INTRODUCTION
-The Real Spanish Hackers History X
-Kali Linux Quick Introduction
-Penetration Testing: White, Black, Grey and Double Grey Box
-Sec List, Standards, ISO/IEC 27000
-The CIA Triad (Confidenciality, Integrity and Aviability)
-Minimun Privilege Principle
-Microsoft Threat Modeling, Stride, Dread, OSTMM Model, OWASP
WEB APPLICATION PENETRATION TESTING
-Agressive FingerPrinting
-Tactical FootPrinting
-Google Hacking: Building Your Own Dorks
-Shodan and Bing
-Stealing Cookies and Credentials using Cross Site Scripting
-From SQL Injection to Shell
-Cross Site Request Forgery
-Xpath INjection
-LDAP Injection
-ClickJacking
-Remote File Inclusion / Local File Inclusion
-OSINT
-Mitigation
ADAPTIVE PENETRATION TESTING: RED TEAM TACTICS (& DIRTY TRICKS :-) )
DAY 1
-Red Teaming Fundamentals
-Knowing the enemy
-Adversarial Mindset
-The Three Aspects of Red Teaming : Digital, Physical, Social
-Physical, mental and technical adaptation
-Enemies and friends.Who are they?
DAY 2
-Motivation: The key to the elite hacker, the key of the world
-IDART Metodhology Fundamentals
-OSINT Fundamentals
-Use and abuse of the human factor.
-Physical & Social Red Teaming
-We sent. Your obey. The Brain Power
DAY 3
-Red Team Tactics
-Dirty Tricks :-)
-Deepening OSINT
-Observe and Learn :REd Team Laws
-Tree Analisys Tools.
-Real Time Monitoring
-The Players
-Cobal Strike and Metasploit
-Advanced Social Engineering
-Using and abusing the human factor to extreme
-Tactical Stress Testing
-Knowing when you are attacking. Your defenses in the game, your defenses in real life
-Winning the game. Winner Never Quit, Quitters Never Win
-War Games: Doctor Falken,
shall we play a game?
WINDOWS HACKING
-From Desktop Hacking to SAM Cracking
-Tools
-Evil Power Shell
-DEP,ASLR,UAC,BitLocker
LINUX HACKING
-LOcal and Remote Hacking
-From Elevation Of Privilege to Upload WebShell
-Booting Linux
-Tools
REVERSE ENGINNERING
-Crack.Me and Tools Step By Step
MALWARE
-Trojans
-Worm
-Reverse Polimorfic Malware ( Flu, Poisong Ivi and More..)
-Building "a Little" Undetectable Trojan
-KeyLoggers
-RootKits
WIRELESS
-Standards
-Ad Hoc
-WarDriving
-WEP Attacks
-WPA-WPA2-PSK
-Chop-Chop Attack
ATTACKING NETWORK DEVICES
*With the introduction of dynamips as a Cisco IOS emulation tool, it is now possible to emulate almost any Cisco IOS image in a simulated hardware environment.
**Of course the main problem with dynamips was that it was a CLI tool that required a lot of parameter knowledge.
***To make the configuration easier, the dynagen tool was developed to provide an INI file-like configuration interface.
For most of the old school engineers out there this was familiar, and easy to figure out and configure.
****GNS3 was developed to take the ease of the configuration to a whole new level; this included a GUI-style interface that most people familiar with Windows based systems understood (almost anyone with a computer).
GNS3 added additional abilities to the dynamips platform including support for Cisco PIX and ASA as well as Junipers – JunOS.
– Well Known Vendors in Networking
– Top Players in Internetworking
– Core Internetworking Devices
– Vulnerabilities Lookup from Famous Exploit – DB.com
– Cisco Security Advisories
– Security Testing of Internetworking Operating System
– Recommended Lab Setup
– GNS3 Configuration
– Walkthroughs on Hacking Network Devices
– Attack Methodology
– Understanding Firewalls and IDS
– Fire-walking
– Methods of Detection intrusion
-GNS3 Initial Configuration
Figure 1 shows the main GNS3 screen.
-Dynamips/GNS3 Issues
Figure 2 shows the menu item to be selected to configure the Cisco IOS images.
VOIP
-Introduction
-SIP
-RTP
-Asterisk, OpenSer, HearBeat
-Attacking From The Virtual Ip
HOW TO BECOME A PCI/DSS AUDITOR
-QSA
-PCI Security Standard Council
-Tools
-PCI/DSS Reality
LOOKPICKING FUNDAMENTALS
-Opening Padlocks ( and some strong boxes)
INTEL SERIES
-Spionage
ANTI-FORENSIC
-OverWriting Data and Metadata
-Program Packers
-Generic Data Hiding
-Data Encription
-Targeting Forensic Tools (& Vulnerabilities)
YOU SHOULD KNOW
-You should have prior knowledge of the following technologies to get the most out of this workshop,
-However, we will maintain a pace in such a way that will cover all levels of students to an extent they can understand easily:
-Understanding of TCP/IP
-Knowledge of OSI Model
-Minimum Beginner Level Knowledge of Cisco( OR/AND Others) Devices
-Minimum Knowledge of Operating Systems (Windows, Linux)
-HTML, JavaScript Fundamentals
KEY AUDIENCE
-Network Administrators
-Information Security Officers
-New Graduates in IT and Newbies, who want to learn hacking
Course Fee :800 Euros
Reservation: 150 Euros
Limited Place
First Day : 28 February 2015
On-Line Modules Too. For More Information : via Contact Formulary
All The Sec Trainner are Working Actually and They are Recognized Professionals In The World of Computer Security
Thans You Very Much.