ＨｉｄｅＺｅｒｏＯｎｅ

Let’s delve into the “Get Good at Python” learning path offered by OffSec. This curated cybersecurity path aims to enhance your Python skills and empower you with practical knowledge. Here’s what you can expect from this learning journey:

1. Foundational Python Skills:
   • Dive into Python essentials, including syntax, data types, and control structures.
   • Learn how to write efficient and clean Python code.
   • Explore common libraries and modules used in Python development.
2. Web Application Security with Python:
   • Understand how Python is leveraged in web security.
   • Explore topics such as input validation, authentication, and secure coding practices.
   • Learn about common vulnerabilities and how Python can be used to mitigate them.
3. Automating Security Tasks:
   • Discover how Python can streamline security operations.
   • Automate repetitive tasks, such as scanning, reporting, and log analysis.
   • Gain insights into scripting for penetration testing and vulnerability assessment.
4. Advanced Python Techniques:
   • Delve into more complex Python concepts.
   • Explore topics like multithreading, networking, and data manipulation.
   • Learn how to build custom tools and scripts for specific security scenarios.
5. Real-World Projects and Challenges:
   • Apply your Python skills to practical scenarios.
   • Work on hands-on projects related to cybersecurity.
   • Tackle challenges that simulate real-world situations.

By completing this learning path, you’ll be well-equipped to wield Python effectively in the realm of cybersecurity. Whether you’re a beginner or looking to level up your existing Python expertise, the “Get Good at Python” path provides a comprehensive and practical approach to mastering this versatile programming language.

OffSec – Get Good at Python

SEC560 prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. The course material is complemented with 30+ practical lab exercises concluding with an intensive, hands-on Capture-the-Flag exercise in which you will conduct a penetration test against a sample target organization and demonstrate the knowledge you have mastered.

SEC560.1: Comprehensive Penetration Test Planning, Scoping, Recon, and Scanning
SEC560.2: Initial Access, Payloads, and Situational Awareness
SEC560.3: Privilege Escalation, Persistence, and Password Attacks
SEC560.4: Lateral Movement and Reporting
SEC560.5: Domain Domination and Azure Annihilation
SEC560.6: Penetration Test and Capture-the-Flag Exercise

SEC560: Enterprise Penetration Testing

ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

FOR500 builds comprehensive digital forensics knowledge of Microsoft Windows operating systems providing the means to recover, analyze, and authenticate forensic data, track user activity on the network, and organize findings for use in incident response, internal investigations, intellectual property theft inquiries, and civil or criminal litigation. Use this knowledge to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Detailed and real-world exercises teach the tools and techniques that every investigator should employ step-by-step to solve a forensic case. Newly updated to cover all Windows versions through Windows 11!

Syllabus

FOR500.1: Digital Forensics and Advanced Data Triage
FOR500.2: Registry Analysis, Application Execution, and Cloud Storage Forensics
FOR500.3: Shell Items and Removable Device Profiling
FOR500.4: Email Analysis, Windows Search, SRUM, and Event Logs
FOR500.5: Web Browser Forensics
FOR500.6: Windows Forensics Challenge

FOR500: Windows Forensic Analysis

In Certified Ethical Hacker Elite Course You will understand how to use open-source intelligence to your advantage. Further, you will discover how to analyze and interpret network protocols and leverage Wireshark. Moving ahead, you will learn how to perform ethical hacking using Nmap. You will also learn how to perform information gathering and enumeration of Windows-specific services with Nmap and OpenVAS. You will then understand how hackers use session hijacking to attack an organization and the techniques to prevent it.

Syllabus

Open Source Intelligence
Wireshark for Ethical Hackers
Ethical Hacking with Nmap
Windows Penetration Testing Essentials
Session Hijacking and Prevention Techniques
Power of Next Generation Firewalls
OWASP Top 10 Security Fundamentals
Burp Suite: Web Application Penetration Testing
Deep Dive into Network Assessments
Applied Secure Smart City

EC-Council – Certified Ethical Hacker Elite

A non-exhaustive set of topics covered include:

• Pentesting Routers
• Attacking SSH with Metasploit, Nmap, Medusa, Hydra, Ncrack
• SNMP attacks
• Bypassing Firewalls
• Payloads and Shells
• HTTP/HTTPS tunneling
• Port Forwaring, Pivoting, Reverse Connects
• Privilege Escalation and UAC bypass
• Hash Dumping and Mimikatz
• Windows Sessions, Stations and Desktops
• Impersonation attacks
• WMIC post exploitation
• Hidden bind shells
• Bitsadmin
• Browser Password Recovery
• PAC Attacks
• DNS Poisoning
• Veil Framework and AV Evasion
• Metasploit Loader 32/64-bit
• DLL Hijacking basics
• DLL Hijacking and Meterpreter
• Privilege Escalation via DLL Hijacking
• DLL Injection using Appinit_DLLs
• Stripping Manifest Files for DLL Hijacking
• Attacking with DLL Forwarding
• Anti-Forensics techniques
• Memory Dumping and Analysis
• … ton of other interesting topics

Pentester Academy – Network Pentesting

Pentester Academy – Web Application Pentesting

This course will cover the basics of using GDB on Linux – x86, x86_64 and ARM based platforms.

Syllabus

Course Introduction and Debugging Basics   

What’s Up With The Symbol Files?

Analyzing Symbols With Nm

System Call Tracing With Strace

Breakpoints, Examining Registers And Memory

Modifying Registers And Memory

GDB Convenience Variables And Calling Routines

Cracking A Simple Binary With Debug Symbols

Disassembling And Cracking A Simple Binary

Conditional Breakpoints Using Variables And Registers

Setting Up Debian Armel In Qemu

Cracking A Simple Program On Arm Architectures

Iphone Application Reversing And Cracking With Gdb

Gdb On 64 Bit Systems