Ready, Steady, Hack

Virtual Learning: 600€ + IVA

REF: NSSRSH Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure)

Duração icon

Duração:

1/2 dia

Próxima Data icon

Próxima Data:

Consulte-nos

Local icon

Local:

Online

Descrição

The routine, operational demands of a busy cybersecurity and IT department can often get in the way of good security strategy and leave you with little time to prepare for the decisions that really matter. If this sounds like your day-to-day, join this short, hands-on course. It’s designed to take you temporarily out of the ring and put you into the mind of the adversaries targeting your organization so you can adopt a more calculated approach. Plus, you can get your hands dirty with our popular virtual labs and learn from experienced, practicing Penetration Testers with a legacy of training at Black Hat as you do it.

  • All sessions will be held in English.

  • *PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Security and IT decision makers (CISOs, Heads of, budget-holding managers, etc.)
  • CTOs and development Team Leads
  • Network Managers

(Note: this course is not suitable for technical practitioners, such as SOC analysts, Penetration Testers, and so on.)

  • Área: Cybersecurity

  • Certificação Associada: N/A

Quero inscrever-me.

Programa:

THE ENUMERATION PHASE

  • Approaches to enumeration: opportunistic vs targeted
  • IP and open port search engines
  • Research-based Open-Source Intelligence Gathering (OSINT) techniques
  • Vulnerability scanning
  • Exercise: use OSINT to gather key information on your target

GETTING A FOOTHOLD

  • Intro to Metasploit Framework (MSF)
  • Search for auxiliary modules and exploits
  • Exercise: use MSF to configure an exploit and get a reverse shell

ENUMERATING THE SYSTEM AND PIVOTING

  • Find Privilege Escalation opportunities in Linux systems
  • Enumerate internal network
  • Pivot across internal systems
  • Exercise: use shell to enumerate website host

TAKING A DIFFERENT APPROACH

  • Server-Side Forgery (SSRF)
  • Use AWS metadata API to obtain temporary credentials
  • AWS CLI and list S3 buckets configuration
  • Exercise: abuse SSRF vulnerability to access credentials

THE GREAT ESCAPE

  • Cloud container risks
  • Cloud orchestration risks
  • How to abuse Docker socket
  • Exercise: escape Docker container onto host OS

Pré-requisitos:

Delegates must have the following to make the most of this course:

  • Intermediate to advanced cybersecurity experience
  • A good understanding of basic networking technologies
  • Confidence using basic computer commands

Quero inscrever-me.

Partilha:
We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

A background of the Ignit sparks