Corporate laboratories - an up-to-date training program for information security specialists

    image

    The main factors affecting the development of the information security market, as before, are the increasing number of incidents that disrupt the functioning of business processes. In light of this, the growing interest in such services as the construction of information security systems, as well as the creation of incident management systems and continuous operation, is quite understandable.

    The number and level of information threats is increasing every day, respectively, information security systems, their implementation and operation, as well as requirements for information security specialists to counter current threats, are becoming more and more difficult.

    By developing Corporate Lab courses that are unique in their format and teaching methods, our specialists help to fill in the missing knowledge and improve their skills in building an effective system for protecting information systems from unauthorized attacks by attackers. Even experienced professionals who have visited our training programs discover something new. The uniqueness of the program lies not only in the actual practical material, but also in the training methodology using resources specially developed for this program.

    The course program compares favorably with its foreign counterparts in its relevance - the adaptation and translation of the most famous Western training programs takes quite a long time and is about a year late in relevance.

    Learning process


    The training takes place completely remotely, and consists of 20% of the theoretical part and 80% of the practical part (in the form of a specially developed unique penetration testing laboratory). The theoretical part is presented in the form of webinars, in full interactivity with the instructor. Throughout the training program, there is the opportunity to familiarize yourself with the videos of past webinars to better consolidate the material. All webinars are supplemented by detailed teaching aids. As a bonus to the final webinar, we invite famous people from the world of practical information security to share interesting material, insights or practical cases.

    The training process is carried out in stages and looks as follows: a specialist, after each group of online webinars, performs practical tasks in a specialized penetration testing laboratory, thereby consolidating the knowledge gained in practice.

    Throughout the training, the group is accompanied by a curator who promptly helps students with all the questions that arise.

    After all the tasks in the practical laboratory are successfully completed, the specialist is invited to perform the final test.

    The uniqueness of the courses also lies in the ability to act as an attacker, which can fundamentally change the idea of ​​the effective construction of security systems. The emphasis on training is put into practice by the actions of specialists, which is 80% of the training. In 20% of the material, we put the most relevant information about modern attack tools, exploitation of hacking tools and recently recorded vectors and hacker attack scenarios.

    New program


    With each set, our specialists update the training material based on the development trends of modern threats and means of countering attackers. In the current recruitment program, we included updated material on the following topics:

    “Actual attack vectors: APT” - a large number of new material appeared, including ProjectSauron - a tool for attacking state institutions of the Russian Federation, analysis of data leakage and Equation Group tools.

    “Actual attack vectors: BYOD” - new vulnerabilities and attack vectors, for example Quadrooter (~ 900,000,000 Android devices are vulnerable).

    “Post-exploitation in Windows systems. Powershell »Today, PowerShell is a platform for delivering practical, endless possibilities. Both for system administration, and for offensive information security. We must not forget that attackers are increasingly using the functionality built into the OS, and less and less trying to load their own tools. Therefore, you just need to at least know and be able to use at least the basic features of PowerShell in today's extremely dynamic world.

    Special attention also deserves the fact that for a long time anti-virus products did not pay attention to malicious PowerShell scripts at all. Now the situation has already begun to change, but bypassing proactive defense systems is still fairly straightforward.

    “Actual vulnerabilities of modern web systems.” Now developers are trying to add as much different functionality to their web applications as possible and often now web applications are complex systems that include various components. In parallel with the development and complication of web applications, the old attack vectors were modified, and, importantly, new ones appeared. It is also important to note that it is not always possible to find vulnerabilities simply by scanning the web application with various scanners.

    “Forensics of mobile devices.” A rather relevant topic, now a large amount of critical data is stored and processed in mobile devices - from personal mail to online banking and access details to the corporate network. Therefore, it is necessary to have an understanding of application structures, security architecture in mobile OS and security features.

    As an example, we suggest that you familiarize yourself with the video on building an encrypted command control via DNS using the dnscat2 utility:



    Summary


    Recognizing the criticality of protecting the internal perimeter of systems, the seriousness of the consequences of unauthorized access to confidential information and the depth of responsibility that lies with information security experts, we have developed a special training program, Pentestit Corporate Labs, which is unique in its symbiosis of training format, material quality and specialized resources on which training is carried out:

    • training is based on the principle: 20% of theory (webinars) and 80% of practice (work in a pentest laboratory). Experience shows that it is precisely this ratio that allows the most efficient production of the learning process .;
    • webinars are read by specialists with rich practical experience in the field of information security;
    • all laboratories are developed on the basis of modern vulnerabilities discovered as a result of the pentest of real companies in anonymous form;
    • Throughout the learning process, the group is accompanied by a curator who helps to cope with the task, if necessary. It is important to note that the main task of the curator is not to explain the implementation, but to teach to think in such a way as to cope with the task independently;
    • each new set includes updated and supplemented material, which allows you to keep the program up to date at the time of training;
    • All resources used in the programs (personal account, webinar site and laboratories) are Pentestit's own development and are implemented taking into account all the needs of students.

    Thus, corporate laboratories make it possible to quickly understand the psychology of an attacker, to master modern penetration testing techniques and tools. Understanding what can be a threat to systems and what doesn't, allows you to develop the most effective protection mechanisms. In addition, training programs lay quality vectors for the further development of employees.

    We invite professionals who want to improve their skills and knowledge in the Pentestit Corporate Labs training courses .

    Duration 29 days. The nearest course is 10/02/2016.

    Also popular now: