Hacking & Securite : Expert v4

Formations Hacking & Securite : Expert v4

OBJECTIF

This course will allow you to acquire a high level of expertise in the field of security by realizing different complex scenarios of attacks. This training is also focused on a thorough analysis of vulnerabilities. This training is particularly intended for consultants, administrators and developers who wish to be able to perform advanced technical tests during their penetration audits on internal or external systems, or to apply security solutions adapted to their IS.

In particular, the objectives of the training are:

  • Acquire a high level of expertise in the field of security by realizing different complex scenarios of attacks
  • Derive from advanced security solutions

PREREQUISITES

• Having taken HSA training is highly recommended

• To be comfortable in the use of the classic tools of pentest (Kali)

GENERAL INFORMATION

• Code : HSE
• Duration : 2 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord

TARGETED AUDIENCE

  • • RSSI, DSI
  • • Security Consultants
  • • Engineers / Technicians
  • • Network System Administrators / Developers

RESOURCES

• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises

PROGRAM OF TRAINING

  • Days 1
  • Network

    • • Scan techniques

      • Different types of scans

      • Customizing flags

      • Packet-trace

      • Using NSE Scripts

  • Filtering detection

      • • Error messages / Traceroute

      • Nmap outputs

      • Firewalking with the NSE Firewalk

  • Infrastructure plan

      • • Problems / mistakes not to do

      • Elements of defense

  • Forge the packets

      • • Basic commands

      • Read packages from a pcap

      • Create and send packages

  • Sniff the packets

      • •Export to pcap

      •Export to PDF

      •Filtering packets with filter filter

      •Modify packages via scapy

      •Scapy fuzzing tools

      •Creating tools using Scapy

  • Diversion of communications
  • Days 2 (following)

    • • Metasploit
    • Attacks from a remote service, a customer and bypass antivirus
    • Attack on Internet Explorer, Firefox
    • Attack on Microsoft Office Suite
    • Using the cmd and Escaladede privilege
    • Multi CMD, attack 5 sessions and more / Manipulation of the file system• Sniffing / Pivoting / Port
    • Forwarding
    Attack of a Microsoft network
    • Architecture / PassTheHash / Flight of token (impersonatetoken) Rootkit

  • Days 3
  • Web

    • • Discovery of infrastructure and related technologies

    • Vulnerability search

      • Server side (search of identifier, injection vector, SQL injection)

      • Injection of files

      • Problems of the sessions

      • Web Service

      • Client side (Clickjacking, XSS, CSRF)

  • Days 4
  • Application
  • Shell coding Linux

    • • From the C to the Assembler / Suppression of Nullbytes / Running a shell
    • Buffer Over flow advanced on Linux
    • Overwriting variables
    • Check EIP / Execute a code shell
    • Presentation of the ROP and bypass techniques of the last protections
    • ASLR / NX / PIE / RELRO

  • Days 5
  • TP final

    • • Putting into practice the knowledge acquired on a final course

Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.