The Art of Hacking (Bootcamp)

Duração:

5 dias

Próxima Data:

Consulte-nos

Local:

Descrição

Securing customer data is often crucial when deploying and managing web applications and network infrastructure. As such, IT administrators and web developers require security knowledge and awareness in order to secure their environment. Due to this requirement, operational staff often require hands-on course and experience to identify, control and prevent organisational threats.

This introductory/intermediate technical course brings together Infrastructure Security and Web Application Security into a 5-day “Art of Hacking” course designed to teach the fundamentals of hacking. This hands-on course was written to address the market need around the world for a real hands-on, practical and hacking experience that focuses on what is really needed when conducting Pen Testing. This course teaches attendees a wealth of techniques to compromise the security of various operating systems, networking devices and web application components. The course starts from the very basic and builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also gain solid understanding of the concepts on which these tools are based. This course combines a formal hacking methodology with a variety of tools to teach the core principles of ethical hacking.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

System Administrators who are interested in learning how to exploit Windows and Linux systems
Web Developers who want to find and exploit common web application vulnerabilities
Network Engineers who want to secure and defend their network infrastructure from malicious attacks
Security enthusiasts new to the information security field who want to learn the art of ethical hacking
Security Consultants looking to relearn and refresh their foundational knowledge

Área: Cybersecurity
Certificação Associada: Check Point Certified Pen Testing Associate (CCPA)

Quero inscrever-me.

Programa:

The Art Of Port Scanning

Basic concepts of Hacking Methodology
Enumeration techniques and Port scanning

The Art Of Online Password Attacks

Configure online password attack
Exploiting network service misconfiguration

The Art Of Hacking Databases

Mysql, Postgres
Attack chaining techniques

Metasploit Basics

Exploitation concepts, Manual exploitation methodology
Metasploit framework

Password Cracking

Understanding basic concepts of cryptography,
Design offline brute force attack

Hacking Unix

Linux vulnerabilities, misconfiguration
Privilege escalation techniques

Hacking Application Servers On Unix

Web server misconfiguration
Multiple exploitation techniques

Hacking Third Party Cms Software

CMS Software
Vulnerability scanning & exploitation

Windows Enumeration

Windows Enumeration techniques & Configuration Issues
Attack chaining

Client-Side Attacks -Various Windows client-side attack techniques

Privilege Escalation On Windows

Post exploitation
Windows Privilege escalation techniques

Hacking Application Servers On Windows

Web server misconfiguration
Exploiting Application servers

Post Exploitation

Metasploit Post exploitation techniques
Window 10 Security features & different bypass techniques

Hacking Windows Domains

Understanding Windows Authentication
Gaining access to Domain Controller

Understanding The Http Protocol

HTTP Protocol Basics
Introduction to proxy tools

Information Gathering

Enumeration Techniques
Understanding Web Attack surface

Username Enumeration & Faulty Password Reset

Attacking Authentication and Faulty Password mechanisms

Issues With Ssl/Tls

SSL/TLS misconfiguration

Authorization Bypass

Logical Bypass techniques
Session related issues

Cross Site Scripting (Xss)

Various types of XSS
Session Hijacking & other attacks

Cross Site Request Forgery (Csrf)

Understanding CSRF attack

Sql Injection

SQL Injection types
Manual Exploitation

Xml External Entity (Xxe) Attacks

XXE Basics
XXE exploitation

Deserialization Vulnerabilities

Serialization Basics
PHP Deserialization Attack

Insecure File Uploads

Attacking File upload functionality

Components with Known Vulnerabilities

Understanding risks known vulnerabilities
Known vulnerabilities leading to critical exploits

Insufficient Logging and Monitoring

Understanding importance of logging and monitoring
Common pitfalls in logging and monitoring

Miscellaneous

Understanding formula Injection attack
Understanding Open Redirection attack

Pré-requisitos:

Basic familiarity with Windows and Linux systems e.g .how to view a system’s IP address, installing software, file management
Basic understanding of Network fundamentals e.g. IP addressing, knowledge of protocols such as ICMP, HTTP and DNS
Basic understanding of HTTP fundamentals e.g. Structure of an HTTP request, HTTP method verbs, HTTP response codes

The above requirements are not mandatory but are recommended due to the pace of the course. The Hacking 101 course by NotSoSecure can be undertaken as a prerequisite to this course.

Hardware Requirements: Delegates should bring their own laptop, and must have administrative access to perform tasks such as software installations, disable antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported. ** Software Requirements:** Windows 7 or 10 operating systems are recommended for the course. Delegates will be required to install OpenVPN client, an SSH client such as Putty and Mozilla Firefox. Installation instructions will also be provided on the first day of the course.

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?