SEC588 will equip you with the latest cloud-focused penetration testing techniques and teach you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers. It also looks at how to identify and test cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It is one thing to assess and secure a data center, but it takes a specialized skill set to evaluate and report on the risks to an organization if its cloud services are left insecure. 27 Hands-on Labs

Syllabus

SEC588.1: Architecture, Discovery, and Recon at Scale
SEC588.2: Attacking Identity Systems
SEC588.3: Attacking and Abusing Cloud Services
SEC588.4: Vulnerabilities in Cloud-Native Applications
SEC588.5: Infrastructure Attacks and Red Teaming
SEC588.6: Capstone Event
ادامه مطلب

SEC580 will teach you how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen. In this course, you will learn how Metasploit can fit into your day-to-day penetration testing assessment activities. You’ll gain an in-depth understanding of the Metasploit Framework far beyond how to exploit a remote system. You’ll also explore exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

Syllabus

SEC580.1: Metasploit for Enterprise Penetration Testing – Section 1
SEC580.2: Metasploit for Enterprise Penetration Testing – Section 2
ادامه مطلب

The challenges faced by security professionals are constantly evolving, so there is a huge demand for those who can understand a technology problem and quickly develop a solution. If you have to wait on a vendor to develop a tool to recover a forensics artifact, or to either patch or exploit that new vulnerability, then you will always be behind. It is no longer an option for employers serious about information security to operate without the ability to rapidly develop their own tools. This course will give you the skills to develop solutions so that your organization can operate at the speed of the adversary. SEC573 is an immersive, self-paced, hands-on, and lab-intensive course. After covering the essentials required for people who have never coded before, the course will present students with real-world forensics, defensive, and offensive challenges. You will develop a malware dropper for an offensive operation; learn to search your logs for the latest attacks; develop code to carve forensics artifacts from memory, hard drives, and packets; automate the interaction with an online website’s API; and write a custom packet sniffer. Through fun and engaging labs, you’ll develop useful tools and build essential skills that will make you the most valuable member of your information security team. 128 Hands-on Labs + Capture-the-Flag Challenge

Syllabus

SEC573.1: Essentials Workshop with pyWars
SEC573.2: Essentials Workshop with MORE pyWars
SEC573.3: Defensive Python
SEC573.4: Forensics Python
SEC573.5: Offensive Python
SEC573.6: Capture-the-Flag Challenge

SEC573: Automating Information Security with Python

ادامه مطلب

SEC560 prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. The course material is complemented with 30+ practical lab exercises concluding with an intensive, hands-on Capture-the-Flag exercise in which you will conduct a penetration test against a sample target organization and demonstrate the knowledge you have mastered.

Syllabus

SEC560.1: Comprehensive Penetration Test Planning, Scoping, Recon, and Scanning
SEC560.2: Initial Access, Payloads, and Situational Awareness
SEC560.3: Privilege Escalation, Persistence, and Password Attacks
SEC560.4: Lateral Movement and Reporting
SEC560.5: Domain Domination and Azure Annihilation
SEC560.6: Penetration Test and Capture-the-Flag Exercise

SEC560: Enterprise Penetration Testing

ادامه مطلب

SEC467 will prepare you to add social engineering skills to your security strategy. In this course, you will learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You will also learn how to conduct pretexting exercises, and you will put what you have learned into practice with a fun Capture-the-Human exercise. SEC467 will open up new attack possibilities, help you better understand the human vulnerability in attacks, and provide you with hands-on practice with snares that have been proven effective.

Syllabus

SEC467.1: Social Engineering Fundamentals, Recon, and Phishing
SEC467.2: Media Drops and Payloads, Pretexting, Physical Testing, and Reporting

SEC467: Social Engineering for Security Professionals

ادامه مطلب