Sikkerhetskurs for IT
Du har valgt: Websikkerhet


5 dager 30 000 kr
22 Mar
14 Jun
This course is just a great workshop that teaches how to implement securing technologies one at a time. [+]
This course is just a great workshop that teaches how to implement securing technologies one at a time. The course covers all aspects of Windows infrastructure security that everybody talks about and during the course you will learn how to implement them! Our goal is to teach you how to design and implement secure infrastructures based on the reasonable balance between security and comfort with great knowledge of attacker’s possibilities. This is a deep dive course on infrastructure services security, a must-go for enterprise administrators, security officers and architects. It is delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions. In this workshop you will investigate the critical tasks for a high-quality penetration test. We will look at the most efficient ways to map a network and discover target systems and services. Once it has been done, we will search for vulnerabilities and reduce false positives with manual vulnerability verification. At the end we will look at exploitation techniques, including the use of authored and commercial tools. In the attack summary we will always go through the securing techniques.   Exploits are not the only way to get to systems! We will go through the operating systems’ build in problems and explore how they can be beneficial for hackers! One of the most important things to conduct a successful attack is to understand how the targets work. To the bones! Afterwards everything is clear and the tool is just a matter of our need. The course covers all aspects of Windows infrastructure security from the hacker’s mind perspective! Our goal is to show and teach you what kind of mechanisms are allowing to get inside the infrastructure and how to get into operating systems. After the course you will gain penetration tester’s knowledge and tools. To get more practice we offer three extra weeks of labs online! All exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux. This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions!   Course content: Module 1: Hacking Windows Platform a) Detecting unnecessary servicesb) Misusing service accountsc) Implementing rights, permissions and privileges  Module 2: Top 50 tools: the attacker's best friends a) Practical walkthrough through toolsb) Using tools against scenariosc) Tools for Red Team / Pentestersd) Tools for Blue Team Module 3: Modern Malware a) Techniques used by modern malwareb) Advanced Persistent Threatsc) Fooling common protection mechanisms Module 4: Physical Access a) Misusing USB and other portsb) Offline Access techniquesc) BitLocker unlocking Module 5: Intercepting Communication a) Communicating through firewallsb) Misusing Remote Accessc) DNS based attacks Module 6: Hacking Web Server a) Detecting unsafe serversb) Hacking HTTPSc) Distributed Denial of Service attacks Module 7: Data in-Security a) Using incorrect file servers’ configurationb) Basic SQL Server attacksc) Detecting and attacking common network servers Module 8: Identity attacks a) Pass-the-Hash attacksb) Stealing the LSA Secretsc) Modern identity attacks techniques Module 9: Hacking automation a) Misusing administrative scriptsb) Script based scanningc) PowerShell for pen-testers Module 10: Designing Secure Windows Infrastructure a) Modern attacks and prevention techniquesb) Malware execution preventionc) Enterprise scale security challenges Module 11: Securing Windows Platform a) Defining and disabling unnecessary servicesb) Implementing secure service accountsc) Implementing rights, permissions and privilegesd) Code signing Module 12: Malware Protection a) Malware investigation techniquesb) Analyzing cases of real malwarec) Implementing protection mechanisms Module 13: Managing Physical Security a) Mitigating Offline Accessb) Implementing and managing BitLocker Module 14: Public Key Infrastructure Security a) Role and capabilities of the PKI in the infrastructureb) Designing PKI architecture overviewc) PKI security – Best practices Module 15: Securing Network Communication a) Deploying and managing Windows Firewall – advanced and useful featuresb) Deploying and configuring IPsecc) Deploying DNS and DNSSEC Module 16: Securing Web Server a) Configuring IIS features for securityb) Working with SSL Certificate Supportc) Monitoring Web Server resources and performanced) Deploying Distributed Denial of Service attack preventione) Deploying Network Load Balancing and Web FarmsModule Module 17: Mitigating the identity attacks a) Pass-the-Hash attack preventionb) LSA protection c) Credential Guard [-]
Les mer
2 dager 14 900 kr
This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. [+]
The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base. This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.    Course Outline Day 1 Introduction The reality What might an attacker want? Social Engineering  HTTPS Man-in-the-middle attacks Certificates Certificate pinning Securing cookies HTTP Strict Transport Security header  Encoding Character encoding Unicode Encoding  Cross Site Scripting Stored XSS Reflected XSS DOM Based XSS XSS Preventions  Content Security Policy Headers and directives CSP Reporting  Cross site request forgery (CSRF) CSRF Prevention Synchronizer Token Pattern Double Submit Cookies  Injections SQL Injections File path injections  Authentication & Authorisation OAuth OpenID Connect Signed requests Form based authentication Securing the session Day 2 Denial-of-Service (DoS) attacks Network attacks Application level attacks Regular Expression attacks XML DoS attacks Decompression bombs  Password management Secure password storage Hashing Salt and pepper  Information leakage Error handling Source control leaks SQL Timing attacks Login timing attacks Response header leakage Search engine leakage Server leaks  Logging & monitoring Logging Monitoring Knowing when the site is under attack Honey pots  Attacking our site How can we start hacking our self Hacking tools  Penetration testing Hack your self   About the instructor: Tore Nestenius Tore has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.   [-]
Les mer
Nettkurs 4 timer 13 200 kr
08 Feb
Instructor-Led Virtual - Live Online Training - 4 halve dager 15.00 - 18.30 [+]
This course is intended for people in the fields of public cloud security and cybersecurity, or for anyone who wants to learn how to secure remote networks and mobile users. Successful completion of this two-day, instructor-led course will help enhance your understanding of how to better protect your applications, remote networks, and mobile users using a SASE implementation. You will get detailed instruction on configuring, managing, and troubleshooting Prisma Access in a production environment.   Target Audience Security Engineers, Security Administrators, Security Operations Specialists, Security Analysts, and Network Engineers    Course Modules 1 - Prisma Access Overview 2 - Planning and Design 3 - Activate and Configure 4 - Security Processing Nodes 5 - Panorama Operations for Prisma Access 6 - Remote Networks 7 - Mobile Users 8 - Tune, Monitor, and Troubleshoot 9 - Manage Multiple Tenants 10 - Next Steps [-]
Les mer

Lukk Denne siden benytter seg av informasjonskapsler (cookies).
Du kan fortsette å bruke siden som vanlig hvis du godtar dette. Les mer om bruk av informasjonskapsler i vår personvernerklæring.