ＨｉｄｅＺｅｒｏＯｎｅ

This course covers key aspects of cybersecurity, including understanding threats, vulnerabilities, and the necessary countermeasures. It may also delve into specialized areas such as zero-day vulnerability research.

ZeroDayEngineering – Cybersecurity vs. Zero Day Engineering

This 4-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

This is a hand-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both new and old attack vectors.

Syllabus

Defending and attacking Web APIs (REST, GraphQL..etc)
Attacking and securing AWS APIs and infrastructure.
Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, Deserialization & object injection)
Deploying practical cryptography.
Securing passwords and secrets in APIs.
API authentication and authorization.
Targeting and defending API architectures (Serverless, web services, web APIs)
Securing development environments.

Attacking and Securing APIS (2021)

Invicti – Web Application Security For Enterprise

Tenable Nessus is a powerful vulnerability scanner that helps you identify and fix security issues in your network, web applications, cloud infrastructure, and more. With Nessus, you can:

• Scan your IT assets for thousands of known and emerging vulnerabilities, with low false positives and high accuracy.
• Audit your systems for compliance with industry standards and best practices, such as PCI DSS, CIS Benchmarks, NIST, and more.
• Discover and assess your internet-exposed attack surface, including web applications, domains, certificates, and cloud assets.
• Leverage advanced features such as web application scanning, external attack surface scanning, cloud infrastructure scanning, and custom policies.

LEG523 is a specialized course designed to provide participants with a comprehensive understanding of the legal frameworks and regulatory environments that govern cybersecurity and data privacy. This course is ideal for legal professionals, compliance officers, and cybersecurity practitioners who need to navigate the complex intersection of technology and law.