دسته: دوره ها

This course focuses on the iOS platform and application security and is ideal for pentesters, researchers and the casual iOS enthusiast who would like to dive deep and understand how to analyze and systematically audit applications on this platform using a variety of bleeding edge tools and techniques.
A non-exhaustive list of topics to be taught includes:

ادامه مطلب

This course will teach you Python scripting and its application to problems in computer and network security. This course is ideal for penetration testers, security enthusiasts and network administrators who want to learn to automate tasks or go beyond just using ready made tools. We will be covering topics in system security, network security, attacking web applications and services, exploitation techniques, malware and binary analysis and task automation.
A non-exhaustive list of topics to be taught includes:

ادامه مطلب
The workshop is designed to introduce participants to the arcana of the best methods and tools for automatic detection of vulnerabilities and bug analysis in software in a practical way.
In the beginning, we will focus on understanding techniques: binary analysis, searching for various types of vulnerabilities and debugging. We “bite” into practical fuzzing and mistakes that keep programmers awake at night using their non-deterministic occurrence. Participants will learn techniques for analyzing application weaknesses, writing grammars, and obtaining test corpora guaranteeing exciting results.
After understanding the aspects of bughunting, the time will come to automate vulnerability analysis and debugging methods to ensure that defective code elements are quickly found.
The training focuses on x86 / x64 architecture, and attacking projects processing data in various formats (text, binary), network fuzzing on Windows and Linux platforms.

ادامه مطلب

Multi-Cloud Red Team Analyst (MCRTA) is designed for cybersecurity enthusiasts who want to embark on their Cloud Red Team journey. In this comprehensive program, you’ll dive deep into the fundamentals of AWSAzure, and GCP Cloud Security. The focus is on practical skills, ensuring that you gain hands-on experience in Multi-Cloud Red Teaming.

Syllabus

Introduction to Multi-Cloud Red Team

Red Teaming in AWS Cloud

Red Teaming in Azure Cloud

ادامه مطلب

The Complete Ethical Hacker’s Toolkit is a comprehensive learning path offered by EC-Council Learning. This skill path consists of 15 micro courses designed to help you either start or transition into a career in ethical hacking and penetration testing.

Syllabus

Practical Linux for Pentesting & Bug Bounties
Deep Web and Cybersecurity
A Guide to Hands On Network Pentesting
Hands-on Penetration Testing with Netcat
Session Hijacking and Prevention Techniques
Web Hacker’s Toolbox: Tools Used by Successful Hackers
Nmap for Ethical Hacking, Network Security, & Bug Bounties
Foundations of Hacking and Pentesting Android Apps
Hands-on Linux for DevOps & Cloud Engineers
Communication with IoT
Troubleshooting Slow Network with Wireshark
Web Application Security Testing with Google Hacking
Beginners Cryptography Demystified
Jupyter Notebook for Everyone
Mastering Nuclei with Automation for Pentesting & Bug Bounty

The Complete Ethical Hacker’s Toolkit

ادامه مطلب

The Advanced Software Exploitation (ASE) course offers security professionals an opportunity to test and develop their skills like never before. During this course, students will learn to identify common vulnerabilities and then use them to develop exploits for a wide range of software applications, including popular Windows applications, interpreted languages, and Web browsers.

In the first half of the course, attendees will use fuzzing, reverse engineering, and source code auditing, to attack a wide variety of applications (e.g. iTunes, Firefox, Vulnserver, etc.) and then use proven exploitation techniques to develop an exploit for one of the VMs (Windows 7, Windows 8.1 and Windows 10).

Then, in the second half of the course, the focus will shift from classic vulnerabilities to more advanced ones. In this section, students will learn how to escape Java sandbox using a type confusion vulnerability, how to circumvent the ASLR without pointer leaks, and how to use precise heap spraying, just to name a few.

By the end of this course, students will know how to find software vulnerabilities using fuzzing, reverse engineering, and source code auditing, and then how to write their own exploits in Python, JavaScript, or Java.

Syllabus

Fundamentals: Intro
Fundamentals: Stack Buffer Overflow
Fundamentals: Structured Exception Handler Overwrite
File Format Fuzzing: Intro
File Format Fuzzing: The Peach Fuzzer
Network Protocol Fuzzing: Vulnerability Discovery
Network Protocol Fuzzing: Exploitation
Attacking Web Browsers: Vulnerability Discovery
Attacking Web Browsers: Exploitation
Practical Patch Diffing
Exploiting vulnerabilities in the Oracle JVM: Vulnerability Discovery

Exploiting vulnerabilities in the Oracle JVM: Exploitation

Advanced Windows exploitation

Conclusion

Ptrace Security – Advanced Software Exploitation

ادامه مطلب