ＨｉｄｅＺｅｒｏＯｎｅ

What is the use of Burp Suite? Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Syllabus

Web Application Penetration Testing with Burp Suite

Advanced Web Application Penetration Testing with Burp Suite

Writing Burp Suite Macros and Plugins

Pluralsight: Web Security Testing with Burp Suite

Pluralsight: Shell Scripting with Bash and Z Shell

NIST defines an Intrusion Detection System (IDS) as software that looks for suspicious activity and alerts administrators. In the NIST Special Publication 800-62 it goes on to say that it is a security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner. NIST Special Publication 800-161 states that an Intrusion Prevention System (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Such systems are key in enterprise network security monitoring. This skills path is designed for anyone looking to learn and utilize the most popular open source IDS/IPS tools; Snort, Suricata and Zeek (formally Bro). The learner can study the tool that best fits their needs and environment or review all three. For each tool you will gain an understanding of the fundamentals of each tool in the getting started courses. You’ll then discover scripting and rule sets, before looking at extensions, frameworks and integrations. The final course will be utilizing the tools in an enterprise environment or for distributed operations. 

Syllabus

1. Enterprise Security Monitoring with Snort
2. Enterprise Security Monitoring with Suricata
3. Enterprise Security Monitoring with Zeek (formerly Bro)

Pluralsight: Enterprise Security Monitoring with Open Source Network IDS & IPS

Do you want to level up your cloud penetration testing skills? The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this training course, hacking concepts will be introduced for each of those services. This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.

Antisyphon: Breaching the Cloud w/ Beau Bullock

One of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur. Much of this class is spent focusing on the IP, ICMP, UDP, and TCP headers. We will step through each of the fields within each header to ensure that the student understands how the data within that field plays a role in communications. This knowledge is deepened by observing the behavior in packet decodes, some of which are normal traffic while some are common attacks.

Antisyphon: Getting Started in Packet Decoding w/ Chris Brenton