ＨｉｄｅＺｅｒｏＯｎｅ

The course “Attacking and Defending Azure & M365” is a comprehensive training program offered by Xintra. It provides an in-depth understanding of attack techniques, detection, forensics, and mitigation strategies on Azure and Microsoft 365. The course is designed to be hands-on and includes practical labs for real-world learning. It is suitable for individuals interested in cybersecurity, particularly in the context of Azure and Microsoft 365 environments. The course is self-paced, allowing learners to progress at their own speed, and also includes live sessions for interactive learning.

Syllabus

1. Introduction
2. Overview of Azure/M365
3. Setting Up Your Environment
4. Log Analysis Using SOF-ELK
5. Reconnaissance & Enumeration
6. Initial Access Techniques
7. Credential Theft
8. Lateral Movement Techniques
9. Privilege Escalation
10. Persistence Techniques
11. Defense Evasion

Attacking and Defending Azure & M365

SEC661 is a specialized course focused on advanced exploitation techniques for ARM-based architectures. Tailored for experienced security professionals, the course delves into the intricacies of ARM assembly, reverse engineering, and vulnerability discovery. Participants will explore real-world exploitation scenarios, including stack overflows, return-oriented programming (ROP), and bypassing modern mitigation techniques like DEP and ASLR on ARM systems. With hands-on labs and detailed guidance, SEC661 prepares attendees to analyze and exploit vulnerabilities in IoT devices, mobile platforms, and embedded systems, equipping them with the skills to defend against sophisticated attacks targeting ARM-based technologies.

SEC542 provides hands-on training for identifying and exploiting vulnerabilities in web applications while teaching the ethical hacking techniques necessary to secure them. Participants will explore critical areas such as injection flaws, cross-site scripting (XSS), authentication bypasses, and security misconfigurations. The course includes advanced topics like automated scanning, manual testing techniques, and analyzing modern web technologies such as APIs, frameworks, and single-page applications. Through practical labs and real-world scenarios, SEC542 equips security professionals with the skills to assess web applications effectively and provide actionable remediation strategies to strengthen overall security posture.

Smart Contract Hacking is a comprehensive online course that teaches you how to secure, hack, and use blockchain and smart contract technology. The course covers the fundamentals of blockchain, the popular Ethereum coding language Solidity, and the tools and techniques for auditing and exploiting smart contracts. You will learn how to deploy, scan, and test various blockchain implementations and protocols, such as Bitcoin, Ethereum, Solana, Cosmos, Near, NFTs, DeFi, and Web3. You will also get access to hands-on exercises, challenges, and quizzes to reinforce your learning and gain practical experience. By the end of the course, you will have the skills and knowledge to become a proficient web3 security professional.

Syllabus

Intro
Career Paths
EVM
Environment & Dev Tools
Exercises Guidelines
Tokens crash course: ERC20
Tokens crash course: ERC721
ReEntrsncy Attacks
Arithmetic over/underflow
Phishing Attacks
Randomness Vulnerabilities
Access Control & Default Visibility
DEFI Crash Course: DEXes
DEFI Crash Course: Money Markets
Replay Attacks
Flash Loans & Flash Swaps
Flash Loan Attacks
Denial of Service
Sensitive On-Chain Data
Unchecked Return Value
Frontrunning
DAO & Governance Attacks
Oracle Manipulation
Call / Delegate call Attacks

Smart Contract Hacking Course

SEC504 is a foundational course that provides a comprehensive understanding of the tools and techniques used by attackers, as well as strategies for detecting and responding to cyber incidents. The course teaches participants to think like an attacker while strengthening their defensive skills. Key topics include reconnaissance, scanning, exploitation, post-exploitation tactics, and malware analysis.

The Advanced Penetration Testing Learning Path provides all the advanced skills required to carry out a thorough and professional penetration test against modern networks and infrastructure, such as the ability to execute state-sponsored-like operations and advanced adversary simulations.

You must be familiar with PowerShell scripting, Active Directory administration and Windows internals knowledge, basic reverse engineering skills, and possess a good working knowledge of network protocols, as the content dives into all stages of a red-teaming engagement.

Learning path at a glance:
-Implementation details on numerous undocumented attacks
-Obscure ways of exploitation and backdooring
-Advanced client-side exploitation techniques
-Custom attack vector and payload creation
-Custom payload creation techniques
-In-depth analysis of Active Directory exploitation
-Stealthy lateral movement and evasion against modern defenses
-In-depth analysis of critical domain infrastructure exploitation
-In-depth details of common misconfigurations and weaknesses
-Details for covert operations and stealthy persistence

eCPTX