ABOUT THE PROGRAM
The course covers the following topics:
DON'T TOUCH THIS TAB
It’s important to improve the accordion’s behaviour
Reconnaissance
- The attack lifecycle
- OSINT and passive information gathering
- DNS enumeration
- Whois and other public resources
- Active scanning and host discovery
- Port scanning and service/OS fingerprinting
- Application vulnerability scanning (SMB, SNMP, LDAP, HTTP)
C2 Connections
- Reverse shell connections
- Bind shell connections
- Encrypting control connections
- Session management with Metasploit
- Evading detection
Web Application Hacking
- Penetration testing and web applications
- Meet the Web stack
- Profiling Web servers
- Data store injections (SQLi, NoSQL)
- Client-side injections (XSS, CSRF)
- Detecting OS command injections
- File inclusion vulnerabilities (LFI/RFI)
- HTTP parameter pollution
- Insecure Direct Object References
- XML external entity injection (XXE)
- Attacking deserializers
- Server-side request forgery (SSRF)
- Flaws in cryptographic implementations
- Web app testing methodology
MS Domain and Active Directory Attacks
- Dive into PowerShell and WMI
- Active Directory enumeration
- Uncovering hidden and hard-to-find attack paths
- Abusing MS services
- Domain privilege escalation
- Domain persistence and backdooring
- Cross-forest persistence and trust attacks
Reverse Engineering and Binary Exploitation
- Introduction to ASM x86
- The PE format and WinAPI
- Working with debuggers
- Practical Assembly
- Introduction to IDA
- Reversing unknown binary with IDA
Final Enterprise Hacking Challenge
- Multi-machine, multi-segment domain challenge
- Server exploitation vectors
- Client exploitation vectors
- Post-exploitation and Lateral Movement
- Security evasion
- Data exfiltration
Don't touch this tab
ABOUT CYBERPRO
About CYBERPRO was founded in cooperation with international information security and instruction authorities who bring to Israel world-leading cyber training technologies and a learning experience of the highest standard available today.
The partners include the IITC group which has been training graduates for the high tech industry for over 20 years, and was selected as the training center for the Cisco Company in Israel.
CYBERPRO’s advanced, sought-after training courses in the areas of infrastructures, information security and cyber are world famous. These training courses were developed by some of the best cyber experts in the world, for international security organizations that emphasize the high training capabilities, the professional learning methods and the unique training and practice technologies. Our connection with international groups allows our students to be exposed to unique employment opportunities in Israel and abroad.
The training and learning tracks are all based much hands-on practice and preparation for the industry and profession requirements, so they include technological labs and practice sessions using one of the most advanced simulators in the world.
COURSE INFO
Target audience
- Infrastructure and/or application penetration testers,
- Red teams
- Vulnerability researchers
- Graduates of the Cyber Essentials program
Prerequisites
- Advanced knowledge of Windows operating systems and domain services
- Advanced knowledge of Linux/Unix operating systems
- Advanced knowledge of TCP/IP protocols
- Basic programming skills
- Familiarity with Internet technologies e.g. HTTP, HTML, CSS, JavaScript, SQL, PHP, node.js
- Familiarity with Windows and/or Linux internals is advantageous
- Experience programming with C and/or x86 ASM is advantageous
Skills Gained
- Collecting intel on the network using relevant sources
- Web application penetration testing
- Infrastructure penetration testing
- Using reverse engineering and binary exploitation