Select Page

Qradar SIEM Training

Qradar SIEM Training

⏰24 hours | ▶️ 24 Videos | 📣 7925 Participants | 🎓 3481 Reviews | 4.8 ⭐⭐⭐⭐⭐

Choose a Plan that Works for You

Self Paced

Unlimited Access
✉️
  • Advanced sessions
  • Interview Q&A
  • Free study Materials
  • Premium Technical support
CONTACT US

Instructor Led Live Training

Unlimited Access
✉️
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
CONTACT US

Corporate Training

Unlimited Access
✉️
  •  
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
  •  
CONTACT US

Upcoming Batches PST

 Weekday 

Dec 11(1 HR A DAY)
06:00 PM PST
Enroll Now  →

 Weekday 

Dec 31(1 HR A DAY)
06:00 AM PST
Enroll Now  →

 Weekend

Dec 28(1 HR A DAY)
06:00 PM PST
Enroll Now  →

Upcoming Batches IST

 Weekday 

Dec ​​12(1 HR A DAY)
07:30 AM IST
Enroll Now  →

 Weekday 

Dec 31(1 HR A DAY)
07:30 PM IST
Enroll Now  →

 Weekend 

Dec 29(1 HR A DAY)
07:30 AM IST
Enroll Now  →

Course Description

QRadar training is for the QRadar intelligence platform, which gives the unified planning of cohesive functions with a single Security Operations Center(SOC)user interface.

Developed ORadar training to provide security in different firms of an organization.

Our platform provides online classes under expert trainers with all-time support to learn your course in your free time.

Our courses cover all the essential modules required for an QRadar certification exam, along with a hands-on experiment.

This ecurity QRadar SIEM certification validates once demonstration and technical knowledge to provision Security QRadar

Enroll with us and learn different security modules of QRadar and hold your certification by cracking the QRadar certification exam.

Get started and Avail your dream job as an security analyst.

Features

✅Lifetime access ✅Lifetime video access
✅Real-time case studies ✅The project integrated into the Curriculum
✅24*7 Support from our team of administrators

Course Content

1.Introduction to SOC

  • Building a successful SOC
  • Functions of SOC
  • Heart of SOC- SIEM
  • Gartner’s magic quadrant

2.Introduction to Qradar

  • IBM QRadar SIEM component architecture and data flows
  • Using the QRadar SIEM User Interface

3.Working with logs

  • Working with offense triggered by events
  • Working with offense triggered by flows
  • Working with events of an offense

4.Monitoring

  • Monitor QRadar Notifications and error messages.
  • Monitor QRadar performance
  • Review and interpret system monitoring dashboards.
  • Investigate suspected attacks and policy breaches
  • Search, filter, group, and analyze security data

5.Intercep

  • Investigate the vulnerabilities and services of assets
  • Investigate events and flows
  • Use index management
  • Index and Aggregated Data Management
  • Use AQL for advanced searches
  • Creating Alerts for intrusions
  • Explain error messages and notifications.
  • Analyze a Real-World Scenario.
  • Creating Reports
  • Case Studies

6.Advanced Topics

  • Creating log source types
  • Leveraging reference data collections
  • Developing custom rules
  • Creating Custom Action Scripts
  • Developing Anomaly Detection Rules

FAQ’s

(more…)

Web Application Penetration Testing Training

Web Application Penetration Testing Training

⏰24 hours | ▶️ 24 Videos | 📣 9173 Participants | 🎓 3149 Reviews | 4.8 ⭐⭐⭐⭐⭐

Choose a Plan that Works for You

Self Paced

Unlimited Access
✉️
  • Advanced sessions
  • Interview Q&A
  • Free study Materials
  • Premium Technical support
CONTACT US

Instructor Led Live Training

Unlimited Access
✉️
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
CONTACT US

Corporate Training

Unlimited Access
✉️
  •  
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
  •  
CONTACT US

Upcoming Batches PST

 Weekday 

Apr 09(1 HR A DAY)
07:00 PM PST
Enroll Now  →

 Weekday 

Apr 29(1 HR A DAY)
07:30 AM IST
Enroll Now  →

 Weekend

Apr 20(1 HR A DAY)
07:00 PM PST
Enroll Now  →

Upcoming Batches IST

 Weekday 

Apr​ 10(1 HR A DAY)
07:30 AM IST
Enroll Now  →

 Weekday 

Apr 29(1 HR A DAY)
07:30 PM IST
Enroll Now  →

 Weekend 

Apr 21(1 HR A DAY)
07:30 AM IST
Enroll Now  →

Course Description

Get Web Application Penetration Testing training classes and grab knowledge regarding the technology that promotes business success.

It plays a vital role in setting a target for cybercriminals. Web software penetration trying out offerings proactively examine packages to perceive vulnerabilities, together with the ones that might result in the lack of touchy consumer and economic information.

As this is one of the best developing security tools, it would be the best choice anyone could make to join our online classes and self-paced tutorials.

Join schooling now and analyze this strong generation and snatch the direction completion. Upgrade your technical talents accordingly.

Also, the pay for those professions may be astounding as those are the maximum desired streams in It cloud management. So to get professional guidance and excellent placements get with us now.

Features

✅Lifetime access ✅Lifetime video access
✅Real-time case studies ✅The project integrated into the Curriculum
✅24*7 Support from our team of administrators

Course Content

1.Web Application Assessment

  • OWASP Top 10 Vulnerabilities
  • Threat Modelling Principle
  • Site Mapping & Web Crawling
  • Server & Application Fingerprinting
  • Identifying the entry points
  • Page enumeration and brute forcing
  • Looking for leftovers and backup files

2.Authentication vulnerabilities

  • Authentication scenarios
  • User enumeration
  • Guessing passwords – Brute force & Dictionary attacks
  • Default users/passwords
  • Weak password policy
  • Direct page requests
  • Parameter modification
  • Password flaws
  • Locking out users
  • Lack of SSL at login pages
  • Bypassing weak CAPTCHA mechanisms
  • Login without SSL

3.Web Agent Installation

  • Web Agent Model
  • Preparing for Web Agent installation
  • Install the Web Agent
  • Unattended installs
  • Settings Added to Web Server
  • Test the Web Agent
  • Troubleshooting
  • Unix Installation Review

4.Authorization vulnerabilities

  • Role-based access control (RBAC)
  • Authorization bypassing
  • Forceful browsing
  • Client-side validation attacks
  • Insecure direct object reference

5.Improper Input Validation & Injection vulnerabilities

  • Input validation techniques
  • Blacklist VS. Whitelist input validation bypassing
  • Encoding attacks
  • Directory traversal
  • Command injection
  • Code injection
  • Log injection
  • XML injection – XPath Injection | Malicious files | XML Entity
  • bomb
  • LDAP Injection
  • SQL injection
  • Common implementation mistakes – authentication
  • Bypassing using SQL Injection
  • Cross Site Scripting (XSS)
  • Reflected VS. Stored XSS
  • Special chars – ‘ &<>, empty

6.Insecure file handling

  • Path traversal
  • Canonicalization
  • Uploaded files backdoors
  • Insecure file extension handling
  • Directory listing
  • File size
  • File type
  • Malware upload

7.Session& browser manipulation attacks

  • Session management techniques
  • Cookie based session management
  • Cookie properties
  • Cookies – secrets in cookies, tampering
  • Exposed session variables
  • Missing Attributes – httpOnly, secure
  • Session validity after logoff
  • Long session timeout
  • Session keep alive – enable/disable
  • Session id rotation
  • Session Fixation
  • Cross Site Request Forgery (CSRF) – URL Encoding
  • Open redirect

8.Information leak

  • Web Services Assessment
  • Web Service Testing
  • OWASP Web Service Specific Testing
  • Testing WSDL
  • Sql Injection to Root
  • LFI and RFI]
  • OWASP Top 10 Revamp

FAQ’s

(more…)

Network Penetration Testing Training

Network Penetration Testing Training

⏰24 hours | ▶️ 24 Videos | 📣 10628 Participants | 🎓 4381 Reviews | 4.7 ⭐⭐⭐⭐⭐

Choose a Plan that Works for You

Self Paced

Unlimited Access
✉️
  • Advanced sessions
  • Interview Q&A
  • Free study Materials
  • Premium Technical support
CONTACT US

Instructor Led Live Training

Unlimited Access
✉️
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
CONTACT US

Corporate Training

Unlimited Access
✉️
  •  
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
  •  
CONTACT US

Upcoming Batches PST

 Weekday 

Dec 10(1 HR A DAY)
07:00 PM PST
Enroll Now  →

 Weekday 

Dec 30(1 HR A DAY)
07:00 AM PST
Enroll Now  →

 Weekend

Dec 28(1 HR A DAY)
07:00 PM PST
Enroll Now  →

Upcoming Batches IST

 Weekday 

Dec 11(1 HR A DAY)
07:30 AM IST
Enroll Now  →

 Weekday 

Dec 30(1 HR A DAY)
07:30 PM IST
Enroll Now  →

 Weekend 

Dec 29(1 HR A DAY)
07:30 AM IST
Enroll Now  →

Course Description

Get Network Penetration Testing Training classes and gain course completion on the technology that identifies security issues before hackers can exploit them.

It is also known as pen trying out. A cyber-protection workout is performed to use specialists to locate and exploit vulnerabilities in an organization’s IT infrastructure.

Join our online classes to learn about the security tool that checks the weak points of the system software prone to cyber-attacks.

Start Learning this generation in online classes and online assets of tutorials and benefit a grip in this device via understanding from the fundamentals.

Our skilled trainers will assist you via entirety and manual you to get the certification and accumulate pinnacle companies’ placement.

Get the course completion and guidance to get Network Penetration Testing certification and get yourself into the best MNC.

Features

✅Lifetime access ✅Lifetime video access
✅Real-time case studies ✅The project integrated into the Curriculum
✅24*7 Support from our team of administrators

Course Content

1.Introduction

  • TCP/IP Packet Analysis
  • Overview of Network Security
  • Port and Protocols & Analysis
  • Linux Server Installation
  • Windows Client / Linux Installation
  • Basic commands (Windows / Linux)
  • Kali Linux Installation

2.Wireshark

  • Introduction
  • ICMP Packet Analysis
  • ARP Packet Analysis
  • 3 way handshake Analysis
  • Tracert Command Analysis
  • Packet Forensics
  • Nmap Packet Forensics

3.NMAP Basics

  • Network Sweeping
  • OS Discovery
  • SYN Scan
  • UDP Scan
  • XMAS Scan
  • FIN Scan
  • NULL Scan

4.Nmap Firewall Scan

  • Fragment Scan
  • Data Length Scan
  • TTL Scan
  • Source Port Scan
  • Decoy Scan
  • Spoof IP Scan
  • Spoof MAC Scan
  • Data String Scan
  • Hex String Scan
  • IP Options Scan

5.Metasploit

  • Metasploit Basic
  • Msfvenom
  • Auxiliary scanner
  • Windows Reverse TCP
  • Windows HTTPS Tunnel
  • Hidden Bind TCP
  • Macro Payloads
  • Shell on the Fly (Transport)
  • Bypass User Access Control
  • Pass the Hash
  • Post Exploitation

6.Dictionary & Passwords Attacks

  • Hydra
  • Medussa
  • Crunch
  • CeWL
  • WCE
  • Mimikatz
  • cUPP
  • Online attacks

7.FTP Penetration Testing (Port 21)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Pivoting/Tunneling [windows]

8.SSH Penetration Testing (Port 22)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Pivoting/Tunneling
  • Multiple way to secure ssh

9.Telnet Penetration Testing (Port 23)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Pivoting/Tunneling

10.SMTP Penetration Testing (Port 25)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Penetration testing with SWAKS

11.DNS & DHCP Penetration Testing (Port 53, 67, 68)

  • Introduction & Lab setup
  • DNS Enumeration
  • DHCP Packet Analysis with Wireshark
  • DHCP Starvation attack
  • Rogue DHCP Server
  • Tools (Gobbler, responder, Yersinia)

12.NetBIOS & SMB Penetration Testing (Port 135-445)

  • Introduction & Lab setup
  • SMB Enumeration
  • SMB Null Sessions
  • Enum4Linux
  • NetBIOS Spoofing
  • Banner Grabbing/Banner Hiding
  • Brute forcing/Secure
  • Pivoting/Tunneling
  • Penetration Testing with (PS exec, eternal blue )
  • Multiple way to connect smb

13.SNMP Penetration Testing (Port 161, 162)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Penetration Testing with Metasploit and Nmap

14.MSSQL Penetration Testing (Port 1433)

  • MSSQL Brute force Attack
  • Enumerate MSSQL configuration setting
  • Identifying SQL Server logins
  • Identify Database owner
  • Identify a User With masquerade privilege
  • Execute SQL Statement
  • Retrieve MSSQL Password Hashes of Users
  • Decode Password Hashes of Users
  • Extracting MYSQL Schema Information

15.MySQL Penetration Testing (Port 3306)

  • Introduction and Lab setup
  • MYSQL Brute Force Attack
  • mysql banner user/file/ Enumeration
  • Stealing MYSQL information
  • Check File Privileges
  • Enumerate MYSQL writeable directories
  • Extract MYSQL Username with Hash Password
  • Crack Hash Password with John the Ripper
  • Secure MYSQL through port forwarding
  • Prevent Mysql against brute force attack

16.Remote Desktop Penetration Testing (Port 3389)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Pivoting/Tunneling
  • DOS Attack

17.VNC Penetration Testing (Port 5900, 5901)

  • Introduction & Lab setup
  • Banner Grabbing/Banner Hiding
  • Port forwarding /Time Scheduling
  • Brute forcing/Secure
  • Penetration Testing with Metasploit and Nmap
  • Pivoting/Tunneling

18.Sniffing & Spoofing

  • Introduction
  • ARP Poisoning
  • MAC Address Snooping
  • DNS Spoofing
  • DNS Poisoning
  • Capture NTLM Hashes
  • Xerosploit

19.Socks Proxy Penetration Testing

  • Socks proxy lab setup
  • SSH
  • FTP
  • HTTP

20.IDS, Firewall, Honeypots

  • Setup Snort Lab in Ubuntu
  • Understanding Snort Rules
  • Introduction to IPtables
  • Introduction to Windows Firewall
  • ICMP Detect
  • TCP Packet Detect
  • Detect Nmap Scan
  • Detect Dos Attack
  • Antivirus Evasion with veil

21.DOS Attack Penetration Testing

  • Introduction to DOS Attack
  • Botnet
  • D-DOS Attack
  • SYN Flood Attack
  • UDP Flood
  • Smurf Attack
  • Packet Crafting
  • Others DOS Attack Tools

22.Social Engineering Attack

  • Introduction to Social Engineering Attack
  • Payload and Listener Attack
  • Java Applet Attack
  • HTA Attack
  • MSFPC
  • DOS Attack
  • PowerShell Attack Vector
  • VNC Attack

23.Covering Tracks & Maintaining access

  • Persistence
  • s4u_persistence
  • VSS_Persistence
  • Registry Persistence
  • Netcat
  • Clear Event Logs

24.Network Vulnerability Assessment Tool

  • Nessus
  • GFI Languard
  • Nexpose
  • Openvas
  • MBSA

FAQ’s

(more…)

Mitre Attck Training

Mitre Attck Training

⏰24 hours | ▶️ 24 Videos | 📣 10625 Participants | 🎓 4701 Reviews | 4.8 ⭐⭐⭐⭐⭐

Choose a Plan that Works for You

Self Paced

Unlimited Access
✉️
  • Advanced sessions
  • Interview Q&A
  • Free study Materials
  • Premium Technical support
CONTACT US

Instructor Led Live Training

Unlimited Access
✉️
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
CONTACT US

Corporate Training

Unlimited Access
✉️
  •  
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
  •  
CONTACT US

Upcoming Batches PST

 Weekday 

Dec ​09(1 HR A DAY)
07:30 AM IST
Enroll Now  →

 Weekday 

Dec 31(1 HR A DAY)
06:00 AM PST
Enroll Now  →

 Weekend

Dec 28(1 HR A DAY)
06:00 PM PST
Enroll Now  →

Upcoming Batches IST

 Weekday 

Dec ​09(1 HR A DAY)
07:30 PM IST
Enroll Now  →

 Weekday 

Dec 31(1 HR A DAY)
07:30 PM IST
Enroll Now  →

 Weekend 

Dec 29(1 HR A DAY)
07:30 AM IST
Enroll Now  →

Course Description

Start MITRE ATT&CK training in live sessions and know about Set of strategies utilized by adversaries to perform a selected objective. Those targets are labeled as processes with inside the ATT&CK Matrix.

It is a curated expertise base and version for cyber adversary behavior, reflecting the diverse stages of an adversary’s assault lifecycle and the systems they’re recognized to target.

Start online classes and learn about achieving the tactical goals and adversary usage of regulations and metadata.

Get your online classes for mastering this framework device that is one of the maximum advancing generations.

Start Learning this generation online and online assets of tutorials and benefit a grip in this device by understanding the fundamentals.

Our skilled running shoes will assist you via the path of entirety and manual you to get MITRE ATT&CK certification and gather pinnacle companies’ placement.

Features

✅Lifetime access ✅Lifetime video access
✅Real-time case studies ✅The project integrated into the Curriculum
✅24*7 Support from our team of administrators

Course Content

1.Introduction to MITRE ATT&CK

MITREAtt&ck – Cyber Att&ck Lifecycle
Pyramid of pain
Cyber Kill Chain
Threat Intelligence using MITREAtt&ck

2.MITRE’s ATT&CK Matrices

  • MITRE PRE-ATT&CK threat modelling methodology for pre-exploit activities
  • Enterprise Matrix: Windows, MacOS, Linux, Etc.
  • Mobile
  • ICS.

3.Mapping Data to ATT&CK

ATT&CK portable detection tests
Raw Data vs Finished Reports
Case Studies.

4.Storing &Analyzing the ATT&CK Mapped Data

MITRE ATT&CK Navigator
Utilizing the MITRE ATT&CK Matrix
MITRE ATT&CK Use Cases
Warming Up Using ATT&CK for Self-Advancement.

5.Defend with MITRE ATT&CK

Concept of Active Defense
MITRE SHIELD
Defensive Recommendation with SHIELD
MITRE CAR
Getting started using MITRE ATT&CK for Threat Hunting
Different TTP’s on attacking Active Directory

6.Red Team Emulation

Set up MITRE Caldera
Atomic Red Team Test
MITRE LAB Practical.

FAQ’s

(more…)

CTF Training

CTF Training

⏰24 hours | ▶️ 24 Videos | 📣 9435 Participants | 🎓 4318 Reviews | 4.8 ⭐⭐⭐⭐⭐

Choose a Plan that Works for You

Self Paced

Unlimited Access
✉️
  • Advanced sessions
  • Interview Q&A
  • Free study Materials
  • Premium Technical support
CONTACT US

Instructor Led Live Training

Unlimited Access
$✉️
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
CONTACT US

Corporate Training

Unlimited Access
✉️
  •  
  • Live Instructor
  • Advanced sessions
  • Interview Q&A
  • Premium Technical Support
  •  
CONTACT US

Upcoming Batches PST

 Weekday 

Dec 10(1 HR A DAY)
07:00 PM PST
Enroll Now  →

 Weekday 

Dec 30(1 HR A DAY)
07:00 AM PST
Enroll Now  →

 Weekend

Dec 21(1 HR A DAY)
07:00 PM PST
Enroll Now  →

Upcoming Batches IST

 Weekday 

Dec 11(1 HR A DAY
07:30 AM IST
Enroll Now  →

 Weekday 

Dec ​30(1 HR A DAY)
07:30 PM IST
Enroll Now  →

 Weekday 

Dec 22(1 HR A DAY)
07:00 AM PST
Enroll Now  →

Course Description

Capture the Flag Training (CTF) is for candidates willing to master in a 
Cyber Security competition with challenges. The participants will have a 

variety of tasks related to computer security problems. 

CTF Course is the best fit for the candidates interested in Ethical 
Hacking and Penetration testing skills recommended to have firm 

understanding of the TCP and IP protocols. 

You can enroll in this course and start learning the course through 

online classes. 

After learning this course, you will have many job opportunities to work 

in Ethical Hacking or IT security.  

You can get the Course Completion Certificate as soon as you complete 
the course. 

Features

✅Lifetime access ✅Lifetime video access
✅Real-time case studies ✅The project integrated into the Curriculum
✅24*7 Support from our team of administrators

Course Content

1.Introduction to Pentesting

  • Penetration Testing Benefits
  • Types of Penetration Testing
  • Penetration Testing Methodologies
  • Law & Compliance
  • Planning, Managing & Reporting

2.Assessment & Skill Management

  • Finding Files
  • Services in Kali
  • SSH Service
  • FTP Services
  • HTTP Service
  • SNMP Service
  • Mysql Services
  • Service Management
  • IP Protocols, Networking Protocols, IPSec, VOIP
  • Network Architecture, Mapping & Target Identification

3.Basic Linux and Commands

  • Locate
  • Which
  • Find
  • Sed
  • Awk
  • Cut
  • Sort
  • Grep
  • Head
  • Tail
  • Wget
  • Cat

4.Netcat Tutorials

  • Getting start with NC
  • Connecting to a Server
  • Fetching HTTP header
  • Chatting
  • Creating a Backdoor
  • Verbose Mode
  • Save Output to Disk
  • Port Scanning
  • TCP Delay Scan
  • UDP Scan
  • Reverse TCP Shell Exploitation
  • Randomize Port
  • File Transfer
  • Reverse Netcat Shell Exploitation
  • Banner grabbing

5.Port Scanning with Nmap & WireShark

  • TCP Connect Scan with wireshark
  • Network sweeping with wireshark
  • SYN Scan with wireshark
  • UDP Scan with wireshark
  • FIN Scan with wireshark
  • Null Scan with wireshark
  • OS Discovery with wireshark
  • NSE Scripts with wireshark
  • Nmap Firewall Scan

6.Enumeration

  • Overview
  • Structure, interpretation and analysis of DNS records
  • DNS Enumeration
  • Forward DNS Lookup
  • Reverse DNS Lookup
  • Zone Transfers
  • NetBIOS & SMB Enumeration
  • Null Sessions
  • Enum4Linux
  • SMB NSE Scripts
  • MYSQL Enumeration
  • MSSQL Enumeration
  • SMTP Enumeration
  • VRFY Script
  • Python Port
  • SNMP Enumeration
  • SNMP MiB
  • SNMPWalk

7.Passive Info Gathering

  • Overview
  • Google Search
  • Google Hacking
  • GHDB
  • NNTP Newsgroups & Information Leakage from Mail Headers

8.Directory Bruteforce Attack

  • Dirb
  • Dirbuster
  • Dirsearch
  • Metasploit

9.Windows Security Assessment

  • Domain Reconnaissance
  • User Enumeration
  • Active Directory
  • Windows Patch Management Strategies
  • Desktop Lockdown & Exchange Server

10.Reverse Shell

  • Php reverse shell
  • Python reverse shell
  • Perl reverse shell
  • Bash reverse shell
  • Msfvenom shell

11.Intro to Overflows

  • Overview
  • Vulnerable Code
  • Stack Overflow
  • Heap Overrun/Overflow

12.Windows BO Example

  • Overview DEP, ASLR and CFG
  • Fuzzing
  • Crash Replication
  • Controlling EIP
  • Locating space for our Shellcode
  • Bad Characters
  • Redirecting Execution
  • Introducing Mona
  • Shellcode Payload

13.Linux BO Example

  • Overview DEP, ASLR and Canaries
  • Controlling EIP
  • Locating Space
  • First Stage Shellcode
  • Locating RET
  • Generating Shellcode

14.Using Public Exploits

  • Overview
  • Finding Exploits
  • Exploit-DB
  • Fixing Exploits 1
  • Fixing Exploits 2
  • Cross-Compiling

15.File Transfers

  • FTP
  • Python HTTP Server
  • php http server
  • HFS Tool
  • Netcat
  • CURL
  • Wget
  • TFTP
  • Python SMB Server
  • Powershell File Transfer
  • Bitsadmin

16.Linux Privilege Escalation

  • Suid Binaries
  • AbsuingSudo’s Right
  • Kernel Exploit
  • Path Variables
  • Multiple Ways to edit /etc/passwd file

17.Linux Privilege Escalation

  • Suid Binaries
  • AbsuingSudo’s Right
  • Kernel Exploit
  • Path Variables
  • Multiple Ways to edit /etc/passwd file

18.Windows Privilege Escalation

  • Weak File Permissions
  • Always Install Elevated
  • Bypass UAC
  • Unquoted Service Path
  • Kernel Exploits

19.Web Application Attacks

  • Overview
  • Web Servers Flaws
  • Web Protocols
  • Local File Inclusion
  • SQL Injection
  • Authentication Bypass
  • Error Based Enum
  • Blind SQL Injection
  • Attack Proxies
  • XSS, LDAP & XML Injection
  • SQLMap
  • Web APIs
  • Web Sub-Components

20.Password Cracking

  • Overview
  • Crunch
  • Passing the Hash
  • Password Profiling
  • Online Attacks
  • Medusa
  • Ncrack
  • Hydra
  • Password Hashes
  • Cracking Hashes
  • LM / NTLM

21.Port Fun

  • Overview
  • Port Forwarding
  • SSH Tunnels
  • Dynamic Proxies
  • Proxy Chains

22.Metasploit Framework

  • Overview
  • AUX Modules
  • SNMP Modules
  • SMB Modules
  • WEBDAV Modules
  • Database Services
  • Exploits
  • Payloads
  • Meterpreter
  • Meterpreter in Action
  • Additional Payloads
  • Binary Payloads
  • Multihandler
  • Porting Exploits
  • Post Exploitation

23.Antivirus Avoidance

  • Overview
  • Shellter
  • Veil-Evasion
  • thefatrat

24.Misconfigured Lab Setup

  • WordPress lab Setup & Pentesting
  • Joomla Lab Setup & Pentesting
  • Drupal Lab Setup & Pentesting

FAQ’s

(more…)