ＨｉｄｅＺｅｒｏＯｎｅ

The course “Attacking and Defending Azure & M365” is a comprehensive training program offered by Xintra. It provides an in-depth understanding of attack techniques, detection, forensics, and mitigation strategies on Azure and Microsoft 365. The course is designed to be hands-on and includes practical labs for real-world learning. It is suitable for individuals interested in cybersecurity, particularly in the context of Azure and Microsoft 365 environments. The course is self-paced, allowing learners to progress at their own speed, and also includes live sessions for interactive learning.

Syllabus

1. Introduction
2. Overview of Azure/M365
3. Setting Up Your Environment
4. Log Analysis Using SOF-ELK
5. Reconnaissance & Enumeration
6. Initial Access Techniques
7. Credential Theft
8. Lateral Movement Techniques
9. Privilege Escalation
10. Persistence Techniques
11. Defense Evasion

Attacking and Defending Azure & M365

SEC661 is designed to break down the complexity of exploit development and the difficulties with analyzing software that runs on IoT devices. Students will learn how to interact with software running in ARM environments and write custom exploits against known IoT vulnerabilities.

SEC661.2: Exploiting IoT Devices

SEC661: ARM Exploit Development

SEC542 empowers students to quickly evaluate and expose security vulnerabilities in web applications, showcasing the potential business repercussions of exploitation. Gain practical experience in exploiting web apps within your enterprise, mastering attackers’ tools and methods. Through hands-on exercises you will learn a best practice process for web application penetration testing, inject SQL into back-end databases to learn how attackers exfiltrate sensitive data, and utilize cross-site scripting attacks to dominate a target infrastructure. 30+ Hands-on Labs

SEC542.1: Introduction and Information Gathering
SEC542.2: Fuzzing, Scanning, Authentication, and Session Testing
SEC542.3: Injection
SEC542.4: XSS, SSRF, and XXE
SEC542.5: CSRF, Logic Flaws and Advanced Tools
SEC542.6: Capture the Flag

SEC542: Web App Penetration Testing and Ethical Hacking

Smart Contract Hacking is a comprehensive online course that teaches you how to secure, hack, and use blockchain and smart contract technology. The course covers the fundamentals of blockchain, the popular Ethereum coding language Solidity, and the tools and techniques for auditing and exploiting smart contracts. You will learn how to deploy, scan, and test various blockchain implementations and protocols, such as Bitcoin, Ethereum, Solana, Cosmos, Near, NFTs, DeFi, and Web3. You will also get access to hands-on exercises, challenges, and quizzes to reinforce your learning and gain practical experience. By the end of the course, you will have the skills and knowledge to become a proficient web3 security professional.

Syllabus

Intro
Career Paths
EVM
Environment & Dev Tools
Exercises Guidelines
Tokens crash course: ERC20
Tokens crash course: ERC721
ReEntrsncy Attacks
Arithmetic over/underflow
Phishing Attacks
Randomness Vulnerabilities
Access Control & Default Visibility
DEFI Crash Course: DEXes
DEFI Crash Course: Money Markets
Replay Attacks
Flash Loans & Flash Swaps
Flash Loan Attacks
Denial of Service
Sensitive On-Chain Data
Unchecked Return Value
Frontrunning
DAO & Governance Attacks
Oracle Manipulation
Call / Delegate call Attacks

Smart Contract Hacking Course

SEC504 helps you develop the skills to conduct incident response investigations. You will learn how to apply a dynamic incident response process to evolving cyber threats, and how to develop threat intelligence to mount effective defense strategies for cloud and on-premises platforms. You’ll examine the latest threats to organizations, from watering hole attacks to business email compromise, getting you into the mindset of attackers and anticipating their moves. SEC504 gives you the skills you need to understand how attackers scan, exploit, pivot, and establish persistence in cloud and conventional systems. To reinforce these skills, and to help you retain the course material, 50% of class time is spent on hands-on exercises, using visual association tools to break down complex topics. This course prepares you to conduct cyber investigations and will boost your career by helping you develop these in-demand skills. 33 full labs, 18 Lightning Labs, and an immersive capture the flag event.