Cyber Security

This class introduces the attendees with a wealth of hacking tools and techniques crucial in getting started in this dynamic field of hacking.
The class begins with laying a foundation for everyone by discussing the basic concepts and gradually builds up to the level where attendees not only use the tools and techniques to hack various components involved in infrastructure hacking, but also walk away with a solid understanding of the concepts on how these tools work and therefore ready to face the real world.

Class Outline

Module 1
Infrastructure Basics:

• TCP/IP Basics
• The Art of Port Scanning
• Target Enumeration
• Brute-Forcing
• Metasploit Basics
• Password Cracking

Module 2
Hacking Unix, Databases and Applications:

• Hacking Recent Unix Vulnerabilities
• Hacking Databases
• Hacking Application Servers
• Hacking Third Party Applications (WordPress, Joomla, Drupal)

Module 3
Hacking Windows:

• Windows Enumeration
• Hacking Recent Windows Vulnerabilities.
• Hacking Third Party Software (Browser, PDF, Java)
• Post Exploitation: Dumping Secrets
• Hacking Windows Domains

Trainer

Anant Shrivastava

[Background] An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra, Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.

[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.

[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.

[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.

◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting

◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack

◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec

◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017

Prerequisites

The only requirement for this class is that you must bring your own laptop and have admin/root access on it.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there.
We also provide a dedicated Kali VM to each attendee on the hacklab.
So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!

Advanced Infrastructure Hacking class is designed for those who wish to push their knowledge.
Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities
in your environment, understanding advanced hacking techniques is critical.
This class teaches the audience a wealth of advanced penetration testing techniques, from the neat, to the new, to the ridiculous, to compromise modern Operating Systems, networking devices and Cloud environments.
From hacking Domain Controllers to local root, to VLAN Hopping, to VoIP Hacking, to compromising Cloud account keys, we have got everything covered.

Class Outline

Module 6: Hacking *nix

• Enumeration
• AppLocker / Bypasses
• Privilege Escalation
• Post Exploitation
• Active Directory Delegation
• Lateral Movement
• Persistence Techniques

Module 7: Container Technologies (Docker & Kubernetes)
Module 8: VPN Hacking
Module 9: VoIP Hacking
Module 10: VLAN Hacking
Module 11: Cloud Pentesting

Trainer

Anant Shrivastava

[Background] An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra, Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.

[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.

[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.

[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.

◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting

◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack

◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec

◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017

Who Should Attend

System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed.
Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.
The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.

Benefits

• Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
• Numerous scripts and tools will also be provided during the training, along with student hand-outs.
• A certificate of attendance

Prerequisites

The only requirement for this class is that you must bring your own laptop and have admin/root access on it.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there.
We also provide a dedicated Kali VM to each attendee on the hacklab.
So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!