Advance Training
- Exploitation and Advance Metasploit
- Cloud Security Professional
- Certified Red Team Expert
- Digital Forensics Expert
Exploit Development and Advance Metasploit
The course is concentrating on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. Our Experts will teach you about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Systems and how to bypass them.
Target Audience
- All those who are interested in advance exploitation techniques
- Security Engineers
- Working Professionals
Module 1- Introduction
- Overviews of course
- Exploit Development
- Fundamentals of Reverse Engineering
- What is Metasploit Framework?
- Types of Exploitation
Module 2 – Debuggers Installation
- Debuggers basics
- Windbg
- Ollydbg
- Immunity Debugger
Module 3 – Assembly Language
- Fundamentals of Assembly Language
- Reverse Engineering Demo
- Windows Exploitation
- Fuzzing
- Crafting the attack string
- Stack Overflow
- Return to stack vs Return through registers
- Break-point debugging
- Creating the payload
Module 4- Shellcode
- Introduction to shellcode and Payload
- Different Types of Payloads
- Exploiting with Structured Exception Handlers (SEH)
- ActiveX Exploitation
Module 5 - Linux Exploitation
- Introduction to Linux Exploitation
- Basics of GDB Debugger
- Return-to-libc technique
- What is ASLR
In Progress
Certified Red Teamer
Unlike a penetration test, the goal of a red team assessment is not just to test your systems, but it offers full-scope testing. The scope covers applications, internal and external networks, Infra and employees. Red teamers usually attack without the knowledge of the infra, technology and employees. The objective of a red team assessment is to obtain a realistic idea of the level of risk and vulnerabilities against your technology, people and physical assets.
In this Red teaming training, you will also learn about the various tools and techniques which will help you to identify information of any infra. You will get hands-on experience conducting dark web Intelligence & OSINT investigations. At SecOrigin, we have setup multiple machines on which you can perform different techniques.
Target Audience
- All those who are interested in hacking and ethical hacking
- Security Engineers
- Working Professionals
Day 1:
- Overview of Red Teaming
- Reconnaissance
- In this phase, active and passive reconnaissance is performed to gather information about the organization and its infrastructure.
- Information gathering using OSINT
Day 2:
- Identifying Critical Infrastructure
- Using the information from the reconnaissance, we identify and target the organization’s critical assets and IT infrastructure.
- Antivirus Evasion
- Testing with web application, network, server etc.
- In this phase, we try to identify further security weaknesses in the identified enterprise’s assets, such as web applications, network, devices, server, etc.
Day 3:
- Social Engineering
- Exploitation
Day 4:
- Privilege Escalation
- Initial Compromise
- Internal Recon
- In this phase, after successfully compromising one service, the tester performs an internal recon to identify vulnerabilities in the internal servers.
Day 5:
- Privilege Escalation
- Remote code Execution Attacks
- Active Directory Attacks
- Here we will learn about the AD attacks and exploitation
- Prepare Persistent backdoor
- In this phase, to analyze the gathered data and collect further intelligence from the enterprise network, Tester implement the backdoor.
- Reporting
- We provide a report of findings, which gives a detailed view of the critical, high-, medium- and low-priority risks, along with appropriate recommendations.
Digital Forensics Expert
In this training, you will learn how to use open source tools to collect digital forensic information from Linux and Windows systems. You will learn how to conduct static malware analysis of live systems using forensics tools and techniques. The entire workshop is driven by hands-on exercises and case studies to ensure that all aspects have a real-life scenario-based approach.
Target Audience
- All those who are interested in ethical hacking and penetration testing.
- Security Engineers
- Auditors and financial fraud examiners
- Professionals seeking a career in computer forensics and cyber crime investigations
- Working Professionals
Pre-Requisite
- Basic understanding of Linux and Windows operating system
Module 1 - Introduction
- Digital Forensics Overview
- IT Act and Cyber Law
- Email Misuse
- Pornography
- What is an event and Incident?
- Detection of Incidents
- Chain of Custody
- Evidence Collection and Analysis
- Defining Evidence
- Evidence Collection
- Evidence Handling
- Online Vs Offline Response
- 6 A’s of Digital Forensic
Module 2- Types of Digital Forensics
- Network Forensics
- Disk Based Forensic
- Database Forensics
- Memory Forensics
- Live Forensics
- Dead Forensics
Disk Based Forensics-
- Risk Imaging using Linux ( dd, sdd, dcfldd) and Netcat
- Disk Imaging using Encase, Helix Bootable disk
- Forensic analysis using Encase
Network Forensics
- Network Devices
- Introduction to Log Analysis
- Log Analysis of servers, firewall, etc.
- Using Tcpdump, Snort, Wireshark, Network Investigator
Live Forensics
- Windows Live Response
- Linux Live Response
- SysInternals
Memory Forensics
- Evidence acquisition – DumpIt, FTK Imager, LiME, AVML
- Evidence analysis – Volatility
Database Forensics
- Forensic study of databases and their metadata.
- Investigation on database contents, log files and in-RAM data
Module 3 - Email and website tracing
Module 4 - Malicious Binary Analysis
Module 5 - Documenting the Investigation
Module 6 -Tools used