March 18, 2015 at 09:07"PENTESTIT Corporate Laboratories" - practical training in the field of information security
Practical training in the field of information security: “Standard”, “Profi”, “Expert”. Updated program.
We are pleased to announce the next set of "Corporate penetration testing laboratories." The new program, in addition to the updated and most relevant theoretical and practical material, will include the unique material of the Expert tariff, in which we collected the “hardcore” practices of the Pentest and counteracting intruders - material of the level of professional conferences on practical security.
In addition to the unique program and training methodology, the additional advantages of the Corporate Labs program are fully distance learning and a flexible schedule that allows you to stay on the job.
Learning process
For comfortable and high-quality training, we abandoned third-party solutions and developed our own platform for distance learning, which includes a "My Account", "A platform for webinars" and "Specialized laboratories". Training takes place in groups of 10-15 people. Each group has a curator who oversees the entire learning process. If the curator notes difficulties in completing the laboratory or in completing a task, he will immediately offer his help to the student. Despite this approach, the curator always tries to give the opportunity to cope with the task on his own, accompanying the training with small tips.
Theoretical training
As before, theoretical training consists of online courses (webinars), where experienced PENTESTIT instructors share their knowledge with students. Among the instructors are experts in the field of practical information security with many years of experience, key speakers of international forums, authors of numerous articles on the Habré: Luke (@exitusletaris) Safonov, Ares (@Intercepter), Alexander (@ sinist3r) Dmitrenko, Vladimir Korennoy and others. As always, theoretical training is 20-30% of training and is an integral part of it.Program guests
In addition to the speech of our colleagues, recently we began to invite outside experts from the world of IT and information security as guests of the program. Such stars as Grigory Zemskov (Revision), Oleg Mikhaylsky (Acronis), Maxim Lagutin (SiteSecure) and Oleg Bondarenko (Qrator Labs) have already performed at the Corporate Laboratories. Sergey Rebz (@rebz), super-moderator of antichat.ru, head of rebz.net (audit.antichat.ru) will speak in the upcoming set of KL . Participants of the new set will be able to chat and ask Sergey their questions, and later, at the end of the course, we will post a video of Sergey’s speech in the public domain.Practical training
The main emphasis in training at KL is placed on practical training, which is unique in its kind and makes up 70-80% of training. All tasks received at webinar courses are mandatory fixed in practice under the guidance of an experienced curator. In addition, the final exam upon completion of training is the implementation of the pentest of a corporate computer network designed on the basis of networks of real companies. Pentest is regulated in time and allows you to make sure that the student has received knowledge in full.Studying programs
The training program is divided into modules \ tariffs: "Standard", "Pro" and "Expert", each of which is a continuation of the previous one. Thus, the Expert module includes the Standard, Profi program, as well as additional hardcore material.Training programs "KL"
"Standard"
"Pros"
"Expert"
- Information security legislation in Russia and abroad;
- Penetration testing (methods; types; tools);
- Network security (scanning; configuration errors; operation; post-operation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (background; overview of existing IDS);
- "Intercepter-NG";
- Securing the acquired skills in practice: CTF-tasks and examination laboratory. Execution of the corporate network pentest.
"Pros"
- Information security legislation in Russia and abroad;
- Penetration testing (methods; types; tools);
- Network security (scanning; configuration errors; operation; post-operation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (background; overview of existing IDS);
- "Intercepter-NG";
- Enhanced network security (techniques for conducting MITM attacks using modern tools; advanced methods for searching for vulnerabilities in network infrastructure);
- Advanced workshop on SQLi (DBMS MySQL; DBMS MSSQL; DBMS PostgreSQL);
- Advanced Workshop on XSS (Demonstration of the most relevant varieties of XSS);
- Building effective information security systems (setting up and demonstration of specialized utilities and methods);
- A master class from guests of the “Corporate Laboratories” (presentation of a report by a visiting expert in the field of information security. The opportunity to talk and ask questions to the speaker);
- Securing the acquired skills in practice: CTF-tasks and examination laboratory. Execution of the corporate network pentest.
"Expert"
- Information security legislation in Russia and abroad;
- Penetration testing (methods; types; tools);
- Network security (scanning; configuration errors; operation; post-operation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (background; overview of existing IDS);
- "Intercepter-NG";
- Enhanced network security (techniques for conducting MITM attacks using modern tools; advanced methods for searching for vulnerabilities in network infrastructure);
- Advanced workshop on SQLi (DBMS MySQL; DBMS MSSQL; DBMS PostgreSQL);
- Advanced Workshop on XSS (Demonstration of the most relevant varieties of XSS);
- Building effective information security systems (setting up and demonstration of specialized utilities and methods);
- A master class from guests of the “Corporate Laboratories” (presentation of a report by a visiting expert in the field of information security. The opportunity to talk and ask questions to the speaker);
- Expert level of post-operation and privilege escalation in Linux (gathering information about the system; privilege escalation - exploits, "SUID", "Race conditions", etc .; collecting credentials and securing the system; hiding traces; working in " Metasploit Framework);
- Expert level of post-operation and privilege escalation in Windows (analysis of a compromised system; exploitation of vulnerabilities and configuration errors in the system and third-party applications; bypass of “UAC”; methods of file transfer; extracting passwords in clear text; “pass-the-hash”);
- Investigation of cybercrimes (reconstruction of an attacker's actions; collection of evidence, its points; data collection for transfer to law enforcement agencies; rules for dumping RAM memory and analysis, use of specialized utilities; analysis of file systems; determination of possible consequences and damage assessment; use of "HoneyPot"; countering data collection, antiphenics);
- Securing the acquired skills in practice: CTF-tasks and examination laboratory. Execution of the corporate network pentest.
We invite you to visit our training programs in the field of practical information security - “Corporate penetration testing laboratories” that are unique in content and training methodology. See you soon!
Links:
You can find a comparison of training programs here ;
Find out the details of the training, its cost and enroll in the course here ;
You can view the recordings of the performance of the KL program guests here .