دسته: SANS

You will learn the skills required to reverse-engineer applications to find vulnerabilities, perform remote user application and kernel debugging, analyze patches for one-day exploits, perform advanced fuzzing, and write complex exploits against targets such as the Windows kernel and the modern Linux heap, all while circumventing or working with against cutting-edge exploit mitigation.

Syllabus

SEC760.1: Exploit Mitigations and Reversing with IDA
SEC760.2: Advanced Linux Exploitation
SEC760.3: Advanced Fuzzing
SEC760.4: Patch Diffing, One-Day Exploits, and Windows Kernels
SEC760.5: Windows Kernel Debugging and Exploitation
SEC760.6: Capture-the-Flag Challenge

ادامه مطلب

SEC660 is designed as a logical progression point for students who have completed SEC560: Network Penetration Testing and Ethical Hacking , or for those with existing penetration testing experience. This course provides you with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and teaches you how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws. 30+ Hands-on Labs

Syllabus

SEC660.1: Network Attacks for Penetration Testers
SEC660.2: Crypto and Post-Exploitation
SEC660.3: Python, Scapy, and Fuzzing
SEC660.4: Exploiting Linux for Penetration Testers
SEC660.5: Exploiting Windows for Penetration Testers
SEC660.6: Capture the Flag Challenge

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

ادامه مطلب

SEC617 will give you the skills you need to understand the security strengths and weaknesses in wireless systems. In this course, you will learn how to evaluate the ever-present cacophony of Wi-Fi networks and identify the Wi-Fi access points and client devices that threaten your organization; assess, attack, and exploit deficiencies in modern Wi-Fi deployments using WPA2 technology, including sophisticated WPA2-Enterprise networks; use your understanding of the many weaknesses in Wi-Fi protocols and apply it to modern wireless systems; and identify and attack Wi-Fi access points and exploit the behavioral differences in how client devices scan for, identify, and select access points.

Syllabus

SEC617.1: Wi-Fi Data Collection and Analysis
SEC617.2: Wi-Fi Attack and Exploitation Techniques
SEC617.3: Enterprise Wi-Fi and Zigbee Attacks
SEC617.4: Bluetooth and Software Defined Radio Attacks
SEC617.5: RFID, Smart Cards, and NFC Hacking
SEC617.6: Capture the Flag Event

SEC617: Wireless Penetration Testing and Ethical Hacking

ادامه مطلب

SEC588 will equip you with the latest cloud-focused penetration testing techniques and teach you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers. It also looks at how to identify and test cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It is one thing to assess and secure a data center, but it takes a specialized skill set to evaluate and report on the risks to an organization if its cloud services are left insecure. 27 Hands-on Labs

ادامه مطلب

SEC580 will teach you how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen. In this course, you will learn how Metasploit can fit into your day-to-day penetration testing assessment activities. You’ll gain an in-depth understanding of the Metasploit Framework far beyond how to exploit a remote system. You’ll also explore exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

Syllabus

SEC580.1: Metasploit for Enterprise Penetration Testing – Section 1
SEC580.2: Metasploit for Enterprise Penetration Testing – Section 2
ادامه مطلب

The challenges faced by security professionals are constantly evolving, so there is a huge demand for those who can understand a technology problem and quickly develop a solution. If you have to wait on a vendor to develop a tool to recover a forensics artifact, or to either patch or exploit that new vulnerability, then you will always be behind. It is no longer an option for employers serious about information security to operate without the ability to rapidly develop their own tools. This course will give you the skills to develop solutions so that your organization can operate at the speed of the adversary. SEC573 is an immersive, self-paced, hands-on, and lab-intensive course. After covering the essentials required for people who have never coded before, the course will present students with real-world forensics, defensive, and offensive challenges. You will develop a malware dropper for an offensive operation; learn to search your logs for the latest attacks; develop code to carve forensics artifacts from memory, hard drives, and packets; automate the interaction with an online website’s API; and write a custom packet sniffer. Through fun and engaging labs, you’ll develop useful tools and build essential skills that will make you the most valuable member of your information security team. 128 Hands-on Labs + Capture-the-Flag Challenge

Syllabus

SEC573.1: Essentials Workshop with pyWars
SEC573.2: Essentials Workshop with MORE pyWars
SEC573.3: Defensive Python
SEC573.4: Forensics Python
SEC573.5: Offensive Python
SEC573.6: Capture-the-Flag Challenge

SEC573: Automating Information Security with Python

ادامه مطلب