ＨｉｄｅＺｅｒｏＯｎｅ

Stay frosty within AWS, Azure, & GCP environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms. In this course you will: Exploit serverless (e.g. Lambda, Azure Functions) applications for initial access into targets. Pivot between data and control planes to expand access (e.g. secrets, snapshots) Evade and disrupt cloud logging platforms (e.g. CloudTrail) to remain undetected. Breach and backdoor boundaries (e.g. VPCs) to access hard to reach systems. Expanding access within Kubernetes (K8s) envs (e.g. GCP bypass of metadata protections) Compete throughout the course in our hands-on Capture the Flag (CTF) tournament!

Astute AWS/Azure/GCP Cloud Red Team: It’s Raining Shells! – 2021

Invicti – Web Application Security For Enterprise

Acunetix is a web application security scanner that helps you find and fix vulnerabilities in your web applications, web services, and APIs. It can scan any website or web application that uses HTTP or HTTPS protocol and supports various frameworks, languages, and technologies. Acunetix can detect over 7,000 types of vulnerabilities, including OWASP Top 10, SQL injection, XSS, misconfigurations, exposed databases, and more. It also provides vulnerability assessment and management features, such as severity ratings, remediation guidance, false positive reduction, and integration with development tools. Acunetix is available as an on-premise or cloud solution and can be used by businesses of all sizes to automate web application security testing and ensure long-term protection.

Tenable Nessus is a powerful vulnerability scanner that helps you identify and fix security issues in your network, web applications, cloud infrastructure, and more. With Nessus, you can:

• Scan your IT assets for thousands of known and emerging vulnerabilities, with low false positives and high accuracy.
• Audit your systems for compliance with industry standards and best practices, such as PCI DSS, CIS Benchmarks, NIST, and more.
• Discover and assess your internet-exposed attack surface, including web applications, domains, certificates, and cloud assets.
• Leverage advanced features such as web application scanning, external attack surface scanning, cloud infrastructure scanning, and custom policies.

Specialized Testing: Sessions and Tokens

Web App Pen Testing: MappingSpecialized Testing: XSS

Specialized Testing: SQL InjectionSpecialized Testing: CSRF

Specialized Testing: DeserializationSpecialized Testing: API Testing

Pluralsight – Web App Pen Testing

This series provides the foundational knowledge needed to ethically and effectively discover and exploit vulnerabilities in systems by assuming both the mindset and toolset of an attacker. Through learning how systems are attacked you will gain an understanding of how best to protect systems and improve your organization’s security

Syllabus

Understanding Ethical Hacking

Reconnaissance/Footprinting

Scanning Networks

Enumeration

Vulnerability Analysis

Pluralsight: Ethical Hacking Fundamentals