Corporate laboratories - an actual training program for information security specialists

The main factors affecting the development of the IS market, as before, are the increasing number of incidents that disrupt business processes. In the light of this, the growth of interest in such services as the construction of information security systems, as well as the creation of incident and continuity management systems, is quite understandable.

The number and level of information threats is increasing every day, respectively, information security systems, their implementation and operation, as well as the requirements for information security specialists to counter modern threats, are becoming increasingly difficult.

Developing the Corporate Laboratories courses, which are unique in their format and methodology of training, help to fill in the missing knowledge and improve their skills in building an effective system for protecting information systems from unauthorized intruders. Even experienced professionals who have visited our training programs discover something new. The uniqueness of the program lies not only in the actual practical material, but also in the methodology of training with the use of resources specifically developed for this program.
')
The course program compares favorably with foreign analogues in its relevance - the adaptation and translation of the most well-known Western training programs takes quite a long time and lags in relevance by about a year.

Learning process

Training takes place completely remotely, and consists of 20% of the theoretical part and 80% of practical (in the form of a specially designed unique penetration testing laboratory). The theoretical part is presented in the form of webinars, in full interactive with the instructor. Throughout the training program there is an opportunity to get acquainted with the videos of past webinars to better consolidate the material. All webinars are supplemented with detailed manuals. As a bonus to the final webinar, we invite famous people from the world of practical information security to share interesting material, best practices or practical cases.

The learning process takes place in stages and looks as follows: the specialist after each group of online webinars performs practical tasks in a specialized penetration testing laboratory, thereby consolidating the knowledge gained in practice.

Throughout the training, the group is accompanied by a curator, who promptly helps the students with all the questions that arise.

After all tasks in the practical laboratory are successfully completed, the specialist is invited to perform the final testing.

The uniqueness of the courses is also in the ability to act as an attacker, which can radically change the idea of ​​the effective construction of protection systems. The emphasis of training is put on the practice of the actions of specialists, which is 80% of the training. In 20% of the material, we put the most up-to-date information on the tools of modern attacks, exploitation of hacking tools and recently recorded vectors and hacker attacks scenarios.

New program

With each set, our specialists update the training material on the basis of trends in the development of modern threats and means of countering intruders. In the current recruitment program, we have included updated material on the following topics:

“Actual attack vectors: APT” - a large amount of new material has appeared, incl. ProjectSauron - a means of attacking state institutions of the Russian Federation, analysis of data leakage and tools Equation Group.

“Actual attack vectors: BYOD” - new vulnerabilities and attack vectors, for example, Quadrooter (~ 900.000.000 Android devices are vulnerable).

“Post-operation in Windows systems. Powershell ”Today, PowerShell is a platform for realizing unlimited practical possibilities. Both for system administration and offensive information security. We should not forget that attackers are increasingly using built-in OS functionality, and they are less and less trying to load their own toolkit. Therefore, you just need to at least know and be able to use at least the basic capabilities of PowerShell in today's extremely dynamic world.

Special attention also deserves the fact that for a long time anti-virus products did not pay attention to malicious PowerShell scripts. Now the situation has already begun to change, but bypassing the proactive defense systems is still quite simple.

“Current vulnerabilities of modern web systems.” Now developers are trying to add as many different functionalities as possible to their web applications and now web applications are often complex systems with various components. In parallel with the development and sophistication of web applications, old attack vectors were modified, and, not least, new ones appeared. It is also important to note that it is not always possible to find vulnerabilities simply by scanning the web application with various scanners.

"Forsenzyk mobile devices." Quite an urgent topic, now in mobile devices is stored and processed a large amount of critical data - from personal mail to online banking and details of access to the corporate network. Therefore, it is necessary to have an idea of ​​the structure of applications, the security architecture in mobile operating systems and security features.

As an example, we suggest that you familiarize yourself with the video of building an encrypted command control via DNS using the dnscat2 utility:

Summary

Realizing the criticality of protecting the internal perimeter of the systems, the seriousness of the consequences of unauthorized access to confidential information and the depth of responsibility that falls on the information security specialists, we have developed a special training program Pentestit Corporate Laboratories, the uniqueness of which lies in the symbiosis of the training format, the quality of the material and the specialized resources on which training is made:

• training is built on the principle: 20% of theory (webinars) and 80% of practice (work in pentest laboratories). Experience shows that it is this ratio that allows you to produce the most effective learning process .;
• webinars are read by specialists with rich practical experience in the field of information security;
• all laboratories are developed on the basis of modern vulnerabilities discovered as a result of pentest of real companies in an impersonal form;
• Throughout the learning process, the group is accompanied by a curator who helps to cope with the task if the need arises. It is important to note that the main task of the curator is not to explain the implementation, but to teach how to think in order to cope with the task independently;
• each new set includes updated and updated material that allows you to keep the program up to date at the time of training;
• All resources used in the programs (personal office, webinar site and laboratories) are Pentestit's own development and are tailored to all the needs of students.

Thus, corporate laboratories make it possible in the shortest possible time to understand the psychology of an attacker, to master modern penetration testing techniques and tools. Understanding what can be a threat to systems and what is not, allows us to develop the most effective protection mechanisms. In addition, training programs lay qualitative vectors for the further development of employees.

We invite professionals who wish to improve their skills and level of knowledge for the Pentestit Corporate Laboratories training courses .

Duration 29 days. The closest course 02.10.2016.