برچسب: Pentest

SEC588 will equip you with the latest cloud-focused penetration testing techniques and teach you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers. It also looks at how to identify and test cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It is one thing to assess and secure a data center, but it takes a specialized skill set to evaluate and report on the risks to an organization if its cloud services are left insecure. 27 Hands-on Labs

ادامه مطلب

SEC580 will teach you how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen. In this course, you will learn how Metasploit can fit into your day-to-day penetration testing assessment activities. You’ll gain an in-depth understanding of the Metasploit Framework far beyond how to exploit a remote system. You’ll also explore exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

Syllabus

SEC580.1: Metasploit for Enterprise Penetration Testing – Section 1
SEC580.2: Metasploit for Enterprise Penetration Testing – Section 2
ادامه مطلب

SEC560 prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. The course material is complemented with 30+ practical lab exercises concluding with an intensive, hands-on Capture-the-Flag exercise in which you will conduct a penetration test against a sample target organization and demonstrate the knowledge you have mastered.

Syllabus

SEC560.1: Comprehensive Penetration Test Planning, Scoping, Recon, and Scanning
SEC560.2: Initial Access, Payloads, and Situational Awareness
SEC560.3: Privilege Escalation, Persistence, and Password Attacks
SEC560.4: Lateral Movement and Reporting
SEC560.5: Domain Domination and Azure Annihilation
SEC560.6: Penetration Test and Capture-the-Flag Exercise

SEC560: Enterprise Penetration Testing

ادامه مطلب

SEC467 will prepare you to add social engineering skills to your security strategy. In this course, you will learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You will also learn how to conduct pretexting exercises, and you will put what you have learned into practice with a fun Capture-the-Human exercise. SEC467 will open up new attack possibilities, help you better understand the human vulnerability in attacks, and provide you with hands-on practice with snares that have been proven effective.

Syllabus

SEC467.1: Social Engineering Fundamentals, Recon, and Phishing
SEC467.2: Media Drops and Payloads, Pretexting, Physical Testing, and Reporting

SEC467: Social Engineering for Security Professionals

ادامه مطلب

SEC575 will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

Syllabus

SEC575.1: Device Architecture and Application Interaction

SEC575.2: The Stolen Device Threat and Mobile Malware

SEC575.3: Static Application Analysis

SEC575.4: Dynamic Mobile Application Analysis and Manipulation

SEC575.5: Mobile Penetration Testing

SEC575.6: Hands-on Capture-the-Flag Event

SEC575: iOS and Android Application Security Analysis and Penetration Testing

ادامه مطلب

In the Intro to Offensive Tooling class, you will learn about many of the tools used by attackers to identify vulnerabilities and exploit them. This hands-on course covers a variety of offensive tools, such as Nmap, Recon-ng, Metasploit, Proxychains, Responder, and many more. Through a series of practical labs, you will gain experience in using these tools to assess the security of systems and networks. In addition to learning how to use these tools effectively, you will also explore the ethical considerations surrounding offensive tooling, how to responsibly use these tools to protect sensitive information, and prevent cyber attacks. By the end of this course, you will have a strong foundation in offensive tooling and be well-equipped to apply your knowledge to a wide range of security challenges.

Antisyphon: Offensive Development w/ Greg Hatcher & John Stigerwalt

ادامه مطلب