Courses on ethical hacking and penetration testing: updated program
If you are fond of information security and want to improve your skills in a short time, then the content of the article, most likely, will seem to you quite interesting. The article is an overview of the updated training programs in the field of practical information security from PENTESTIT.
Developing courses that are unique in their format and methods of training: “Zero Security: A” and “Corporate Laboratories” , we try to make the courses not only effective, but also convenient. The main difference between the training programs is that the first is designed for basic training in the field of ethical hacking, and the second - for professional training not only ethical hacking, but also building effective information security systems. In any case, even experienced specialists who visited the first program discover something new, not to mention Corporate Laboratories, which include material comparable in level with reports at professional hacker conferences. In addition, each set is updated with new material, which allows transmitting the most relevant information at the time of training to specialists undergoing training.
The uniqueness of the training programs lies in the symbiosis of the training format (fully distant, not requiring separation from work and study), the quality of the material and the specialized resources on which the training takes place.
')
As a rule, having listened to the courses, the specialist has the impression that the material is quite understandable. However, when performing practical tasks in the laboratory, there are problems associated with the application of the knowledge gained in "combat" conditions. It is necessary to link the psychology of the attacker with the methodology of pentest and knowledge of utilities - it is for these purposes that specialized laboratories are developed as part of training programs. The learning process itself takes place in stages and looks as follows: after each group of online webinars, the specialist performs practical tasks in a specialized CTF laboratory, thereby consolidating the knowledge gained in practice.
After all the tasks in the CTF lab are completed, the specialist is invited to perform the Pentest of this corporate network of the virtual company - the examination lab. It is important to note that webinars make up about 20% of the total training program, the remaining 80% are practice. Experience shows that it is precisely this ratio that makes it possible to produce the learning process as effectively as possible.
For the convenience of webinars, we abandoned the use of third-party solutions by developing our own webinar-platform Hypercube24, in which we tried to take into account all the wishes of the listeners. In addition to the smooth operation, the platform allows you to view webinars in HD mode.
On webinars, which are held on weekends, PENTESTIT employees share practical experience in the field of information security, as well as talk about modern methods and tools for penetration testing. The knowledge gained is consolidated in practice on weekdays. If a question arises, the listener can always ask his instructor and get a comprehensive answer.
All practical training takes place in specialized pentest laboratories developed on the basis of corporate networks of real companies, with their inherent vulnerabilities and configuration errors. Practical training takes place under the guidance of an experienced curator. It is important to note that the curator, first of all, tries to help the employee to understand the attack vector, and only as a last resort - will explain the process of completing the task. Of course, this method increases the time for searching and exploiting vulnerabilities, but it contributes to the acquisition of skills in full, understanding the process of actions of the attacker, developing unconventional thinking.
Thus, classes in PENTESTIT allow you to understand the psychology of the attacker, to master modern penetration testing techniques and tools. Understanding what can be a threat to systems and what is not, allows us to develop the most effective protection mechanisms. In addition, training programs lay qualitative vectors for the further development of employees.
References:
Zero Security: A - Internship Program for Beginners
"Corporate Laboratories" - training program
Comparison of training programs
"Test lab v.7" - free penetration testing lab
Guests of KL - performance of guests of "Corporate laboratories"
Developing courses that are unique in their format and methods of training: “Zero Security: A” and “Corporate Laboratories” , we try to make the courses not only effective, but also convenient. The main difference between the training programs is that the first is designed for basic training in the field of ethical hacking, and the second - for professional training not only ethical hacking, but also building effective information security systems. In any case, even experienced specialists who visited the first program discover something new, not to mention Corporate Laboratories, which include material comparable in level with reports at professional hacker conferences. In addition, each set is updated with new material, which allows transmitting the most relevant information at the time of training to specialists undergoing training.
The uniqueness of the training programs lies in the symbiosis of the training format (fully distant, not requiring separation from work and study), the quality of the material and the specialized resources on which the training takes place.
')
Theory or practice
As a rule, having listened to the courses, the specialist has the impression that the material is quite understandable. However, when performing practical tasks in the laboratory, there are problems associated with the application of the knowledge gained in "combat" conditions. It is necessary to link the psychology of the attacker with the methodology of pentest and knowledge of utilities - it is for these purposes that specialized laboratories are developed as part of training programs. The learning process itself takes place in stages and looks as follows: after each group of online webinars, the specialist performs practical tasks in a specialized CTF laboratory, thereby consolidating the knowledge gained in practice.
After all the tasks in the CTF lab are completed, the specialist is invited to perform the Pentest of this corporate network of the virtual company - the examination lab. It is important to note that webinars make up about 20% of the total training program, the remaining 80% are practice. Experience shows that it is precisely this ratio that makes it possible to produce the learning process as effectively as possible.
Webinars
For the convenience of webinars, we abandoned the use of third-party solutions by developing our own webinar-platform Hypercube24, in which we tried to take into account all the wishes of the listeners. In addition to the smooth operation, the platform allows you to view webinars in HD mode.
On webinars, which are held on weekends, PENTESTIT employees share practical experience in the field of information security, as well as talk about modern methods and tools for penetration testing. The knowledge gained is consolidated in practice on weekdays. If a question arises, the listener can always ask his instructor and get a comprehensive answer.
The demo of the program "Corporate Labs": Raising privileges in Linux. Race condition.
Practice
All practical training takes place in specialized pentest laboratories developed on the basis of corporate networks of real companies, with their inherent vulnerabilities and configuration errors. Practical training takes place under the guidance of an experienced curator. It is important to note that the curator, first of all, tries to help the employee to understand the attack vector, and only as a last resort - will explain the process of completing the task. Of course, this method increases the time for searching and exploiting vulnerabilities, but it contributes to the acquisition of skills in full, understanding the process of actions of the attacker, developing unconventional thinking.
Let's sum up
- The training program “Zero Security: A” is intended for beginners and contains the basis of ethical hacking, while “Corporate laboratories” are intended for professional training and include both penetration testing material and information on building secure information security systems from the basics to "hardcore";
- The training program includes theoretical (courses, webinars) and practical training (specialized laboratories), as well as methodological material. Practical training is about 80% of the total training program;
Thus, classes in PENTESTIT allow you to understand the psychology of the attacker, to master modern penetration testing techniques and tools. Understanding what can be a threat to systems and what is not, allows us to develop the most effective protection mechanisms. In addition, training programs lay qualitative vectors for the further development of employees.
References:
Zero Security: A - Internship Program for Beginners
"Corporate Laboratories" - training program
Comparison of training programs
"Test lab v.7" - free penetration testing lab
Guests of KL - performance of guests of "Corporate laboratories"
Source: https://habr.com/ru/post/257885/
All Articles