SlideShare a Scribd company logo

Offensive cyber security engineer updated

I
InfosecTrain

The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.

Education
1 of 24
www.infosectrain.com | sales@infosectrain.com OFFENSIVE CYBER SECURITY ENGINEER TRAINING PROGRAM 120 hrs of instructor-led Live Online training Exam voucher included for EC-Council CEH Make you ready for face-off Extra Doubt clearing sessions Hands on lab
www.infosectrain.com | sales@infosectrain.com 01 Offensive Cyber Security Expert MITRE ATT&CK ISO 27001 Fundamental/PCI-DSS Job Interview Preparation You start here Advanced Penetration Testing Exploit Development Basics (Python Shell Script) Review entire job skill set Certified Ethical Hacker (CEH) Learning Path
www.infosectrain.com | sales@infosectrain.com 02 Tools covered Offensive Cyber Security Engineer SUBLIST3r XSS-LOADER sqlmap
www.infosectrain.com | sales@infosectrain.com 03 What are the career benefits of this training program? In order to land into a good job as an Offensive Security Engineer analyst must have a 360-degree view of the cybersecurity domains that comprise a wide vari- ety of components and technology. We have bundled all the Skill Sets into this Offensive Cyber Security Engineer’s program. What skills will you learn? At the end of this Master Certificate in Cyber Security Program, you will be equipped with the following skillsets: Pre-Requisite • Offensive Security Engineering course • Prior knowledge of Basic Networking Protocols, OS fundamental, Linux basics is recommended. Master advanced hacking concepts to manage information security efficiently. Writing your own custom codes. Understanding the windows and Linux environment more closely. Understand the corporate infrastructure at a different level Design security architecture and framework for a secure IT operation.
www.infosectrain.com | sales@infosectrain.com 04 Security Fundamentals : Eccouncil CEH / CEH (Practical) This course would be covering the essentials of security, touching base on se- curity terminologies, various attack methodologies and techniques used by offenders/hackers in the real world. Advancing forward, it also covers in-depth, various aspects of the cybersecurity field. The course also provides hands-on experience on various industrial tools used for these purposes. Module 01: Introduction to Ethical Hacking Module 02: Footprinting and Reconnaissance Module 03: Scanning Networks Module 04: Enumeration Module 05: Vulnerability Analysis Module 06: System Hacking Module 07: Malware Threats Module 08: Sniffing Module 09: Social Engineering Module 10: Denial-of-Service Module 11: Session Hijacking Module 12: Evading IDS, Firewalls, and Honeypots Module 13: Hacking Web Servers Module 14: Hacking Web Applications Module 15: SQL Injection Module 16: Hacking Wireless Networks Module 17: Hacking Mobile Platforms Module 18: IoT Hacking Module 19: Cloud Computing Module 20: Cryptography CEH YEAR 2020
www.infosectrain.com | sales@infosectrain.com 05 Advanced Pentest : InfosecTrain APT This is an advanced level course designed by experts for InfosecTrain. The course imparts a very high level of understanding of various components of infrastruc- ture, including OS, IDS/IPS, firewalls, etc., determining vulnerabilities in these systems and using them to break into a secured system without being dis- covered. The course also focuses on providing an understanding and usage of a variety of tools. • Understanding the target audience • Rules of engagement • Communication escalation path • Resources and requirements Domain 1: Planning and Scoping 1.1 Explain the importance of planning for an engagement. - Confidentiality of findings - Known vs. unknown • Budget • Impact analysis and remediation timelines • Disclaimers • Technical constraints • Support resources - Point-in-time assessment - Comprehensiveness - WSDL/WADL - SOAP project file - XSD - Sample application requests A PT Advanced Penetration Testing
www.infosectrain.com | sales@infosectrain.com 06 - SOW - MSA - NDA - SDK documentation - Swagger document - Architectural diagrams • Contracts - Obtain signature from proper signing authority - Third-party provider authorization when necessary • Written authorization Advanced pentest: InfosecTrain APT Domain 1: Planning and Scoping - Export restrictions - Local and national government restrictions - Corporate policies • Environmental differences 1.2 Explain key legal concepts. 1.3 Explain the importance of scoping an engagement properly. - Red team • Types of assessment - Goals-based/objectives-based - Compliance-based - Supply chain • Special scoping considerations - Premerger • Threat actors - Adversary tier - APT - Script kiddies - Hacktivist - Insider threat - Capabilities - Intent - Threat models - Supply chain • Target selection - Targets - Internal - On-site vs. off-site - External - First-party vs. third-party hosted - Physical - Users - SSIDs - Applications - Considerations - White-listed vs. black-listed - Security exceptions
www.infosectrain.com | sales@infosectrain.com 07 1.4 Explain the key aspects of compliance-based assessments. • Risk acceptance • Tolerance to impact • Scheduling • Scope creep • Strategy - Black box vs. white box vs. gray box - IPS/WAF whitelist - NAC - Certificate pinning - Company’s policies • Compliance-based assessments, limitations, and caveats - Rules to complete assessment - Password policies - Data isolation - Key management - Limitations - Limited network access - Limited storage access • Clearly defined objectives based on regulations Advanced pentest: InfosecTrain APT Domain 1: Planning and Scoping
www.infosectrain.com | sales@infosectrain.com 08 • Scanning • Enumeration - Hosts - Networks - Domains - Users - Groups - Network shares • Eavesdropping - RF communication monitoring • Packet crafting • Packet inspection • Fingerprinting • Cryptography - Certificate inspection - Web pages - Applications - Services - Tokens - Social networking sites Domain 2: Information Gathering and Vulnerability Identification 2.1 Given a scenario, conduct information gathering using appropriate techniques. 2.2 Given a scenario, perform a vulnerability scan. - Sources of research - CERT - NIST - JPCERT - CAPEC - Full disclosure - CVE - CWE • Decompilation • Debugging • Open Source Intelligence Gathering - Sniffing - Wired - Wireless • Credentialed vs. non-credentialed • Types of scans - Discovery scan - Full scan - Stealth scan - Compliance scan • Container security • Application scan - Dynamic vs. static analysis Advanced pentest: InfosecTrain APT Domain 2: Information gathering and vulnerability identification
www.infosectrain.com | sales@infosectrain.com 09 • Considerations of vulnerability scanning - Time to run scans - Protocols used - Network topology - Bandwidth limitations - Query throttling - Fragile systems/non-traditional assets • Asset categorization • Adjudication • Prioritization of vulnerabilities • Common themes 2.3 Given a scenario, analyze vulnerability scan results. - False positives - Vulnerabilities - Observations - Lack of best practices • Map vulnerabilities to potential exploits • Prioritize activities in preparation for penetration test • Describe common techniques to complete attack 2.4 Explain the process of leveraging information to prepare for exploitation. - Cross-compiling code - Exploit modification - Exploit chaining - Proof-of-concept development (exploit development) - Social engineering - Credential brute forcing - Dictionary attacks - Rainbow tables - Deception • ICS • SCADA • Mobile • IoT • Embedded • Point-of-sale system • Biometrics • Application containers • RTOS 2.5 Explain weaknesses related to specialized systems. Advanced pentest: InfosecTrain APT Domain 2: Information gathering and vulnerability identification
www.infosectrain.com | sales@infosectrain.com 10 • Phishing - Spear phishing - SMS phishing - Voice phishing - Whaling Domain 3: Attacks and Exploits 3.1 Compare and contrast social engineering attacks. • Elicitation • Interrogation • Impersonation • Shoulder surfing • USB key drop • Motivation techniques - Business email compromise • Name resolution exploits • SMB exploits • SNMP exploits • SMTP exploits • FTP exploits • DNS cache poisoning • Pass the hash • Man-in-the-middle • DoS/stress test • NAC bypass • VLAN hopping - NETBIOS name service - ARP spoofing - Replay - Relay - SSL stripping - Downgrade - LLMNR 3.2 Given a scenario, exploit network-based vulnerabilities. - Authority - Scarcity - Social proof - Urgency - Likeness - Fear Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
www.infosectrain.com | sales@infosectrain.com 11 • Cross-site request forgery (CSRF/XSRF) • Clickjacking • Security misconfiguration • File inclusion - Local - Remote • Unsecure code practices - Comments in source code - Lack of error handling - Overly verbose error handling - Hard-coded credentials - Race conditions - Unauthorized use of functions/unprotected APIs - Hidden elements - Sensitive information in the DOM - Lack of code signing - Directory traversal - Cookie manipulation • OS vulnerabilities - Windows - Mac OS - Linux - Android - iOS 3.5 Given a scenario, exploit local host vulnerabilities. • Authorization - Parameter pollution - Insecure direct object reference • Cross-site scripting (XSS) - Stored/persistent - Reflected - DOM 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities. • Injections - SQL - HTML - Command - Code • Authentication - Credential brute forcing - Session hijacking - Redirect - Default credentials - Weak credentials - Kerberos exploits Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
www.infosectrain.com | sales@infosectrain.com 12 • Default account settings • Sandbox escape - Shell upgrade - VM - Container • Physical device security - Cold boot attack - JTAG debug - Serial console - Windows-specific - Cpassword - Clear text credentials in LDAP - Kerberoasting - Credentials in LSASS - Unattended installation - Unquoted service paths - Writable services - Unsecure file/folder permissions - Keylogger - Scheduled tasks - Kernel exploits • Piggybacking/tailgating • Fence jumping • Dumpster diving • Lock picking • Lock bypass • Egress sensor • Badge cloning 3.6 Summarize physical security attacks related to facilities. • Lateral movement - RPC/DCOM - PsExec - WMI - Scheduled tasks - PS remoting/WinRM - SMB • Persistence - Scheduled jobs - Scheduled tasks - Daemons - Back doors - Trojan - New user creation 3.7 Given a scenario, perform post-exploitation techniques. • Unsecure service and protocol configurations • Privilege escalation - Linux-specific - SUID/SGID programs - Unsecure SUDO - Ret2libc - Sticky bits - SAM database - DLL hijacking - Exploitable services Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
www.infosectrain.com | sales@infosectrain.com 13 - RDP - Apple Remote Desktop - VNC - X-server forwarding - Telnet - SSH - RSH/Rlogin • Covering your tracks Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
www.infosectrain.com | sales@infosectrain.com 14 • SYN scan (-sS) vs. full connect scan (-sT) • Port selection (-p) • Service identification (-sV) • OS fingerprinting (-O) • Disabling ping (-Pn) • Target input file (-iL) • Timing (-T) • Output parameters 4.1 Given a scenario, use Nmap to conduct information gathering exercises. • Use cases - Reconnaissance - Enumeration -oA -oN -oG -oX 4.2 Compare and contrast various use cases of tools. (**The intent of this objective is NOT to test specific vendor feature sets.) Domain 4: Penetration Testing Tools - Vulnerability scanning - Credential attacks - Offline password cracking - Brute-forcing services - Persistence - Configuration compliance - Evasion - Decompilation - Forensics - Debugging - Software assurance - Fuzzing - SAST - DAST - WinDBG - IDA - Software assurance - Findbugs/findsecbugs - Peach - Dynamo - AFL - SonarQube - YASCA - OSINT • Tools - Scanners - Nikto - OpenVAS - SQLmap - Nessus - Credential testing tools - Hashcat - Shodan - Maltego - Recon-NG - Censys - Wireless - Aircrack-NG - Kismet - WiFite Advanced pentest: InfosecTrain APT Domain 4: Penetration testing tools
www.infosectrain.com | sales@infosectrain.com 15 - Hping - Mobile tools - Androzer - APKX - APK studio - MISC - Searchsploit - Powersploit - Responder - Impacket - Empire - Metasploit framework - Medusa - Hydra - Cewl - John the Ripper - Cain and Abel - Mimikatz - Patator - Dirbuster - W3AF - Debuggers - OLLYDBG - Immunity debugger - GDB - Whois - Nslookup - Foca - Theharvester - Web proxies - OWASP ZAP - Burp Suite - Social engineering tools - SET - BeEF - Remote access tools - SSH - NCAT - NETCAT - Proxychains - Networking tools - Wireshark • Password cracking • Pass the hash • Setting up a bind shell • Getting a reverse shell • Proxying a connection • Uploading a web shell • Injections 4.3 Given a scenario, analyze tool output or data related to a penetration test. Advanced pentest: InfosecTrain APT Domain 4: Penetration testing tools
www.infosectrain.com | sales@infosectrain.com 16 • Logic • Common operations • Error handling • Arrays • Encoding/decoding • Substitutions • Variables 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell). - Looping - Flow control - String operations - Comparisons • I/O - File vs. terminal vs. network Advanced pentest: InfosecTrain APT Domain 4: Penetration testing tools
www.infosectrain.com | sales@infosectrain.com 17 • Course Introduction and Overview • Active Directory Overview • Physical, Logical Active Directory Components • Building Active Directory Lab 5.1 Active Directory Pentest • Introduction • LLMNR Poisoning Overview • Capturing NTLMv2 Hashes with Responder • Password Cracking with Hashcat • LLMNR Poisoning Defenses 5.2 Attacking Active Directory • Introduction • Pass the Hash / Password Overview • Cracking NTLM Hashes with Hashcat • Pass the Hash Attacks • Kerberoasting Overview • Kerberoasting Walkthrough • Kerberoasting Mitigation • Mimikatz Overview • Credential Dumping with Mimikatz 5.3 Post-Compromise Attacks Domain 5: Active Directory Pentest Advanced pentest: InfosecTrain APT Domain 5: Active directory pentest
www.infosectrain.com | sales@infosectrain.com 18 6.1 Given a scenario, use report writing and handling best practices. • Normalization of data • Written report of findings and remediation Domain 6: Reporting and Communication • Post-engagement cleanup • Client acceptance • Lessons learned • Follow-up actions/retest • Attestation of findings 6.2 Explain post-report delivery activities. - Removing shells - Removing tester-created credentials - Removing tools • Solutions 6.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities. - People - Process - Technology • Findings - Shared local administrator credentials - Weak password complexity - Plain text passwords - No multifactor authentication - SQL injection - Unnecessary open services • Risk appetite • Storage time for report • Secure handling and disposition of reports - Executive summary - Methodology - Findings and remediation - Metrics and measures - Risk rating - Conclusion Advanced pentest: InfosecTrain APT Domain 6: Reporting and communication
www.infosectrain.com | sales@infosectrain.com 19 • Remediation - Randomize credentials/LAPS - Minimum password requirements/password filters - Encrypt the passwords - Implement multifactor authentication - Sanitize user input/parameterize queries - System hardening • Communication path • Communication triggers 6.4 Explain the importance of communication during the penetration testing process. - Critical findings - Stages - Indicators of prior compromise • Reasons for communication • Goal reprioritization - Situational awareness - De-escalation - De-confliction Advanced pentest: InfosecTrain APT Domain 6: Reporting and communication
www.infosectrain.com | sales@infosectrain.com 20 • Introduction to Mitre ATT&CK - MITRE ATT&CK – Cyber Attack Lifecycle - Intro to attack.mitre.org - Pyramid of pain • Playing with Mitre - MITRE’s ATT&CK Matrix - MITRE’s ATT&CK Navigator • Testing with Caldera - Getting Started with Caldera - Automating Adversary Emulation • Atomic Red Team Test for MITRE-ATT&CK - Starting with Atomic Red Team - Running Test based on Mitre Framework This penetration testing course is specific to Active Directory. It focuses on strengthening the AD fundamental concepts. The course further provides an understanding and hands-on of various attacks performed on active directories along with post-compromise enumeration, attack and exploitation techniques. MITRE ATT&CK Red Teaming
www.infosectrain.com | sales@infosectrain.com 21 Linux Stack Smashing • Introduction to the basics of Linux stack overflow vulnerabilities and the require debugging toolset • Linux fundamentals • stack overflow exploitation • Linux exploit mitigations related to stack overflow exploitation • Understanding Return Oriented Programming • Learning how to write Linux shellcode from scratch, including cases such as Egghunting, encoding, etc. Exploit Development : Customized EXPLOIT DEVELOPMENT
www.infosectrain.com | sales@infosectrain.com 22 • Understanding Standard and regulatory framework • Fundamental principles of information security • Information Security Management System (ISMS) • Understanding Audit Principals • Understanding Onsite Audit Activities • Closing an Audit ISO 27001 Fundamental /PCI-DSS
sales@infosectrain.com | www.infosectrain.com

Recommended

5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeCaleb Jenkins
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 

Recommended

5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeCaleb Jenkins
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scalePriyanka Aash
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 

More Related Content

What's hot

The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scalePriyanka Aash
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 

What's hot (19)

The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Application security
Application securityApplication security
Application security
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps World
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
Application Security
Application SecurityApplication Security
Application Security
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scale
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 

Similar to Offensive cyber security engineer updated

Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)Rogerio Ferraz
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problemskiansahafi
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppttashon2
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 

Similar to Offensive cyber security engineer updated (20)

Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppt
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 

More from InfosecTrain

Csa certification training
Csa certification trainingCsa certification training
Csa certification trainingInfosecTrain
 
Csa certification training
Csa certification trainingCsa certification training
Csa certification trainingInfosecTrain
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la trainingInfosecTrain
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la trainingInfosecTrain
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la trainingInfosecTrain
 
Iso 27001 lead implementer training
Iso 27001 lead implementer trainingIso 27001 lead implementer training
Iso 27001 lead implementer trainingInfosecTrain
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystInfosecTrain
 
Aws top 50 interview questions
Aws top 50 interview questionsAws top 50 interview questions
Aws top 50 interview questionsInfosecTrain
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationInfosecTrain
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
AZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec TrainAZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec TrainInfosecTrain
 
Google Cloud Certifications @ Infosectrain
Google Cloud Certifications @ InfosectrainGoogle Cloud Certifications @ Infosectrain
Google Cloud Certifications @ InfosectrainInfosecTrain
 
How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...InfosecTrain
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?InfosecTrain
 

More from InfosecTrain (18)

Csa certification training
Csa certification trainingCsa certification training
Csa certification training
 
Csa certification training
Csa certification trainingCsa certification training
Csa certification training
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la training
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la training
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la training
 
Iso 27001 lead implementer training
Iso 27001 lead implementer trainingIso 27001 lead implementer training
Iso 27001 lead implementer training
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
 
Aws top 50 interview questions
Aws top 50 interview questionsAws top 50 interview questions
Aws top 50 interview questions
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
AZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec TrainAZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec Train
 
Google Cloud Certifications @ Infosectrain
Google Cloud Certifications @ InfosectrainGoogle Cloud Certifications @ Infosectrain
Google Cloud Certifications @ Infosectrain
 
How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?
 

Recently uploaded

URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Recently uploaded (20)

URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 

Offensive cyber security engineer updated

  • 1. www.infosectrain.com | sales@infosectrain.com OFFENSIVE CYBER SECURITY ENGINEER TRAINING PROGRAM 120 hrs of instructor-led Live Online training Exam voucher included for EC-Council CEH Make you ready for face-off Extra Doubt clearing sessions Hands on lab
  • 2. www.infosectrain.com | sales@infosectrain.com 01 Offensive Cyber Security Expert MITRE ATT&CK ISO 27001 Fundamental/PCI-DSS Job Interview Preparation You start here Advanced Penetration Testing Exploit Development Basics (Python Shell Script) Review entire job skill set Certified Ethical Hacker (CEH) Learning Path
  • 3. www.infosectrain.com | sales@infosectrain.com 02 Tools covered Offensive Cyber Security Engineer SUBLIST3r XSS-LOADER sqlmap
  • 4. www.infosectrain.com | sales@infosectrain.com 03 What are the career benefits of this training program? In order to land into a good job as an Offensive Security Engineer analyst must have a 360-degree view of the cybersecurity domains that comprise a wide vari- ety of components and technology. We have bundled all the Skill Sets into this Offensive Cyber Security Engineer’s program. What skills will you learn? At the end of this Master Certificate in Cyber Security Program, you will be equipped with the following skillsets: Pre-Requisite • Offensive Security Engineering course • Prior knowledge of Basic Networking Protocols, OS fundamental, Linux basics is recommended. Master advanced hacking concepts to manage information security efficiently. Writing your own custom codes. Understanding the windows and Linux environment more closely. Understand the corporate infrastructure at a different level Design security architecture and framework for a secure IT operation.
  • 5. www.infosectrain.com | sales@infosectrain.com 04 Security Fundamentals : Eccouncil CEH / CEH (Practical) This course would be covering the essentials of security, touching base on se- curity terminologies, various attack methodologies and techniques used by offenders/hackers in the real world. Advancing forward, it also covers in-depth, various aspects of the cybersecurity field. The course also provides hands-on experience on various industrial tools used for these purposes. Module 01: Introduction to Ethical Hacking Module 02: Footprinting and Reconnaissance Module 03: Scanning Networks Module 04: Enumeration Module 05: Vulnerability Analysis Module 06: System Hacking Module 07: Malware Threats Module 08: Sniffing Module 09: Social Engineering Module 10: Denial-of-Service Module 11: Session Hijacking Module 12: Evading IDS, Firewalls, and Honeypots Module 13: Hacking Web Servers Module 14: Hacking Web Applications Module 15: SQL Injection Module 16: Hacking Wireless Networks Module 17: Hacking Mobile Platforms Module 18: IoT Hacking Module 19: Cloud Computing Module 20: Cryptography CEH YEAR 2020
  • 6. www.infosectrain.com | sales@infosectrain.com 05 Advanced Pentest : InfosecTrain APT This is an advanced level course designed by experts for InfosecTrain. The course imparts a very high level of understanding of various components of infrastruc- ture, including OS, IDS/IPS, firewalls, etc., determining vulnerabilities in these systems and using them to break into a secured system without being dis- covered. The course also focuses on providing an understanding and usage of a variety of tools. • Understanding the target audience • Rules of engagement • Communication escalation path • Resources and requirements Domain 1: Planning and Scoping 1.1 Explain the importance of planning for an engagement. - Confidentiality of findings - Known vs. unknown • Budget • Impact analysis and remediation timelines • Disclaimers • Technical constraints • Support resources - Point-in-time assessment - Comprehensiveness - WSDL/WADL - SOAP project file - XSD - Sample application requests A PT Advanced Penetration Testing
  • 7. www.infosectrain.com | sales@infosectrain.com 06 - SOW - MSA - NDA - SDK documentation - Swagger document - Architectural diagrams • Contracts - Obtain signature from proper signing authority - Third-party provider authorization when necessary • Written authorization Advanced pentest: InfosecTrain APT Domain 1: Planning and Scoping - Export restrictions - Local and national government restrictions - Corporate policies • Environmental differences 1.2 Explain key legal concepts. 1.3 Explain the importance of scoping an engagement properly. - Red team • Types of assessment - Goals-based/objectives-based - Compliance-based - Supply chain • Special scoping considerations - Premerger • Threat actors - Adversary tier - APT - Script kiddies - Hacktivist - Insider threat - Capabilities - Intent - Threat models - Supply chain • Target selection - Targets - Internal - On-site vs. off-site - External - First-party vs. third-party hosted - Physical - Users - SSIDs - Applications - Considerations - White-listed vs. black-listed - Security exceptions
  • 8. www.infosectrain.com | sales@infosectrain.com 07 1.4 Explain the key aspects of compliance-based assessments. • Risk acceptance • Tolerance to impact • Scheduling • Scope creep • Strategy - Black box vs. white box vs. gray box - IPS/WAF whitelist - NAC - Certificate pinning - Company’s policies • Compliance-based assessments, limitations, and caveats - Rules to complete assessment - Password policies - Data isolation - Key management - Limitations - Limited network access - Limited storage access • Clearly defined objectives based on regulations Advanced pentest: InfosecTrain APT Domain 1: Planning and Scoping
  • 9. www.infosectrain.com | sales@infosectrain.com 08 • Scanning • Enumeration - Hosts - Networks - Domains - Users - Groups - Network shares • Eavesdropping - RF communication monitoring • Packet crafting • Packet inspection • Fingerprinting • Cryptography - Certificate inspection - Web pages - Applications - Services - Tokens - Social networking sites Domain 2: Information Gathering and Vulnerability Identification 2.1 Given a scenario, conduct information gathering using appropriate techniques. 2.2 Given a scenario, perform a vulnerability scan. - Sources of research - CERT - NIST - JPCERT - CAPEC - Full disclosure - CVE - CWE • Decompilation • Debugging • Open Source Intelligence Gathering - Sniffing - Wired - Wireless • Credentialed vs. non-credentialed • Types of scans - Discovery scan - Full scan - Stealth scan - Compliance scan • Container security • Application scan - Dynamic vs. static analysis Advanced pentest: InfosecTrain APT Domain 2: Information gathering and vulnerability identification
  • 10. www.infosectrain.com | sales@infosectrain.com 09 • Considerations of vulnerability scanning - Time to run scans - Protocols used - Network topology - Bandwidth limitations - Query throttling - Fragile systems/non-traditional assets • Asset categorization • Adjudication • Prioritization of vulnerabilities • Common themes 2.3 Given a scenario, analyze vulnerability scan results. - False positives - Vulnerabilities - Observations - Lack of best practices • Map vulnerabilities to potential exploits • Prioritize activities in preparation for penetration test • Describe common techniques to complete attack 2.4 Explain the process of leveraging information to prepare for exploitation. - Cross-compiling code - Exploit modification - Exploit chaining - Proof-of-concept development (exploit development) - Social engineering - Credential brute forcing - Dictionary attacks - Rainbow tables - Deception • ICS • SCADA • Mobile • IoT • Embedded • Point-of-sale system • Biometrics • Application containers • RTOS 2.5 Explain weaknesses related to specialized systems. Advanced pentest: InfosecTrain APT Domain 2: Information gathering and vulnerability identification
  • 11. www.infosectrain.com | sales@infosectrain.com 10 • Phishing - Spear phishing - SMS phishing - Voice phishing - Whaling Domain 3: Attacks and Exploits 3.1 Compare and contrast social engineering attacks. • Elicitation • Interrogation • Impersonation • Shoulder surfing • USB key drop • Motivation techniques - Business email compromise • Name resolution exploits • SMB exploits • SNMP exploits • SMTP exploits • FTP exploits • DNS cache poisoning • Pass the hash • Man-in-the-middle • DoS/stress test • NAC bypass • VLAN hopping - NETBIOS name service - ARP spoofing - Replay - Relay - SSL stripping - Downgrade - LLMNR 3.2 Given a scenario, exploit network-based vulnerabilities. - Authority - Scarcity - Social proof - Urgency - Likeness - Fear Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
  • 12. www.infosectrain.com | sales@infosectrain.com 11 • Cross-site request forgery (CSRF/XSRF) • Clickjacking • Security misconfiguration • File inclusion - Local - Remote • Unsecure code practices - Comments in source code - Lack of error handling - Overly verbose error handling - Hard-coded credentials - Race conditions - Unauthorized use of functions/unprotected APIs - Hidden elements - Sensitive information in the DOM - Lack of code signing - Directory traversal - Cookie manipulation • OS vulnerabilities - Windows - Mac OS - Linux - Android - iOS 3.5 Given a scenario, exploit local host vulnerabilities. • Authorization - Parameter pollution - Insecure direct object reference • Cross-site scripting (XSS) - Stored/persistent - Reflected - DOM 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities. • Injections - SQL - HTML - Command - Code • Authentication - Credential brute forcing - Session hijacking - Redirect - Default credentials - Weak credentials - Kerberos exploits Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
  • 13. www.infosectrain.com | sales@infosectrain.com 12 • Default account settings • Sandbox escape - Shell upgrade - VM - Container • Physical device security - Cold boot attack - JTAG debug - Serial console - Windows-specific - Cpassword - Clear text credentials in LDAP - Kerberoasting - Credentials in LSASS - Unattended installation - Unquoted service paths - Writable services - Unsecure file/folder permissions - Keylogger - Scheduled tasks - Kernel exploits • Piggybacking/tailgating • Fence jumping • Dumpster diving • Lock picking • Lock bypass • Egress sensor • Badge cloning 3.6 Summarize physical security attacks related to facilities. • Lateral movement - RPC/DCOM - PsExec - WMI - Scheduled tasks - PS remoting/WinRM - SMB • Persistence - Scheduled jobs - Scheduled tasks - Daemons - Back doors - Trojan - New user creation 3.7 Given a scenario, perform post-exploitation techniques. • Unsecure service and protocol configurations • Privilege escalation - Linux-specific - SUID/SGID programs - Unsecure SUDO - Ret2libc - Sticky bits - SAM database - DLL hijacking - Exploitable services Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
  • 14. www.infosectrain.com | sales@infosectrain.com 13 - RDP - Apple Remote Desktop - VNC - X-server forwarding - Telnet - SSH - RSH/Rlogin • Covering your tracks Advanced pentest: InfosecTrain APT Domain 3: Attacks and Exploits
  • 15. www.infosectrain.com | sales@infosectrain.com 14 • SYN scan (-sS) vs. full connect scan (-sT) • Port selection (-p) • Service identification (-sV) • OS fingerprinting (-O) • Disabling ping (-Pn) • Target input file (-iL) • Timing (-T) • Output parameters 4.1 Given a scenario, use Nmap to conduct information gathering exercises. • Use cases - Reconnaissance - Enumeration -oA -oN -oG -oX 4.2 Compare and contrast various use cases of tools. (**The intent of this objective is NOT to test specific vendor feature sets.) Domain 4: Penetration Testing Tools - Vulnerability scanning - Credential attacks - Offline password cracking - Brute-forcing services - Persistence - Configuration compliance - Evasion - Decompilation - Forensics - Debugging - Software assurance - Fuzzing - SAST - DAST - WinDBG - IDA - Software assurance - Findbugs/findsecbugs - Peach - Dynamo - AFL - SonarQube - YASCA - OSINT • Tools - Scanners - Nikto - OpenVAS - SQLmap - Nessus - Credential testing tools - Hashcat - Shodan - Maltego - Recon-NG - Censys - Wireless - Aircrack-NG - Kismet - WiFite Advanced pentest: InfosecTrain APT Domain 4: Penetration testing tools
  • 16. www.infosectrain.com | sales@infosectrain.com 15 - Hping - Mobile tools - Androzer - APKX - APK studio - MISC - Searchsploit - Powersploit - Responder - Impacket - Empire - Metasploit framework - Medusa - Hydra - Cewl - John the Ripper - Cain and Abel - Mimikatz - Patator - Dirbuster - W3AF - Debuggers - OLLYDBG - Immunity debugger - GDB - Whois - Nslookup - Foca - Theharvester - Web proxies - OWASP ZAP - Burp Suite - Social engineering tools - SET - BeEF - Remote access tools - SSH - NCAT - NETCAT - Proxychains - Networking tools - Wireshark • Password cracking • Pass the hash • Setting up a bind shell • Getting a reverse shell • Proxying a connection • Uploading a web shell • Injections 4.3 Given a scenario, analyze tool output or data related to a penetration test. Advanced pentest: InfosecTrain APT Domain 4: Penetration testing tools
  • 17. www.infosectrain.com | sales@infosectrain.com 16 • Logic • Common operations • Error handling • Arrays • Encoding/decoding • Substitutions • Variables 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell). - Looping - Flow control - String operations - Comparisons • I/O - File vs. terminal vs. network Advanced pentest: InfosecTrain APT Domain 4: Penetration testing tools
  • 18. www.infosectrain.com | sales@infosectrain.com 17 • Course Introduction and Overview • Active Directory Overview • Physical, Logical Active Directory Components • Building Active Directory Lab 5.1 Active Directory Pentest • Introduction • LLMNR Poisoning Overview • Capturing NTLMv2 Hashes with Responder • Password Cracking with Hashcat • LLMNR Poisoning Defenses 5.2 Attacking Active Directory • Introduction • Pass the Hash / Password Overview • Cracking NTLM Hashes with Hashcat • Pass the Hash Attacks • Kerberoasting Overview • Kerberoasting Walkthrough • Kerberoasting Mitigation • Mimikatz Overview • Credential Dumping with Mimikatz 5.3 Post-Compromise Attacks Domain 5: Active Directory Pentest Advanced pentest: InfosecTrain APT Domain 5: Active directory pentest
  • 19. www.infosectrain.com | sales@infosectrain.com 18 6.1 Given a scenario, use report writing and handling best practices. • Normalization of data • Written report of findings and remediation Domain 6: Reporting and Communication • Post-engagement cleanup • Client acceptance • Lessons learned • Follow-up actions/retest • Attestation of findings 6.2 Explain post-report delivery activities. - Removing shells - Removing tester-created credentials - Removing tools • Solutions 6.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities. - People - Process - Technology • Findings - Shared local administrator credentials - Weak password complexity - Plain text passwords - No multifactor authentication - SQL injection - Unnecessary open services • Risk appetite • Storage time for report • Secure handling and disposition of reports - Executive summary - Methodology - Findings and remediation - Metrics and measures - Risk rating - Conclusion Advanced pentest: InfosecTrain APT Domain 6: Reporting and communication
  • 20. www.infosectrain.com | sales@infosectrain.com 19 • Remediation - Randomize credentials/LAPS - Minimum password requirements/password filters - Encrypt the passwords - Implement multifactor authentication - Sanitize user input/parameterize queries - System hardening • Communication path • Communication triggers 6.4 Explain the importance of communication during the penetration testing process. - Critical findings - Stages - Indicators of prior compromise • Reasons for communication • Goal reprioritization - Situational awareness - De-escalation - De-confliction Advanced pentest: InfosecTrain APT Domain 6: Reporting and communication
  • 21. www.infosectrain.com | sales@infosectrain.com 20 • Introduction to Mitre ATT&CK - MITRE ATT&CK – Cyber Attack Lifecycle - Intro to attack.mitre.org - Pyramid of pain • Playing with Mitre - MITRE’s ATT&CK Matrix - MITRE’s ATT&CK Navigator • Testing with Caldera - Getting Started with Caldera - Automating Adversary Emulation • Atomic Red Team Test for MITRE-ATT&CK - Starting with Atomic Red Team - Running Test based on Mitre Framework This penetration testing course is specific to Active Directory. It focuses on strengthening the AD fundamental concepts. The course further provides an understanding and hands-on of various attacks performed on active directories along with post-compromise enumeration, attack and exploitation techniques. MITRE ATT&CK Red Teaming
  • 22. www.infosectrain.com | sales@infosectrain.com 21 Linux Stack Smashing • Introduction to the basics of Linux stack overflow vulnerabilities and the require debugging toolset • Linux fundamentals • stack overflow exploitation • Linux exploit mitigations related to stack overflow exploitation • Understanding Return Oriented Programming • Learning how to write Linux shellcode from scratch, including cases such as Egghunting, encoding, etc. Exploit Development : Customized EXPLOIT DEVELOPMENT
  • 23. www.infosectrain.com | sales@infosectrain.com 22 • Understanding Standard and regulatory framework • Fundamental principles of information security • Information Security Management System (ISMS) • Understanding Audit Principals • Understanding Onsite Audit Activities • Closing an Audit ISO 27001 Fundamental /PCI-DSS