Denna workshop leds av en expert från säkerhetsföretaget Cqure, och låter dig få känna på de kritiska momenten i ett högkvalitativt penetrationstest. Den passar utmärkt upptakt inför att gå fortsättningskursen Securing Windows Infrastructure. Kursen är framtagen av Paula Januszkiewicz säkerhetsteam, vars medlemmar turas om att hålla den. Kursen hålls på engelska.Mer information & fakta
In this workshop you will investigate the critical tasks for a high-quality penetration test. We'll look at the most efficient ways to map a network and discover target systems and services. Once the systems are discovered, we will search for vulnerabilities and reduce false positives with manual vulnerability verification. At the end we will look at exploitation techniques, including the use of the authored and commercial tools. In the attack summary we will always go through the securing techniques.
Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. Participation in this course will give you the Cqure Academy certificate Certified Security Engineer (CSEN).
- Hacking Windows Platform: Detecting unnecessary services, Misusing service accounts, Implementing rights, permissions and privileges, Direct Kernel Object Modification
- Top 50 tools: the attacker's best friends: Practical walkthrough through tools, Using tools against scenarios
- Modern Malware: Techniques used by modern malware, Advanced Persistent Threats, Fooling common protection mechanisms
- Physical Access: Misusing USB and other ports, Offline Access techniques, BitLocker unlocking
- Intercepting Communication: Communicating through firewalls, Misusing Remote Access, DNS based attacks
- Hacking Web Server: Detecting unsafe servers, Hacking HTTPS, Distributed Denial of Service attacks
- Data in-Security: File format attacks for Microsoft Office, PDF and other file types, Using incorrect file servers' configuration, Basic SQL Server attacks
- Password attacks: Pass-the-Hash attacks, Stealing the LSA Secrets, Other
- Hacking automation: Misusing administrative scripts, Script based scanning
Exploits are not the only way to get to systems! We will go through the operating systems' build in problems and how they can be beneficial for hackers! One of the most important things to conduct a successful attack is to understand how the targets work. To the bones! After that everything is clear and the tool is just a matter of our need.
The course that covers all aspects of Windows infrastructure security from the hacker's mind perspective!
Our goal is to show and teach you what kind of mechanisms are allowing to get inside the infrastructure and how to get into operating systems. After the course you will gain penetration tester's knowledge and tools. And to get more practice we offer one week more of labs online! We really want you to leave from the class with the practical, ready-to-use knowledge on the ways to get into the infrastructure.
This is a deep dive course. It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions! The course has a form of intense workshop and you MUST stay awake just not to miss a thing!
All exercises are based on Windows Server 2012 R2 and Windows 8.1. Some examples are also shown on Windows Server 2012 to accommodate the difference.
To attend this training you should have good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.