دسته: دوره ها

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.

Syllabus

  • Tools for the Web Assessor
  • Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
  • Cross-Site Request Forgery (CSRF)
  • Exploiting CORS Misconfigurations
  • Database Enumeration
  • SQL Injection (SQLi)
  • Directory Traversal
  • XML External Entity (XXE) Processing
  • Server-Side Template Injection (SSTI)
  • Server-Side Request Forgery (SSRF)
  • Command Injection
  • Insecure Direct Object Referencing
  • Assembling the Pieces: Web Application Assessment Breakdown

WEB-200: Foundational Web Application Assessments with Kali Linux

ادامه مطلب

Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. Learners who complete the course and pass the exam will earn the OffSec Experienced Pentester (OSEP) certification. This course builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching learners to perform advanced penetration tests against mature organizations with an established security function and focuses on bypassing security mechanisms that are designed to block attacks. The OSEP is one of three certifications making up the OSCE certification along with the OSWE for advanced web attacks and OSED for exploit development.

Syllabus

  • Operating System and Programming Theory
  • Client Side Code Execution With Office
  • Client Side Code Execution With Jscript
  • Process Injection and Migration
  • Introduction to Antivirus Evasion
  • Advanced Antivirus Evasion
  • Application Whitelisting
  • Bypassing Network Filters
  • Linux Post-Exploitation
  • Kiosk Breakouts
  • Windows Credentials
  • Windows Lateral Movement
  • Linux Lateral Movement
  • Microsoft SQL Attacks
  • Active Directory Exploitation
  • Combining the Pieces
  • Trying Harder: The Labs

PEN-300: Advanced Evasion Techniques and Breaching Defenses

ادامه مطلب

Wireless Attacks (PEN-210) introduces learners to the skills needed to audit and secure wireless devices and is a foundational course alongside PEN-200 and benefits those who would like to gain more skills in network security. Learners will identify vulnerabilities in 802.11 networks and execute organized techniques and those who complete the course and pass the exam will earn the OffSec Wireless Professional (OSWP) certification.

Syllabus

  • IEEE 802.11
  • Wireless Networks
  • Wi-Fi Encryption
  • Linux Wireless Tools, Drivers, and Stacks
  • Wireshark Essentials
  • Frames and Network Interaction
  • Aircrack-ng Essentials
  • Cracking Authentication Hashes
  • Attacking WPS Networks
  • Rogue Access Points
  • Attacking WPA Enterprise
  • Attacking Captive Portals
  • bettercap Essentials
  • Kismet Essentials
  • Determining Chipsets and Drivers
  • Manual Network Connections
ادامه مطلب

The industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) course introduces penetration testing methodologies, tools, and techniques in a hands-on, self-paced environment. Access PEN-200’s first Learning Module for an overview of course structure, learning approach, and what the course covers. Learners who complete the course and pass the exam will earn the OffSec Certified Professional (OSCP) certification which requires holders to successfully attack and penetrate various live machines in a safe lab environment. The OSCP is considered to be more technical than other ethical hacking certifications and is one of the few that requires evidence of practical penetration testing skills.

ادامه مطلب

This course provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix. The course will teach you the skills to use freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS’s practical approach uses hands-on exercises every day to ensure that you will be able to use these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple forensic techniques for investigating compromised systems.

Syllabus

Hardening Linux/Unix Systems – Part 1

Hardening Linux/Unix Systems – Part 2

Hardening Linux/Unix Systems – Part 3

Application Security – Part 1

Application Security – Part 2

Digital Forensics for Linux/Unix

SEC506: Securing Linux/Unix

ادامه مطلب

The RTFM Video Library is an invaluable resource for serious Red Team members who find themselves on critical missions. Led by a seasoned Red Team operator, this high-quality video series delves into various aspects of offensive security, providing practical guidance and insights.

Syllabus

1: Infrastructure Setup
2: Initial Access
3: Situational Awareness
4: User Level Persistence
5: Escalation
6: Lateral Movement
7: Active Directory Enumeration
8: Domain Fortification
9: Hunting for User Workstations
10: Active Directory Forest Compromise
11: Secret Enclave Compromise
12: Pivoting through Tunnels

RTFM – Red Team Field Manual

ادامه مطلب