Training in the field of practical information security: "Corporate laboratories". New set
You need to pay for security, and for its absence - to pay. Winston Churchill.
A set of new corporate laboratories groups has been opened - a unique training program in practical safety from PENTESTIT in Russia and the CIS. The uniqueness of the Corporate Laboratories lies in the symbiosis of the training format, the quality of the material and the specialized resources on which the training is carried out. In addition to the strongest practical training, the program includes interesting webinar courses, comparable in level to the material of professional conferences on practical security. Starting date: 10/11/2015
Lack of mandatory program coordination with various instances allow material to be materialized with each set, so Corporate Labs include the most advanced techniques and tools for searching and operating vulnerabilities, as well as the most effective protection tools.
')
Feature of the program
The essence of the training program is the acquisition of practical skills to ensure information security and is achieved as follows:
- before starting the training, the specialist gets access to a personal account in which to get acquainted with colleagues, instructors and the curator, receives methodical material and prepares a specialized distribution kit;
- On weekends, students attend online webinars (theoretical training), where PENTESTIT instructors demonstrate various tools and penetration testing techniques, familiarize themselves with Russian legislation and international experience in cybercrime investigations, and demonstrate the best security practices.
- on weekdays, in their free time, experts reinforce their knowledge in practice, and also acquire new ones. It is practical training that allows us to understand the essence of vulnerabilities, methods and tools for their search and operation, and also allows us to teach how to think and act like an intruder. It is these skills that make it possible to implement the most effective information security mechanisms. Throughout the learning process, students have the support of a curator who monitors the progress of the training and provides support.
PENTESTIT Corporate Laboratories is a whole system of training specialists in the field of practical safety, including:
- the program is based on the principle: 20% of theory (webinars) and 80% of practice (work in pentest laboratories);
- webinars are read by specialists with extensive practical experience in the field of information security;
- all laboratories are developed on the basis of vulnerabilities discovered as a result of pentest of real companies in an impersonal form;
- Throughout the entire learning process, the group is accompanied by a curator who helps, if necessary, to cope with the task. It is important to note that the main task of the curator is not to explain the implementation, but to teach how to think in such a way as to understand the task and cope with it independently;
- with each new set (about once every 1.5 months), the material is processed and updated, which allows you to keep the program up to date at the time of training;
- All resources used in the programs (personal account, webinar-site and laboratories) are PENTESTIT's own development and are implemented taking into account all the needs of students.
Modularity
The training program includes three modules: "Standard", "Profi" and "Expert". The modularity of the program lies in the fact that, for example, having completed training in the “Profi” module, you can visit the “Expert” module, paying the difference between the modules. This approach allows everyone to continue learning without re-passing the material.
The Standard module is an introductory part in Corporate Laboratories. Unlike “Zero Security: A” - ethical hacking courses for beginners that provide basic training, the “Standard” module is a basic material of both ethical hacking and information security.
Additional Information
Basic training includes superficial familiarization with the material of the Profi module and combines both a cycle of webinar courses and the most relevant areas of information security and provides for practical training according to the level of the material being studied. "Standard" is suitable for beginners with initial skills in information security, and is a necessary basis for obtaining professional training in the "Profi" module.
Course duration: 2-3 weeks, cost: 30,000 rubles.
- Legislation in the field of information security in Russia and abroad;
- Penetration testing (methods; views; toolkit);
- Network security (scanning; configuration errors; exploitation; post-exploitation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (introductory information; review of existing IDS);
- Intercepter-NG;
- Strengthening the skills acquired in practice: CTF-tasks and an examination laboratory. Performance of a pentest of a corporate network.
Course duration: 2-3 weeks, cost: 30,000 rubles.
The “Pros” module is a continuation of the “Standard” program, which includes advanced methods of “attack” and “defense”. In this module, the material is analyzed in more detail, the number of examples of methods and tools, both pentester and information security specialist, has been significantly increased.
Additional Information
Professional training, which includes the material of the “Standard” module and is its continuation.
Compared with the "Standard", "Profi" provides deep theoretical and practical training due to a significant increase in the volume of the material in question (methods, techniques and attack vector), as well as the number and complexity of practical tasks. The level of training of specialists undergoing training in the “Profi” module is several times higher than in the “Standard”.
In addition, the training provides training not only for technical specialists, but also for ordinary employees, making it possible to prepare for the PCI DSS compliance audit. The “Profi” module is perfect for both novice specialists with minimal knowledge in the field of information security, as well as experienced specialists who wish to upgrade their skills in practical information security.
Course duration: 3-4 weeks, cost: 60,000 rubles.
Compared with the "Standard", "Profi" provides deep theoretical and practical training due to a significant increase in the volume of the material in question (methods, techniques and attack vector), as well as the number and complexity of practical tasks. The level of training of specialists undergoing training in the “Profi” module is several times higher than in the “Standard”.
In addition, the training provides training not only for technical specialists, but also for ordinary employees, making it possible to prepare for the PCI DSS compliance audit. The “Profi” module is perfect for both novice specialists with minimal knowledge in the field of information security, as well as experienced specialists who wish to upgrade their skills in practical information security.
- Legislation in the field of information security in Russia and abroad;
- Penetration testing (methods; views; toolkit);
- Network security (scanning; configuration errors; exploitation; post-exploitation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (introductory information; review of existing IDS);
- Intercepter-NG;
- Enhanced network security (MITM class techniques using modern tools; advanced methods for finding vulnerabilities in network infrastructure);
- Advanced Workshop on SQLi (MySQL DBMS; MSSQL DBMS; PostgreSQL DBMS);
- Advanced Workshop on XSS (Demonstration of the most current varieties of XSS);
- Building effective information security systems (setting up and demonstrating specialized utilities and methods);
- Master class from guests of Corporate Laboratories (presentation of a report by an invited expert in the field of information security. Opportunity to talk and ask questions to the speaker);
- Strengthening the skills acquired in practice: CTF-tasks and an examination laboratory. Performance of a pentest of a corporate network.
Course duration: 3-4 weeks, cost: 60,000 rubles.
The entire “hardcore” program, in its composition comparable to the material of relevant conferences on practical security, is concentrated in the “Expert” module. In addition to the material on the post-operation of systems, the module contains material on the investigation of cybercrime and countering cybercriminals.
Additional Information
Expert level of training, including the material of the module "Profi" and being its continuation.
The module "Expert" is a unique occupation, its level is identical to the material that can be heard only in professional forums on practical safety. In addition, “Expert” includes training in computer forensics and countering violations, allowing not only to conduct an internal investigation of computer crimes, but also to correctly assemble the evidence base for transmission to law enforcement agencies.
The “Expert” module, which includes the materials of the “Standard” and “Pros”, is designed for both beginners in the field of information security and system administrators, allowing them to gradually consolidate their computer security skills, as well as for professionals, allowing them to gain expert skills on modern threats and methods countering them in information security.
Course duration: 4-5 weeks, cost: 100,000 rubles.
The module "Expert" is a unique occupation, its level is identical to the material that can be heard only in professional forums on practical safety. In addition, “Expert” includes training in computer forensics and countering violations, allowing not only to conduct an internal investigation of computer crimes, but also to correctly assemble the evidence base for transmission to law enforcement agencies.
The “Expert” module, which includes the materials of the “Standard” and “Pros”, is designed for both beginners in the field of information security and system administrators, allowing them to gradually consolidate their computer security skills, as well as for professionals, allowing them to gain expert skills on modern threats and methods countering them in information security.
- Legislation in the field of information security in Russia and abroad;
- Penetration testing (methods; views; toolkit);
- Network security (scanning; configuration errors; exploitation; post-exploitation);
- Web security (the nature of SQL injection; XSS basics; an overview of tools for exploiting web vulnerabilities);
- Building effective information security systems (introductory information; review of existing IDS);
- Intercepter-NG;
- Enhanced network security (MITM class techniques using modern tools; advanced methods for finding vulnerabilities in network infrastructure);
- Advanced Workshop on SQLi (MySQL DBMS; MSSQL DBMS; PostgreSQL DBMS);
- Advanced Workshop on XSS (Demonstration of the most current varieties of XSS);
- Building effective information security systems (setting up and demonstrating specialized utilities and methods);
- Master class from guests of Corporate Laboratories (presentation of a report by an invited expert in the field of information security. Opportunity to talk and ask questions to the speaker);
- Expert level of post-operation and privilege elevation in Linux (collection of information about the system; privilege elevation — exploits, SUID, Race conditions, etc .; collecting credentials and attaching to the system; hiding traces; working in Metasploit Framework);
- Expert level of post-operation and elevation of privileges in Windows (analysis of a compromised system; exploitation of vulnerabilities and configuration errors in the system and third-party applications; bypass "UAC"; methods of transferring files; extracting passwords in open form; "pass-the-hash");
- Investigation of cybercrime (reconstruction of the attacker's actions; collection of evidence, his points; data collection for transfer to law enforcement agencies; rules for dumping RAM and analysis, use of specialized utilities; analysis of file systems; determination of possible consequences and damage assessment; use of HoneyPot; counteraction to data collection, antifungal);
- Strengthening the skills acquired in practice: CTF-tasks and an examination laboratory. Performance of a pentest of a corporate network.
Course duration: 4-5 weeks, cost: 100,000 rubles.
Unknown troubles are most troubling. Seneca.
Classes in PENTESTIT allow you to understand the psychology of the attacker, to master modern techniques and tools for penetration testing. Understanding what is a threat to IS and what is not allows you to develop the most effective protection mechanisms. In addition, training programs lay qualitative vectors for further development, and thanks to an intensive program and high-quality material, training in Corporate Laboratories makes it possible in a short time to acquire modern knowledge in practical safety. Learn more and sign up for the course at the following link: pentestit.ru .
Source: https://habr.com/ru/post/264827/
All Articles