Practical training in the field of information security: Corporate Laboratories 2016, reboot

I will start with a short joke, which can be rather well projected on the subject of information security:

- Do newspaper ads produce results?
- Of course! On Monday, an announcement came out that we were looking for the watchman, and on Wednesday we were robbed.

“To protect yourself from hackers, you need to be able to think and act like a hacker. Otherwise, it is impossible to understand what is a vulnerability that can help an attacker to overcome your protection systems, and what is not. ”

In mid-2014, we launched the first “Corporate Laboratories”, the essence of which was to provide the most relevant knowledge in the field of practical information security: methodology, methods, tools for finding vulnerabilities, as well as developing the most effective countermeasures. For a year and a half, the program has been significantly updated and supplemented with “hardcore” material in the form of an “Expert” module. With new fares available on the website .
')
We decided to publish part of the obsolete “Corporate Labs 2015” entries of the “Standard” module (the module, in its essence, is an introduction to the program). Please note that webinars (theoretical training) make up only 20% of the program, the remaining 80% are practical training in laboratories that are as close as possible to the corporate networks of real companies.

Luka Safonov, Actual Attack Vectors, BYOD and APT.

Content of the webinar: review of external, internal and mixed man-made threats to information security. Advanced persistent threats (targeted attacks) - the most sophisticated modern attack scenarios, their goals and consequences.

Vladimir Korennoy. Building effective information security systems.

Content of the webinar: audit capabilities in Windows and Linux systems, disadvantages and ways to eliminate them. Building a scheme for guaranteed event saving. IDS architecture.

Alexander Dmitrenko. Intercepter-NG as a unique tool for conducting automated network attacks.

The content of the webinar: a brief overview of the most vivid and unique features of the Intercepter-NG tool, the interface, auxiliary functionality (such as port scanning, ARP cage, ARP watch and much more) are discussed in detail.
Special attention is paid to various man-in-the-middle attacks and recovery of various data from traffic (files, passwords and hashes).

Alexey Bychutkin. Web Security: The nature of SQL injection, XSS basics, and tools for exploiting web vulnerabilities.

Content of the webinar: analysis of the nature of the two most common vulnerabilities: SQL injection and Cross Site Scripting. Also discussed are various tools that significantly simplify and accelerate testing of web applications.



Designed for professionals who want to receive information security training “here and now, Pentestit Corporate Laboratories is unique in its format, quality of material and availability of specialized resources. In addition to the strongest practical training, the course includes webinars that are comparable in level to the material of professional information security conferences.

You can view demo recordings of new webinars on our Youtube channel .

Let me remind you that the main preparation is carried out in specialized laboratories. To get a general idea of ​​practical laboratories, take part in " Test lab v.8 ", which is a bit similar in composition to "Corporate laboratories". Participation in the "Test lab" for free. See you soon!