دسته: SANS

SEC560 prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. The course material is complemented with 30+ practical lab exercises concluding with an intensive, hands-on Capture-the-Flag exercise in which you will conduct a penetration test against a sample target organization and demonstrate the knowledge you have mastered.

Syllabus

SEC560.1: Comprehensive Penetration Test Planning, Scoping, Recon, and Scanning
SEC560.2: Initial Access, Payloads, and Situational Awareness
SEC560.3: Privilege Escalation, Persistence, and Password Attacks
SEC560.4: Lateral Movement and Reporting
SEC560.5: Domain Domination and Azure Annihilation
SEC560.6: Penetration Test and Capture-the-Flag Exercise

SEC560: Enterprise Penetration Testing

ادامه مطلب

SEC467 will prepare you to add social engineering skills to your security strategy. In this course, you will learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You will also learn how to conduct pretexting exercises, and you will put what you have learned into practice with a fun Capture-the-Human exercise. SEC467 will open up new attack possibilities, help you better understand the human vulnerability in attacks, and provide you with hands-on practice with snares that have been proven effective.

Syllabus

SEC467.1: Social Engineering Fundamentals, Recon, and Phishing
SEC467.2: Media Drops and Payloads, Pretexting, Physical Testing, and Reporting

SEC467: Social Engineering for Security Professionals

ادامه مطلب

With Open-Source Intelligence (OSINT) being the engine of most major investigations in this digital age the need for a more advanced course was imminent. The data in almost every OSINT investigation becomes more complex to collect, exploit and analyze. For this OSINT practitioners all around the world have a need for performing OSINT at scale and means and methods to check and report on the reliability of their analysis for sound and unbiased reports. In SEC587 you will learn how to perform advanced OSINT Gathering & Analysis as well as understand and use common programming languages such as JSON and Python. SEC587 also will go into Dark Web and Financial (Cryptocurrency) topics as well as disinformation, advanced image and video OSINT analysis. This is an advanced fast-paced course that will give seasoned OSINT investigators new techniques and methodologies and entry-level OSINT analysts that extra depth in finding, collecting and analyzing data sources from all around the world.

Syllabus

SEC587.1: Disinformation and Coding for OSINT Efficiency
SEC587.2: Intelligence Analysis and Data Analysis with Python
SEC587.3: Sensitive Group Investigations and Video and Image Verification
SEC587.4: Sock Puppets, OPSEC, Dark Web and Cryptocurrency
SEC587.5: Automated Monitoring and Vehicle Tracking
SEC587.6: Capstone: Capture (and Present) the Flags

SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

ادامه مطلب

SEC554 will teach you all topics relevant to securing, hacking, and using blockchain and smart contract technology. The course takes a detailed look at the technology that underpins multiple implementations of blockchain, the cryptography and transactions behind them, the various smart contract languages like Solidity and Rust, and the protocols built with them like NFTs, DeFi, and Web3. The labs in the course provide the hands-on training and tools needed to deploy, audit, scan, and exploit blockchain and smart contract assets, as well as actively learn how to defend them and identify threats and threat actors using them for malicious purposes.

Syllabus

SEC554.1: Blockchain and Smart Contract Fundamentals
SEC554.2: Smart Contract Hacking – Solidity
SEC554.3: Smart Contract Hacking – Rust
SEC554.4: Exploiting DeFi Protocols
SEC554.5: Cross-Chain, Defense, and Compliance

SEC554: Blockchain and Smart Contract Security

ادامه مطلب

This course is designed to help students build and maintain a truly defensible security architecture, while taking them on a journey towards implementing Zero Trust principles, pillars and capabilities. There will be a heavy focus on leveraging current infrastructure and investment. Students will learn how to assess, re-configure and validate existing technologies to significantly improve their organizations’ prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways. The course will also delve into some of the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure, layer by layer, across hybrid environments, as you embark on a journey towards Zero Trust. 23 Hands-On Labs + Capstone Secure the Flag Challenge

Syllabus

SEC530.1: Defensible Security Architecture and Engineering: A Journey Towards Zero Trust
SEC530.2: Network Security Architecture and Engineering
SEC530.3: Network-Centric Application Security Architecture
SEC530.4: Data-Centric Application Security Architecture
SEC530.5: Zero-Trust Architecture: Addressing the Adversaries Already in Our Networks
SEC530.6: Hands-On Secure the Flag Challenge

SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise

ادامه مطلب

Organizations are becoming multi cloud by choice or by chance. However, although each cloud provider is responsible for the security of the cloud, its customers are responsible for what they do in the cloud. Unfortunately, this means that security professionals must support hundreds of different services across multiple clouds. Many of these services are insecure by default, and few of them are consistent across the different clouds. Security teams need a deep understanding of each cloud’s services to lock them down. As the multicloud landscape rapidly evolves, security is constantly playing catch-up to avert disaster. SEC510: Public Cloud Security: AWS, Azure, and GCP solves this problem by teaching you the security nuances between the Big 3 cloud providers and how to securely configure their Platform as a Service (PaaS) / Infrastructure as a Service (IaaS) offerings. 20 Hands-On Labs + Bonus Challenges

Syllabus

SEC510.1: Cloud Identity and Access Management
SEC510.2: Cloud Virtual Networks
SEC510.3: Cloud Data Security
SEC510.4: Cloud Application Services and User Security
SEC510.5: Multicloud and Cloud Security Posture Management

SEC510: Public Cloud Security: AWS, Azure, and GCP

ادامه مطلب