Upload File

hacking training - notsosecure · attendees in understanding pen testing, and provide background...

  • Home
  • Documents
  • Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application
9
WE HACK. WE TEACH. Hacking Training Practical, Hands-On, Lab-Based Hacking.

Upload: others

Post on 26-Jun-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

WE HACK. WE TEACH.

Hacking TrainingPractical, Hands-On, Lab-Based Hacking.

Page 2: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

Hacking 101This course will teach you the foundations of pen testing and how to find and exploit vulnerabilities. This introductory course will train attendees in understanding pen testing, and provide background information, risks and vulnerabilities associated with different systems.

Attendees will gain understanding in the following topics:

• Understand different network topologies and addressing schemes

• Understand the properties and security of common network protocols and the network protocol stacks.

• How to fingerprint, enumerate and exploit common windows and linux misconfigurations and vulnerabilities.

• Differentiate between types of wireless standards and understand the benefits and risks associated with these standards.

• How to exploit common web application security flaws.

SCAN TO FIND OUT MORE

Students will get access

to an online training

platform which will be

used to practice the

concepts taught during

the course.

75% Hands-on Learning in Our Modern Hack Lab

Updated Regularly to Include Trending Techniques

Written by BlackHat Trainers and Available Globally

For more information contact

T: 415 659 1543 [email protected]

Page 3: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

Infrastructure HackingIntroduction into infrastructure testing. Gain practical experience using professional tools. Leave with the basis to take your testing knowledge forward into more advanced infrastructure topics.

This is an entry-level infrastructure security and testing class and is a pre-requisite for our Advanced Infrastructure Hacking class. This class familiarizes the attendees with the basics of network hacking. A number of tools and techniques will be taught during this 3-day class, If you would like to step into the world of ethical hacking / pen testing this is the right class for you.

This class familiarizes the attendees with a wealth of hacking tools and techniques. The class starts from the very basic and gradually builds up to the level where attendees not only use the tools and techniques to hack various components involved in infrastructure hacking, but also walk away with a solid understanding of the concepts on which these tools work.

SCAN TO FIND OUT MORE

Introduction into key

tools that build a must

have pen tester kit.

Part of The Art of Hacking

One of the best classes I’ve taken in a long time. The content was on point and

kept me engaged. I’m new to Cyber Security after 25 years in App

Development and very pleased with what I

have learned

Delegate, Black Hat USA

This introductory / intermediate class brings together both infrastructure hacking and web hacking into a 5-day “Art of Hacking” class designed to introduce the fundamentals of penetration testing.

This hands-on class was written to address the market need around the world for a real practical experience that focuses on what knowledge and tools are really needed when conducting a penetration test. The variety of tools used are the key tools that should be in any penetration tester’s kit bag and are those used by our very own penetration testers.

Updated Regularly To Include Trending Techniques

SCAN TO FIND OUT MORE

The Art of Hacking BootcampMaster the Art of Hacking by building your hands-on skills in a sophisticated hack-lab with material that is delivered on the world conference stage; certified, accredited, continually updated and available globally.

Page 4: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

SCAN TO FIND OUT MORE

Web HackingIntroduction into web application hacking. Practical in focus, teaching how web application security flaws are discovered. Covering leading industry standards and approaches.

This entry-level class familiarizes the attendees with the basics of web and application hacking. A number of tools and techniques will be taught during the 2 day class. If you would like to step into the world of ethical hacking / pen testing with a focus on web applications, then this is the right class for you.

The class starts from the very basic and then gradually builds up to a level where attendees can use the tools and techniques to hack various components involved in web application hacking. The class covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Written by leading

BlackHat trainers

& world renowned

penetration testers.

Part of The Art of Hacking

Specialist Offensive Classes

Page 5: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

Advanced Web HackingThe class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs.

This fast-paced class, gives attendees an insight into Advanced Web Hacking, the team has built a state of the art hacklab and recreated security vulnerabilities based on real life Pen Tests and real bug bounties seen in the wild.

Some of the highlights of the class include:

Modern JWT, SAML, oauth bugs

Core business logic issues

Practical cryptographic flaws.

RCE via Serialisation, Object, OGNL and template injection.

Exploitation over DNS channels

Advanced SSRF, HPP, XXE and SQLi topics.

Serverless exploits

Web Caching issues

Attack chaining and real life examples.

SCAN TO FIND OUT MORE

Updated Regularly

To Include Trending

Techniques

Advanced Infrastructure HackingCovering the latest relevant exploits. Teaching a wide variety of offensive hacking techniques. Written by real pen testers with a world conference reputation (BlackHat, AppSec, OWASP, Defcon etc).

This fast-paced class teaches the audience a wealth of advanced hacking techniques to compromise various operating systems and networking devices. The class will cover advanced penetration techniques to achieve exploitation and will familiarize delegates with hacking of common operating systems, networking devices and much more.

Whether you are pen testing, red teaming, or hoping to gain a better understanding of managing vulnerabilities in your environment, understanding advanced techniques for infrastructure devices and systems is critical.

While prior pen testing experience is not a strict requirement, a prior use of common hacking tools such as Metasploit is recommended for this class.

SCAN TO FIND OUT MORE

Real world challenges

from local privilege

escalation to network

exploitation (VLAN, VOIP,

VPN included), cloud

attacks and more

Page 6: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

Hacking and Securing Cloud infrastructureBrand new for 2019, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath.

In order to manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure, along with the tools and skills required to defend against them.

Who should attend? Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

SCAN TO FIND OUT MORE

Prior pentest

experience is not a strict

requirement, however,

some knowledge of

Cloud Services and a

familiarity with common

command line syntax

will be greatly beneficial.

Specialist Defensive Classes

Page 7: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

Application security is a top concern for us and the best way to battle it out is to nip it in the bid during the development stage itself. This class is geared towards those who wish to understand OWASP Top 10 and want to avoid breaches like that of Equifax in 2017 with good references to vulnerabilities found on popular websites like Google, Facebook, Twitter, Paypal etc...

A highly-practical class that targets web developers, pen testers, and anyone else who would like to learn about writing/auditing secure code against security flaws. The class covers a variety of best the security practices and in-depth approaches.

SCAN TO FIND OUT MORE

Hack lab access after

course completion

AppSec for DevelopersCovers latest industry standards such as OWASP Top 10. Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc.). References to real world analogy for each vulnerability.

DevSecOpsThis class will give the audience a holistic approach in assessing and securing web applications in an automated fashion within the existing CI/CD pipeline.

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology. DevSecOps extends DevOps by introducing security early into the SDLC process, thereby minimizing the security vulnerabilities and enhancing the software security posture. In this workshop we will show how this can be achieved through a series of live demonstrations and practical examples.

As part of this workshop attendees will receive a state-of-the-art DevSecOps tool-chest comprising of various open-source tools and scripts to help the DevOps engineers in automating security within the CI/CD pipeline. While the workshop uses Java/J2EE framework, the workshop is language agnostic and similar tools can be used against other application development frameworks.

SCAN TO FIND OUT MORE

Attendees will receive

a state-of-the-art

DevSecOps Tool-Chest

Page 8: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

This class is geared towards understanding what application security vulnerabilities are, their trends and to gain an insight into the impact through practical demonstrations.

This will cover how to fix/avoid them by discussing various strategies, best practices , code snippets and tools (Hackers/application security tester’s view) and how to inject Security into your DevOps pipeline to automate security and develop a DevSecOps pipeline

This class is for those who wish to learn about application security vulnerabilities and understand more about their impact.

SCAN TO FIND OUT MORE

AppSecOpsAppSecOps is a course to help you understand and mitigate application security vulnerabilities in your DevOps environment.This will help in closing the security loopholes at a very early stage of the SDLC process.

SCAN TO DOWNLOAD A PDF VERSION OF THIS BOOKLET

A holistic approach for identification of

security bugs and then integrating the security

into your devops pipeline to automate

the process of fixing and triaging the bugs

Page 9: Hacking Training - NotSoSecure · attendees in understanding pen testing, and provide background information, risks and vulnerabilities ... attendees with the basics of web and application

www.notsosecure.com


EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or

Hacking & Ethical Hacking

Backup of Hackingciutesting.com/workshops/syllabus.pdf · - Use hacking tools such as Metasploit, Aircrack-ng, SQLmap.....etc - How to discover and exploit web application vulnerabilities

Student Guide - Lagout hacking, student guide.pdf · The Student Hacker Argument ... Attack Types and Vulnerabilities ... Firewalk

HACKING AT MACH SPEED! - PUT.AS · “memory trespass” “memory trespass vulnerabilities are software weaknesses that allow memory accesses outside of the semantics of the programming

Tactical Exploitation - DEF CON® Hacking Conference · Chapter 1 Introduction 1.1 Abstract Penetration testing often focuses on individual vulnerabilities and services. This paper

SCADA Hacking: Clear and Present Danger · 2014-12-31 · SCADA Vulnerabilities . 5 . E X P L O I T R E L E A S E S Jan 2012 . SCADA Vulnerabilities – Now Point and Click Exploiting:

ethical hacking eng - Home | US | TÜV Rheinland hacking services ... experts discover and report vulnerabilities to the Zero Day Ini-tiative (ZDI) and the SecuriTeam Secure Disclosure

Hacking Windows NT - NLUUG · 2008-06-24 · Hacking Windows NT (Using UNIX) Hans Van de Looy Preamble And Disclaimer FA lot of the vulnerabilities described

Lawful Hacking: Using Existing Vulnerabilities for ...smb/talks/Lawful_Hacking.pdf · Lawful Hacking: Using Existing Vulnerabilities for ... drive-by download, infected attachment,

HACK, DETECT & SECURE · computer hacking skills to identify network security vulnerabilities and patch security holes before anyone can abuse them. Hacking is not about the illegal

IN2120: Ethical hacking$ ethical (fun) hacking vs. criminal (boring) hacking $ black hat, white hat and grey hat hacking Ethical hacking $ what to do when finding vulnerabilities?

DEFCON 25 Voting Machine Hacking Village · DEFCON 25 Voting Machine Hacking Village Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases, and Infrastructure September

Student Guide - palkeo hacking... · The Student Hacker Argument ... Attack Types and Vulnerabilities ... Firewalk

Vulnerabilities in the software of Yota telecommunication ... · •“Hacking routers as Web Hacker” at Defcon Moscow •Member of DC7499. Modems, routers, mobile routers, phones,

0days: How hacking really works - immunitysec.comExploits vs Vulnerabilities An exploit is a working program that takes advantage of one or more vulnerabilities in order to break security

Ethical Hacking Using Penetration Testing · ethical hacking using penetration testing. 1 1. INTRODUCTION How can any organizational network be tested for vulnerabilities in both

Using an Ethical Hacking Techniquesuha.yolasite.com/resources/Using an Ethical Hacking... · Web viewThis team attempts to exploit vulnerabilities in the organization’s information

IT Vulnerabilities, Tech Exploits, and Cyber Defenses Cable / Satellite POS Packet Sniffing / AP impersonation ... Network Hacking ToolsNetwork Hacking ToolsSlide Title Packet Analyzers

Hands-On Ethical Hacking and Network Defense Chapter 8 Microsoft Operating System Vulnerabilities

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Security Risks of Government Hacking · 04/09/2018 · Riana Pfefferkorn 3 B. Security Risks of Government Hacking 1. Disincentive for Vulnerability Disclosure Vulnerabilities are

Hacking travel routers like it’s 1999 - DEF CON CON 25/DEF CON 25... · Hacking travel routers like it’s 1999 ... to discover security vulnerabilities in our customers’ web

Hacking For Dummies, Edition - cdn.ttgtmedia.com · 94 Part II: Putting Ethical Hacking in Motion Understanding Password Vulnerabilities When you balance the cost of security and

Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg

UNITED STATES DISTRICT COURT WESTERN DISTRICT OF NEW … · 8. Hacking also poses a serious threat to computer security. Hacking techniques exploit security vulnerabilities in electronic

Ethical Hacking and Countermeasures...Privilege Escalation Using DLL Hijacking Privilege Escalation by Exploiting Vulnerabilities Privilege Escalation Using Dylib Hijacking Privilege

Hands-On Ethical Hacking and Network Defense Ethical Hacking and Network Defense ... – Describe vulnerabilities of Windows and Linux ... firewalls and Intrusion Detection Systems

Ethical Hacking Module XII Web Application Vulnerabilities

Chapter 5 Hacking Unix Last modified 2-27-09. Vulnerability Mapping Listing aspects of the target system and associated vulnerabilities –Online vulnerabilities

Phillip Wylie - assets.contentstack.io...What is Ethical Hacking? •Assessing security from an adversarial perspective, attempting to exploit vulnerabilities to gain unauthorized

ADVANCED ETHICAL HACKING SUMMER INTERNSHIP · WHAT IS HACKING Ethical Hacking is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in

VB2016-Brochure - Virus BulletinDENVER 2016 Virus Bulletin International Conference 5–7 Oct 2016 Denver, CO, USA Emerging threats Mobile threats Hacking & vulnerabilities Anti-malware

Ethical Hacking: Hacking GMail. Teaching Hacking

Exposing Web Vulnerabilities - security- · PDF file• Move to hacking the client – Phishing, man -in-the-middle, trojans. ... nc.exetest.bmp creates nc.exe in file system • Must