August 19, 2015 at 13:37Training in the field of practical information security: “Corporate laboratories”. New set
You have to pay for security, and pay for its absence. Winston Churchill.
Recruitment into new groups of Corporate Laboratories has opened. It is a unique training program in the field of practical safety from PENTESTIT in Russia and the CIS. The uniqueness of the Corporate Laboratories lies in the symbiosis of the training format, the quality of the material and the specialized resources on which training is carried out. In addition to the strongest practical training, the program includes interesting webinar courses comparable in level with the material of professional practical safety conferences. Start date: October 11, 2015
If there are no obligatory coordination of programs with different instances, they allow the material to be actualized with each set, so the Corporate Laboratories include at the time of training the most advanced techniques and tools for finding and exploiting vulnerabilities, as well as the most effective protection tools.
Program feature
The essence of the training program is to obtain practical skills for ensuring information security and is achieved as follows:
- Before the start of training, the specialist gets access to the personal account, in which he gets acquainted with colleagues, the instructors and the curator, receives methodological material and prepares a specialized distribution;
- on weekends, students attend online webinars (theoretical training), at which PENTESTIT instructors demonstrate various tools and penetration testing techniques, familiarize themselves with the legislation of the Russian Federation and international experience in the field of cybercrime investigation, and also demonstrate the best practices in providing information security.
- on weekdays, in their free time, experts consolidate the knowledge gained in practice, as well as acquire new ones. It is practical training that allows us to understand the essence of vulnerabilities, methods and tools for their search and exploitation, and also allows us to teach how to think and act like an attacker. It is these skills that allow you to implement the most effective mechanisms for ensuring information security. Throughout the learning process, students have the support of a curator who monitors the progress of training and provides support.
"PENTESTIT Corporate Laboratories" is a whole system of training specialists in the field of safety practice, including:
- The program is built on the principle: 20% of theory (webinars) and 80% of practice (work in a pentest laboratory);
- webinars are read by specialists with extensive practical experience in the field of information security;
- all laboratories are developed on the basis of vulnerabilities discovered as a result of the pentest of real companies in anonymous form;
- Throughout the entire learning process, the group is accompanied by a curator who helps, if necessary, to cope with the task. It is important to note that the main task of the curator is not to explain the implementation, but to teach to think in such a way as to understand the task and deal with it independently;
- with each new set (approximately once every 1.5 months), the material is processed and updated, which allows you to keep the program up to date at the time of training;
- All resources used in the programs (personal account, webinar site and laboratories) are PENTESTIT's own development and are implemented taking into account all the needs of students.
Modularity
The training program includes three modules: “Standard”, “Profi” and “Expert”. The modularity of the program lies in the fact that, for example, having completed training on the module "Pro", you can visit the module "Expert", paying the difference between the modules. This approach allows everyone to continue their studies without re-passing the material.
The Standard module is an introduction to the Corporate Laboratories. In contrast to “Zero Security: A” - ethical hacking courses for beginners, providing initial training, the “Standard” module is the basic material of both ethical hacking and information security.
Additional Information
Basic training includes a superficial familiarization with the material of the “Pro” module and combines both a cycle of webinar courses of the most relevant areas of information security and provides for practical training according to the level of the material studied. “Standard” is suitable for beginners with initial IS skills and is a necessary basis for obtaining training in the “Pro” module.
Course duration: 2-3 weeks, cost: 30 000 rubles.
- Information security legislation in Russia and abroad;
- Penetration testing (methods; types; tools);
- Network security (scanning; configuration errors; operation; post-operation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (background; overview of existing IDS);
- "Intercepter-NG";
- Securing the acquired skills in practice: CTF-tasks and examination laboratory. Execution of the corporate network pentest.
Course duration: 2-3 weeks, cost: 30 000 rubles.
The “Pro” module is a continuation of the “Standard” program, which includes advanced methods of “attack” and “defense”. In this module, the material is analyzed in more detail, the number of examples of methods and tools of both the pentester and the information security specialist has been significantly increased.
Additional Information
Professional training, which includes the material of the Standard module and is its continuation.
Compared with the Standard, Profi provides deep theoretical and practical training due to a significant increase in the volume of the material under consideration (methods, techniques and attack vectors), as well as the number and complexity of practical tasks. The level of training of specialists undergoing training in the module “Profi” is many times higher than in the “Standard”.
In addition, the training provides training not only for technical specialists, but also for ordinary employees, allowing them to prepare for a PCI DSS compliance audit. The Profi module is perfect for both novice specialists with minimal knowledge in the field of information security and experienced professionals who want to improve their skills in the field of practical information security.
Course duration: 3-4 weeks, cost: 60,000 rubles.
Compared with the Standard, Profi provides deep theoretical and practical training due to a significant increase in the volume of the material under consideration (methods, techniques and attack vectors), as well as the number and complexity of practical tasks. The level of training of specialists undergoing training in the module “Profi” is many times higher than in the “Standard”.
In addition, the training provides training not only for technical specialists, but also for ordinary employees, allowing them to prepare for a PCI DSS compliance audit. The Profi module is perfect for both novice specialists with minimal knowledge in the field of information security and experienced professionals who want to improve their skills in the field of practical information security.
- Information security legislation in Russia and abroad;
- Penetration testing (methods; types; tools);
- Network security (scanning; configuration errors; operation; post-operation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (background; overview of existing IDS);
- "Intercepter-NG";
- Enhanced network security (techniques for conducting MITM attacks using modern tools; advanced methods for searching for vulnerabilities in network infrastructure);
- Advanced Workshop on SQLi (DBMS MySQL; DBMS MSSQL; DBMS PostgreSQL);
- Advanced Workshop on XSS (Demonstration of the most relevant varieties of XSS);
- Building effective information security systems (setting up and demonstration of specialized utilities and methods);
- A master class from guests of the “Corporate Laboratories” (presentation of a report by a visiting expert in the field of information security. The opportunity to talk and ask questions to the speaker);
- Securing the acquired skills in practice: CTF-tasks and examination laboratory. Execution of the corporate network pentest.
Course duration: 3-4 weeks, cost: 60,000 rubles.
The entire "hardcore" program, in its composition comparable to the material of specialized conferences on practical safety, is concentrated in the Expert module. In addition to material on the post-operation of systems, the module contains material on the investigation of cybercrime and countering cybercriminals.
Additional Information
An expert level of training, including the material of the module “Profi” and which is its continuation.
The Expert module is a unique lesson that is identical in level to the material that can only be heard in professional practical safety forums. In addition, “Expert” includes training in the field of computer forensics and combating violations, allowing not only an internal investigation of computer crimes, but also correctly collect evidence for transmission to law enforcement agencies.
The Expert module, which includes the materials of the Standard and the Pro, is designed both for beginners in the field of information security and system administrators, allowing you to gradually consolidate skills in the field of computer security, and for professionals, allowing you to gain expert skills on modern threats and methods countering them in the field of information security.
Course duration: 4-5 weeks, cost: 100,000 rubles.
The Expert module is a unique lesson that is identical in level to the material that can only be heard in professional practical safety forums. In addition, “Expert” includes training in the field of computer forensics and combating violations, allowing not only an internal investigation of computer crimes, but also correctly collect evidence for transmission to law enforcement agencies.
The Expert module, which includes the materials of the Standard and the Pro, is designed both for beginners in the field of information security and system administrators, allowing you to gradually consolidate skills in the field of computer security, and for professionals, allowing you to gain expert skills on modern threats and methods countering them in the field of information security.
- Information security legislation in Russia and abroad;
- Penetration testing (methods; types; tools);
- Network security (scanning; configuration errors; operation; post-operation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (background; overview of existing IDS);
- "Intercepter-NG";
- Enhanced network security (techniques for conducting MITM attacks using modern tools; advanced methods for searching for vulnerabilities in network infrastructure);
- Advanced Workshop on SQLi (DBMS MySQL; DBMS MSSQL; DBMS PostgreSQL);
- Advanced Workshop on XSS (Demonstration of the most relevant varieties of XSS);
- Building effective information security systems (setting up and demonstration of specialized utilities and methods);
- A master class from guests of the “Corporate Laboratories” (presentation of a report by a visiting expert in the field of information security. The opportunity to talk and ask questions to the speaker);
- Expert level of post-operation and privilege escalation in Linux (gathering information about the system; privilege escalation - exploits, "SUID", "Race conditions", etc .; collecting credentials and securing the system; hiding traces; working in " Metasploit Framework);
- Expert level of post-operation and privilege escalation in Windows (analysis of a compromised system; exploitation of vulnerabilities and configuration errors in the system and third-party applications; bypass of “UAC”; methods of file transfer; extracting passwords in clear text; “pass-the-hash”);
- Investigation of cybercrimes (reconstruction of an attacker's actions; collection of evidence, its points; data collection for transfer to law enforcement agencies; rules for dumping RAM memory and analysis, use of specialized utilities; analysis of file systems; determination of possible consequences and damage assessment; use of "HoneyPot"; countering data collection, antiphenics);
- Securing the acquired skills in practice: CTF-tasks and examination laboratory. Execution of the corporate network pentest.
Course duration: 4-5 weeks, cost: 100,000 rubles.
Unknown troubles disturb most of all. Seneca.
Classes at PENTESTIT allow you to understand the psychology of an attacker, to master modern techniques and tools for penetration testing. Understanding what is a threat to information security and what is not allows you to develop the most effective protection mechanisms. In addition, training programs lay quality vectors for further development, and thanks to an intensive program and high-quality material, training at Corporate Laboratories allows you to quickly obtain modern knowledge in the field of practical safety. Learn more and sign up for the course at the following link: pentestit.ru .