ＨｉｄｅＺｅｒｏＯｎｅ

The course will purely focus on Web/Server/Mobile offensive hacking using the Bug Bounty Hunter Mentality.

Syllabus

1. Information Security Concepts.
2. Advanced Reconnaissance Methodologies (10+ methodologies).
3. Advanced Network Scanning & Enumeration.
4. Systems Exploitation.
5. Vulnerability Assessment.
6. Web Hacking Vulnerabilities (Client Side bugs, Server Side bugs, Business Logic Bugs, Server Security Misconfigurations, Bypassing Security Controls, and much more…).
7. Mobile Hacking (Reverse Engineering, Static Analysis, Dynamic Analysis).
8. Source Code Analysis.
9. Forensics Analysis.

Advanced Reconnaissance & Bug Bounty Hacking Methodologies

Designing and building an effective security operation center requires security managers and leaders to fit capabilities to both an organization’s culture and business requirements. Learn the distinct functional areas that every SOC should have. These areas allow organizations to create an architecture for the high-level components of security operations: command center; network security monitoring functionality; threat intelligence; incident response; forensic analysis; and ongoing self-assessment of the attack surface of the organization. With these functional areas in place and aligned with the business, you will be better positioned to thwart modern, motivated threats to your information assets. Content is based on the new SANS MGT517 course entitled “Managing Security Operations: Detection, Response, and Intelligence.” The course covers the design, build, and operation of security operations centers with a deep dive into managing incident response.

MGT517: Designing and Building a SOC

SANS Training Program for CISSP Certification is an accelerated review course designed to prepare you to pass the exam. The course takes into account the 2015 updates to the CISSP exam and prepares students to navigate all types of questions included on the new version of the exam.

Syllabus 

MGT414: SANS Training Program for CISSP® Certification

FOR608: Enterprise-Class Incident Response & Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. By using example tools built to operate at enterprise-class scale, students learn the techniques to collect focused data for incident response and threat hunting, and dig into analysis methodologies to learn multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using an array of analysis techniques.

SEC642 will teach you the advanced skills and techniques required to test modern web applications and next-generation technologies. In this course, you will learn through a combination of lectures, real-world experiences, and hands-on exercises that will teach you the techniques to test the security of tried-and-true internal enterprise web technologies, as well as cutting-edge Internet-facing applications. On the final day of the course, you will apply the knowledge you have acquired in a Capture-the-Flag competition, a fun environment based on real-world technologies.

Syllabus

SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

SEC564 will provide students with the skills to plan and manage Red Team Exercises. Students will understand the tactics, techniques, and procedures (TTPs) used by the adversary to create an adversary emulation plan leveraging MITRE ATT&CK (Adversary Tactics, Techniques, and Common Knowledge). Students will emulate an adversary

Syllabus

 SEC564: Red Team Operations and Threat Emulation