ＨｉｄｅＺｅｒｏＯｎｅ

Syllabus

Penetration Testing with Kali Linux : General Course Introduction

Introduction to Cyber security

Effective Learning Strategies

Report Writing for Penetration Testers

Information Gathering

Vulnerability Scanning

Introduction to Web Applications

Common Web Application Attacks

SQL Injection Attacks

Client-Side Attacks

Locating Public Exploits

Fixing Exploits

Antivirus Evasion

Password Attacks

Windows Privilege Escalation

Linux Privilege Escalation

Port Redirection and SSH Tunneling

Advanced Tunneling

The Metasploit Framework

Active Directory Introduction and Enumeration

Attacking Active Directory Authentication

Attacking Active Directory Authentication

Lateral Movement in Active Directory

Assembling the Pieces

Trying Harder: The Labs

PEN-200: Penetration Testing with Kali Linux

This course provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix. The course will teach you the skills to use freely available tools to handle security issues, including SSH, AIDE, sudo, lsof, and many others. SANS’s practical approach uses hands-on exercises every day to ensure that you will be able to use these tools as soon as you return to work. We will also put these tools to work in a special section that covers simple forensic techniques for investigating compromised systems.

Syllabus

Hardening Linux/Unix Systems – Part 1

Hardening Linux/Unix Systems – Part 2

Hardening Linux/Unix Systems – Part 3

Application Security – Part 1

Application Security – Part 2

Digital Forensics for Linux/Unix

SEC506: Securing Linux/Unix

The RTFM Video Library is an invaluable resource for serious Red Team members who find themselves on critical missions. Led by a seasoned Red Team operator, this high-quality video series delves into various aspects of offensive security, providing practical guidance and insights.

Syllabus

1: Infrastructure Setup
2: Initial Access
3: Situational Awareness
4: User Level Persistence
5: Escalation
6: Lateral Movement
7: Active Directory Enumeration
8: Domain Fortification
9: Hunting for User Workstations
10: Active Directory Forest Compromise
11: Secret Enclave Compromise
12: Pivoting through Tunnels

RTFM – Red Team Field Manual

Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents. An offense-in-depth approach may be applied to offensive practitioner’s looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, border hosts, and many of them are tied to the internal network in some way. This course aims to help offensive practitioners successfully exercise their client environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper hand on your assessments.

Antisyphon: Enterprise Attack Initial Access w/ Steve Borosh

SEC455 serves as an important primer to those who are unfamiliar with the architecture of an Elastic-based SIEM. Students that have taken or plan to take additional cyber defense courses may find SEC455 to be a helpful supplement to the advanced concepts they will encounter in courses such as SEC555.

Syllabus