

Transcription:

Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK

TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for Managers... 4 3. Social Engineering: Attack and Defence Methods... 5 Intermediate Level Courses... 6 1. ISO 27001 Information Security Management System Implementation... 6 2. Cyber Incident Response Team Setup and Management... 7 3. Microsoft Systems Security... 8 4. Linux Security... 9 5. TCP/IP Network Security... 10 6. Active Network Device Security... 11 7. System Security Audit... 12 Advanced Level Courses... 13 1. Oracle Database Security... 13 2. MS SQL Server Database Security... 14 3. Web Applications Security... 15 4. Security Information and Event Management Systems... 16 5. Penetration Testing and Ethical Hacking... 17 Master Level Courses... 18 1. Computer Forensics Basics... 18 2. Network Forensics... 19 3. Secure Software Development... 20 2

BASIC LEVEL COURSES 1. INFORMATION SECURITY AWARENESS FOR END USERS Users of information systems. None. Role of user in information security Contribution of user to corporate Information Security Management System (ISMS) Access to computers Password security E-mail security Security while accessing the Internet Virus protection Setup, use and disposal of storage media File access and sharing Information backup Social engineering User responsibilities in computer incidents 3 hours Attendees will become familiar with the basics of information security and will enhance their awareness about the importance of corporate information security as well. They will learn their duties and responsibilities as a contributor to a corporate ISMS. 3

2. INFORMATION SECURITY AWARENESS FOR MANAGERS Managers, staff who wants to know much about information security. Basic information systems knowledge. Basic concepts of information security Security policy Organizational security Human resource security Risk assessment and risk mitigation Business continuity Information security incident management Operating system security Network security Web security Digital certificates and certificate distribution systems Password management Antivirus systems 2 days Attendees will obtain information about the basic concepts of information security and overall functioning of ISMS. Introduction will be made based on the technical aspects of information systems security. 4

3. SOCIAL ENGINEERING: ATTACK AND DEFENCE METHODS All information system users, especially the system administrators. None. Social engineering concept Attack techniques Examples of social engineering attacks Social engineering tests Prevention methods Several social engineering applications 2 days Attendees will become familiar with the social engineering attacks, which are quite common and may lead to loss of confidential information or even the reputation of an institution. Attendees will acquire the capacity of offering social engineering trainings as well. 5

INTERMEDIATE LEVEL COURSES 1. ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION IT Security Centre Personnel, Auditors, Cyber Security Experts, IT Personnel to be audited under ISO 27001. Familiarity with quality management systems is helpful but is not a requisite. What is an ISMS and why is it needed? Plan-Do-Check-Act process in ISO 27001 Risk assessment and treatment in information systems ISO 27001 control categories - Information security policies - Organization of information security - Human resources security - Asset management - Access control - Cryptography - Physical and environmental security - Operational security - Communications security - System acquisition, development and maintenance - Supplier relationships - Information security incident management - Information security aspects of business continuity management - Compliance ISO 27001 conformance audit - Audit planning - Audit checklists - Non-conformances and reporting Several applications 3 days Attendees will be able to establish ISMS in their institutions. Attendees will also be acquainted with audit concepts. 6

2. CYBER INCIDENT RESPONSE TEAM SETUP AND MANAGEMENT CERT (Computer Emergency Response Team), IT Security Centre Personnel, Cyber Security Experts. Experiences both in business processes and information systems. Introduction (History, computer incident examples, CERT and security organization examples) CERT basics Computer incident management process (incident management service definition and functions) Operational components of CERT (software, hardware, policy and procedures) CERT project plan 2 days Objective of the training is to elevate the level of course attendees to a position where they can establish CERTs in their institutions. 7

3. MICROSOFT SYSTEMS SECURITY Windows Network Administrators, MS AD Administrators, IIS/Exchange Administrators, IT Security Centre Personnel. Basic knowledge of Microsoft systems. Microsoft Web Services Security Microsoft PowerShell Active Directory and Network Services Security (Group policy, DNS, DHCP) Patch management in Microsoft systems 4 days Attendees will acquire advance level information within the scope of Microsoft systems security. They will have the capability to apply Microsoft systems security best practices in their institutions. 8

4. LINUX SECURITY Linux System Administrators, IT Security Centre Personnel. Linux administration knowledge. Secure setup Configuration of startup services Secure configuration of kernel File system access control User access control Management of system logs Security audit tools Security hardening tools Security script programming 3 days Attendees will be able to realize the security hardening of Linux based operating systems. They will acquire ability to use free software security tools on their systems. They will also acquire capability of using or developing tools that will help them discover security breaches in their systems. 9

5. TCP/IP NETWORK SECURITY IT Security Centre Personnel, Auditors, Cyber Security Experts, Site or System Managers, Network Administrators. Basic knowledge of networks. Protocols of the TCP/IP protocol stack Operation principles of different layers of the TCP/IP stack and threats targeting these layers Security vulnerabilities of TCP/IP protocols and mitigation techniques Techniques, protocols and devices that are used to assure network security Packet capturing software such as Wireshark, analysis of packets and protocols Concepts such as SSL, IPSec, VPN and digital certificates Network components such as Firewall, IDS/IPS and Proxy 2 days Applied work about the security of TCP/IP networks will bring a wealth of information and capabilities to the attendees. The attendees are expected to apply good security practices in their institutions network. 10

6. ACTIVE NETWORK DEVICE SECURITY System and network administrators, IT Security Centre Personnel, Auditors, Cyber Security Experts. Basic knowledge of networks. Within the scope of (hardening of) active devices, network design and assuring the security of networks, the following topics will be studied theoretically with hands-on exercises. Steps toward hardening of active devices that are commonly used today in the internal networks and they are also used to connect networks to the outside world, such as - Backbone switch, - Router, - Firewall, - Content filter Security controls applicable to active devices, such as - Physical security, - Equipment security, - Identity authentication, - Authorization and monitoring, - Patch management, - Access control lists, - Remote management control, etc. 2 days The attendees are expected to learn security controls applicable to active network devices through the theoretical and the applied parts of the course. The attendees are also expected to apply these security controls in their institutions. 11

7. SYSTEM SECURITY AUDIT Information technology auditors, information security experts eager to enhance their system security audit abilities, system and network administrators. Basic network and operating system (Windows and Unix) information, familiarity with peripheral protection systems. Vulnerability and threat definitions Open source security vulnerability scanners and how to use them Discovering the topology of a network Peripheral protection systems audit Windows audit Audit of Unix/Linux systems 4 days Attendees will learn how to use security vulnerability scanners. Attendees will also learn how to conduct security audit of operating systems, peripheral protection systems and web applications. 12

ADVANCED LEVEL COURSES 1. ORACLE DATABASE SECURITY Database administrators, database security auditors. Database management basics. Database basics Identity control Access control lists Database security audits Network security Database backup Audit of access tools Advanced security measures 3 days At the end of the course, participants will be able to conduct security audit of databases and managers will be able to implement secure management of databases. 13

2. MS SQL SERVER DATABASE SECURITY Database administrators, database security auditors. Database management basics. SQL Server, general topics Operating system configuration Network configuration SQL Server setup and maintenance SQL Server configuration Access control and authorization Audit and log management Backup and disaster recovery procedures Replication Software application development Surface Area Configuration tool SQL Server test and monitoring tools 3 days At the end of the course, attendees will learn SQL Server database security mechanisms and factors affecting security. They will gain ability to conduct security audit of an SQL Server database. Database managers, in the meantime, will learn how to manage their database securely. 14

3. WEB APPLICATIONS SECURITY Web Application Developers, Web Site Admins, IT Security Centre Personnel, Auditors, Cyber Security Experts. Basic knowledge of web technologies. Information gathering Configuration management flaws Input / output manipulation - Cross Site Scripting (XSS) - Injection flaws: SQL Injection, OS command injection etc. User authentication flaws Authorization flaws Session management flaws - Session fixation - Session hijacking - Cross Site Request Forgery (CSRF) Application logic Log management Failure management Secure application management 2 days The attendees will learn important security components of HTTP based applications, most common mistakes, how to avoid making these mistakes and how to assure sustainable application security. 15

4. SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS IT Security Centre Personnel, Auditors, Cyber Security Experts, Network Administrators. Familiarity with information system components. Centralized log management systems Requirement for event correlation systems Advantages of event correlation systems Event correlation steps OSSIM attack correlation systems OSSIM overview Basic components of OSSIM Tools utilized by OSSIM OSSIM setup OSSIM component configuration Policies Data fusion from separate components Attack correlation System maintenance and update 4 days Attendees will obtain information about centralized attack correlation systems. They will learn how to gather logs being accumulated on separate security components centrally, how to monitor attacks conducted from an internal or an external network and take necessary steps against an attack. 16

5. PENETRATION TESTING AND ETHICAL HACKING IT Security Centre Personnel, Auditors, Cyber Security Experts, Site or System Managers. None. Basic knowledge of networks is a plus. Introduction (What is Penetration test? Crucial points before, during and after penetration tests and penetration test methodologies) Discovery (Discovery categories. Applied nmap exercise; port scanning, service and operating system discovery, etc.) Vulnerability discovery (Vulnerability concept. Nessus exercise; policy designation, scanning and vulnerability analysis) Exploit (Exploit and payload concepts. Metasploit exercise; msfconsole, meterpreter, post-exploit and auxiliary modules, etc.) Network penetration tests and layer 2 attacks (Network sniffing, MAC table flooding, ARP poisoning, VLAN hopping, DHCP IP pool exhaustion attacks) External network tests and information gathering (Active and passive information gathering, Google hacking, etc.) Social engineering (Using e-mail and telephone. Customized payload and malware generation macro, pdf and exe. Relay vulnerability. Postexploitation ) Web application tests (Input-output detection, XSS and SQL-i attacks) 5 days Attendees will be able to participate and contribute to penetration tests. 17

MASTER LEVEL COURSES 1. COMPUTER FORENSICS BASICS IT Security Centre Personnel, Auditors, CERT members. Basic knowledge of Linux and Windows operating systems. Computer incident response Preliminary stages of computer analysis Information about NTFS, FAT32, ext2, ext3 file systems (how files are opened, saved and deleted in these systems) Non-volatility of data in different components of a computer (RAM, Stack area, hard disks etc.) Data storage and retrieval from these components Conducting computer analysis on a Linux system and presentation of related tools In the applied part of the course, setting up the analysis environment and conducting, with tools, the analysis of a suspected file Conducting computer analysis on a Windows system and presentation of related tools 3 days Attendees will be able to conduct computer analysis on their own. 18

2. NETWORK FORENSICS I T Security Centre Personnel, Auditors, CERT members, Network and System Administrators. Basic knowledge of TCP/IP, networks, Linux and Windows operating system. The following topics will be covered in order to conduct incident analysis without referring to storage components such as hard disks and RAM. Another objective is to detect incidents and malicious network traffic exploiting incorrect configuration of network components. Foundations of traffic analysis Network packet capturing technologies: Hardware, software and tools Basic network protocols and components Network security component log analysis: Logs of firewalls, intrusion detection and prevention systems, etc. Analysis of network protocols (HTTP, SMTP, DNS etc.) Deep packet inspection Detection of malicious network traffic: Man in the middle attack, DNS cache poisoning etc. attacks Detection of network traffic tunnelling techniques: DNS, ICMP, SSH tunnelling etc. Analysis of encrypted network traffic: SSL traffic listening technique Reconstruction of network traffic to obtain original data Network flow analysis 4 days Attendees will be able to conduct network traffic analysis and to collect evidence without accessing storage components. They will also be able to detect malicious network traffic and security incidents deriving from components. 19

3. SECURE SOFTWARE DEVELOPMENT Software developers/engineers, software project managers, software quality control staff. Intermediate experience with programming. Security problems of software Security problems of technology components where software is running Basic elements of secure software development process How to integrate a secure software development lifecycle to a software development process Source code samples, demonstrating most common vulnerabilities and how to prevent them Technology that maybe applied to assure secure operation of components such as application server and database where software is running, since software depends on these systems. 3 days Attendees will learn basic secure coding principles, secure software design and development, threat modelling and principles of security tests. 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback