Zero Security: A - Beginner Ethical Hacking Courses

One of the main areas of PENTESTIT is the development of specialized initial ( Zero Security: A ) and professional ( Corporate Laboratories ) training programs in the field of information security. Regardless of the training programs, their key features are relevant material and practical training in pentest laboratories, making up 80% of the total program of the course. In this article we will examine several examples of practical tasks "Zero Security: A".

Most of the specialists undergoing training are current employees of information security departments, system administrators or technical specialists who wish to improve their professional level in the field of practical information security.
')

Intelligence and information gathering

One of the clear signs of an attack is external research of resources. As a rule, such attacks are recorded in the event logs of intrusion detection systems, firewalls, etc., allowing you to determine the source of the attack, as well as prepare for its reflection. Such hacking methods are typical for inexperienced offenders, while an experienced attacker will try to go unnoticed for as long as possible, collecting the necessary information from various sources.

It is the information gathered at the first stage that often can help create an effective attack scenario for penetrating the corporate network. Understanding how an attacker can do this helps trainees in Zero Security: A investigate the resources they protect “outside” and try to identify critical information: using search queries ( google dork ) to find the “bottlenecks” of the website containing important information files, backups, cached versions of pages. Using AXFR-requests (utility dig) to identify subdomains, which may contain vulnerable, test or older versions of sites.

Armed with the Maltego framework, as well as using online services - netcraft , whoistory and others to collect a huge layer of information about the domain of interest, and using The harvester utility - to collect data about users (email) and DNS-domain records. Using such tools allows an attacker to obtain a large amount of information for analysis, while not interacting directly with the system being attacked, thus remaining unnoticed by technical personnel.

Having found an authorization form on the website (personal account, admin panel, web interface of the mail server), the intruder can perform a socio-technical attack: using the urlcrazy utility , find the domain that is suitable for phishing, create a payload using The Social-Engineer Toolkit and distribute it to pre-assembled e-mail addresses or profiles of company employees, allowing you to translate the attack into the active phase without directly affecting the object. Intelligence and information gathering is one of the important stages of penetration testing, and the result of the attack itself may depend on how professional an attacker can produce it. Being able to produce a qualified information gathering, the specialists undergoing training in Zero Security: A will be able to get ahead of the attacker, ensuring the security of the company's information system.

Conclusion

In order to successfully resist intruders, it is necessary to know well the methods and tools of work, which is extremely difficult, given their rapid development. With each new set, the material is recycled, which allows the program to be kept up to date at the time of its implementation. Learn more and sign up can be the link: "Zero Security: A" .