Tailored IT Workshops

You already know your three N’s back and forward: Nessus, Nmap and Netcat. You have experience with ethical hacking and penetration testing. You can run l0phtcrack in your sleep. But, you want to learn more. You are ready for the next step in penetration testing training!

In Advanced Ethical Hacking: Expert Penetration Testing, you will delve deep into the less well-known, less obvious, and consequently more difficult to master techniques that are available today to penetration testers. It is a commonly known fact that malicious hackers and disgruntled employees have become increasingly sophisticated and efficient. Even the most plugged-in security pros have trouble keeping up with every new vulnerability; there are only 24 hours in a day!

After taking this information security course, you will walk out the door with the skills to identify and prevent the latest complex and complicated attacks by doing them yourself in our lab with your own two hands. After completing the penetration testing training in this course, you will be at the top 5%-10% in terms of information security knowledge and ethical hacking skills.

Hands on instructor led lab exercises coupled with effective and insightful lectures are the best way to learn advanced penetration testing and ethical hacking skills. In this course, you will get high quality penetration testing training by “learning by doing” in hands-on labs, complemented by expert in class instruction. You will also have a chance to put all of your new skills to test in nightly capture the flag exercises.

Some of the topics you will learn to master during the course:

• Writing buffer overflow exploits
• dlmalloc Heap Overflow exploits
• Win32 Heap Overflow exploits
• Linux stack overflow exploits
• Defeating non-exec stacks
• Return-to-libc shellcode
• Function pointer overwrites
• Crafting Injectable Shellcode
• Defeating non-executable stacks
• Linux LKM Rootkits
• Windows Kernel Rootkits
• Reverse engineering training
• Vulnerability development and discovery
• Attacking and blinding IDSs
• Hiding your attacks from IDSs
• Encrypted covert channels
• Global Offset Table Overwrites
• Windows Shellcode
• Integer Overflows
• Linux shellcode
• “no listening port” trojans
• A whole day on breaking through enterprise DMZs
• Reconstructing binaries from sniffed traffic
• Circumventing antivirus
• Bi-directional Spoofed Communication
• Session fixation
• Advanced SQL Injection
• Justifying a penetration test to management and customers
• Defensive technique

Some of the instructor-led hands-on lab exercises:

• Capture the Flag exercises every night !
• Writing a stack buffer overflow
• Porting exploits to metasploit modules
• Find socket shellcode
• Writing shellcode for Linux
• Using Ollydbg for Win32 Exploits
• Using IDA Pro for Reversing
• Reconstructing sniffed images
• Reverse engineering Windows PE Binaries
• Session hijacking
• Passive Network Analysis
• Exploitation with a remote GUI
• Sniffing SSL Encrypted Sessions
• Format string exploits
• Heap overflow exploits
• Windows exploits
• Calculating offsets
• Reversing with SoftIce
• OS determination without touching the target
• SQL Injection timing attacks
• Port redirection
• ASP source disclosure attacks
• Call-Back Backdoors
• Encrypted covert channels
• Remote keyloggers
• PHP/MySQL SQL Injection
• Inserting Malicious Code Into Unix Binaries

How You Benefit:

• Gain the in-demand career skills of a highly skilled and specialized penetration tester.
• Master the latest advanced level methodologies, tools, and manual techniques used by ethical hackers to enter the top 10% of security professionals in terms of skill.
• Move beyond the most well known ethical hacking techniques and into the realm of an expert penetration tester.
• More than interesting theories and lectures; get your hands dirty in our dedicated hacking lab.
• Learn hands-on skills that are difficult to gain in a corporate or government working environment, such as compromising border routers and testing your own buffer overflow exploits.
• Preparation for the Certified Expert Penetration Tester (CEPT) certification.

Required Prerequisites:

• Firm understanding of the Windows Operating System
• Exposure to the Linux Operating System or other Unix-based OS
• Firm understanding of the TCP/IP protocols.
• Exposure to network reconnaissance and associated tools (nmap, nessus, netcat)
• Programming knowledge is NOT required
• Desire to learn about ethical hacking, and get great penetration testing training!

The information security and hacking training go in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization’s network. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking in this network security training course.

The goal of this course is to help you master a repeatable, document-able penetration testing methodology that can be used in an ethical penetration testing or hacking situation. This ethical security training course has a significant ROI (Return on Investment), you walk out the door with hacking skills that are highly in demand.

Some of the hacking concepts you will learn to master during this hands on hacking course:

• Penetration testing methodologies
• Stealthy network recon
• Passive traffic identification
• Remote root vulnerability exploitation
• Privilege escalation hacking
• IPv6 Vulnerabilities
• Remote access Trojan hacking
• Running shell-code in RAM vs. on disk
• Wireless insecurity
• Breaking IP-based ACLs via spoofing
• Abusing Windows Named Pipes for Domain Impersonation
• Evidence removal and anti-forensics
• Attacking network infrastructure devices
• Hacking by brute forcing remotely
• Hiding exploit payloads in jpeg and gif image files
• Hacking Web Applications
• Breaking into databases with SQL Injection
• Cross Site Scripting hacking
• Hacking into Cisco routers
• Justifying a penetration test to management and customers
• CEH/CPT review
• Defensive techniques

Some of the instructor-led hands-on hacking lab exercises in the security training experience:

• Abusing DNS for host identification
• Leaking system information from Unix and Windows
• Windows 2003 Server & Vista DNS Cache Poisoning Attacks
• Unix, Windows and Cisco password cracking
• Remote buffer overflow exploit lab – heap vs. stack overflows
• Attacking Kerberos Pre-Auth Hashes
• Spoofing endpoints of communication tunnels
• Impersonation of other Users- Hijacking kernel tokens
• Attacking RDP (Remote Desktop Protocol) in Windows XP, 2003 & Vista
• Remote keylogging
• Data mining authentication information from clear-text protocols
• Sniffing and hijacking SSL encrypted sessions
• Breaking wireless security via hacking
• Malicious event log editing
• Client side IE & Firefox exploits
• Tunneling through IPSec VPNs by abusing ESP
• Data retrieval with SQL Injection Hacking
• Calculating the Return on Investment (ROI) for an ethical hack

How You Benefit:

• Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.
• Stay ethical! Get hands-on hacking skills in our lab that are difficult to gain in a corporate or government working environment, such as anti-forensics and unauthorized data extraction hacking.
• Move beyond automated vulnerability scans and simple security testing into the world of ethical penetration testing and hacking.
• More than interesting theories and lectures; get your hands dirty in our dedicated hacking lab in this network security training course.

Required Prerequisites:

• Firm understanding of the Windows Operating System
• Exposure to the Linux Operating System or other Unix-based OS
• Grasp of the TCP/IP protocols
• Desire to learn about the hacking and network security profession, stay ethical, and get great security training!

This Advanced Computer Forensics Training workshop is the most hands on and highly technical computer forensics training course available anywhere!

Course Details

Computer criminals are becoming increasingly crafty. Many perpetrators of computer crime are savvy enough to write over files instead of deleting them, clear slack space, and even damage the logic controllers on hard disks containing evidence! Evidence that you previously may have determined was “unrecoverable” can now be recovered after attending our Advanced Computer Forensics training course. Acquiring hard to recover evidence is not enough though, in order for evidence to be of use to yourself, the computer forensics investigator, it must be properly analyzed and interpreted. Much of the Advanced Computer Forensics course covers hard core, in-depth analysis of recovered data. Such topics as advanced Windows Registry Snapshotting & Recovery, reading SMART data from a damaged hard drive, and advanced file system forensics are covered in great depth.

The goal of these Advanced Computer Forensics training course is to train you on advanced forensic recovery techniques as well as advanced data analysis strategies not available elsewhere.

Total Hands-On Lab Environment in Computer Forensics Training…

This Computer Forensics training neatly meshes the skills required in order to respond to security incidents:

• Firmware issues
• Recovering evidence from Print & Spool files
• Recovering OLE Metadata
• Understanding Recycle Bin INFO2 file format structure
• Recovering data from INFO2
• Windows Registry fundamentals
• Determining time bias via SYSTEM
• Understanding and recovering Windows Restore Points
• Recovering Orphan folders
• Internet Explorer Forensics
• Internet Explorer “Auto complete” recovery
• Browser Toolbar Forensics
• Reversing the Google Toolbar
• AOL Instant Messenger Forensics
• Yahoo and MSN Messenger Forensics
• Volume Analysis
• RAID Volume Recovery
• MFT Entry Attribute Concepts
• FAT32 FSINFO forensics
• $MFT, $MFTMirr, $BOOT and $Volume file format analysis
• Understanding $BadClus
• Recovering “fixup” values
• Expert Witness Testimony

With the Advanced Computer Forensics training, you will gain the skills to propel yourself to being one of the top computer forensics investigators on the market today.

Required Prerequisites:

• Firm understanding of the Windows Operating System
• Firm understanding of computer hardware
• Experience with computer forensics
• Attendees can be anyone involved in the security of information assets: information security officers and managers, network administrators, Windows administrators.

Computer crimes happen! Did you know that evidence can be found on freshly formatted hard drives, cell phones, and even digital cameras?

The rate of fraud, abuse and downright criminal activity on IT systems by hackers, contractors and even employees are reaching alarming rates. Corporate IT, Law Enforcement and Information Security Pros are often required to perform computer forensics duties on their jobs. In terms of job growth, nothing beats computer forensics as a career, and no one can beat our training as the best place to learn from a computer forensics training expert.
Course Details

Computer crime is here to stay. Computer Forensics Specialists are needed by today’s companies to determine the root cause of a hacker attack, collect evidence legally admissible in court, and protect corporate assets and reputation. The best way to become a forensics expert is to attend a training session with a computer forensics training expert.

During the Computer Forensics Training course you will:

• See the dark side of how computer crimes are committed.
• Learn how to find traces of illegal or illicit activities left on disk with computer forensics tools and manual techniques.
• Learn how to recover data intentionally hidden or encrypted by perpetrators.

You will also learn how to create an effective computer crime policy, and gain the hands on skills to implement it.

After attending Computer Forensics Training, you will leave with a custom computer forensics toolkit that will enable you to perform a legally admissible forensics investigation and the skills to run the investigation properly.

This hands-on computer forensics training offers practical experience in a wide array of computer forensics situations that are applicable to the real world. Learn everything relating to computer forensics from how to establish a proper chain of custody that is admissible in a court of law to recovering files from intentionally damaged media.

Total Hands-On Lab Environment in Computer Forensics Training…

This Computer Forensics training neatly meshes the skills required in order to respond to security incidents:

• Computer Forensics Training with open source tools
• Overview of Computer Crime
• Preparing sterile examination media
• Acquisition, collection and seizure of magnetic media.
• Recovering deleted data from a cell phone
• Digital Camera Computer Forensics
• PDA Computer Forensics
• Documenting a “Chain of Custody”
• Understanding Microsoft Windows from a forensics point of view
• Working with NTFS
• Combing Partition table and boot record
• Investigating The Master File Table (MFT)
• Linux/Unix computer forensics
• Investigating data streams
• File storage dates and times
• File deletion/recovery
• Recovering Internet Usage Data
• Recovering: Swap Files/Temporary Files/Cache Files
• Preservation and safe handling of original media
• Making bitstream copies of original media
• Common data hiding techniques
• Examining CD-ROM media
• Carving out files “hidden” in unallocated disk space
• Word document forensics and password cracking
• Issues when presenting data in court
• The marking, storage and transmittal of evidence.
• Use tools such as Encase Forensic Edition, X-Ways Forensic Addition, Forensic ToolKit (FTK), Linux dd, etc.

Required Prerequisites:

• Firm understanding of the Windows Operating System
• Attendees can be anyone involved in the security of information assets: information security officers and managers, network administrators, Windows administrators.
• Desire for computer forensics training 😀

Information Technology professionals are typically in need of on-target security knowledge that they can directly apply to their everyday work. The Enterprise Security Awareness Training for IT Professionals utilizes attention grabbing lectures with hands-on lab work to ensure practical knowledge transfer occurs in the fastest most cost effective manner possible.

The Security Awareness Training for IT Professionals includes the following modules:

• Understanding the Business Driver for Information Security
• Top 10 Information Security Best Practices
• Security Principles for IT System Owners
• Fundamentals of Cryptography
• Understanding Threats: Hackers, Malware and Insiders
• Network Attacks and Remediation Steps
• Host Attacks and Remediation Steps
• Wireless Insecurity and Remediation
• Securing Windows Workstations
• Securing Windows Servers
• Securing Linux/Unix Servers

The Enterprise Security Awareness program leverages a vast store of content and training delivery methods to provide your users with an unparalleled security awareness program.

The program can be comprised of some or all of the following components:

• Instructor-Led awareness sessions from three hours to two days in length.
• Hands-on lab work for technical professionals

Required Prerequisites:

• Intermediate IT Proficiency

The most valuable asset in any organization is the people that make it function on a day-to-day basis. Developing a Security Awareness Program is essential for any organization that seeks to reduce the risk of data loss and theft, assure that information assets are appropriately secured, and meet various regulatory requirements.

The Enterprise Security Awareness program leverages a vast store of content and training delivery methods to provide your users with an unparalleled security awareness program.

The program can be comprised of some or all of the following components:

• Instructor-Led awareness sessions from thirty minutes to two days in length.
• Testing, exam scoring and certification of students.

Compliance modules for Prevention of Electronic Crimes Ordinance 2007 (PECA:2016), Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS), and HIPAA.

Instructor-Led Awareness Sessions

There is no better method of security awareness knowledge transfer than an Instructor-Led Awareness Session. With attention grabbing modules on relevant topics such as phising scams, email security and best practices for remote workers, we ensure that our instructors have the best content and courseware to present. Couple this with live demos of real-world threats and vulnerabilities, as well as concrete remediation steps users can take, the Instructor-Led Awareness sessions hit home with even the most pessimistic user population.

The instructors are considered Subject Matter Experts (SMEs), having experience in many top information security firms and spoken at leading conferences. Additionally, our instructors all know how to manage and engage an audience for maximum participation and knowledge transfer.

Required Prerequisites:

• Basic Computer Skills

Our Lead Implementer Course is designed to provide participants with advanced knowledge of Information Security Practices in light of the popular standard of ISO 27001. The trainers will utilize their experience in the field as well as guidelines from ISO 27002 (17799) to ensure that no question remains unanswered by the end of the third day.

The training is focused entirely on development and implementation of ISMS in an IT oriented organization where information flow is as important as the services provided to its customers.

Not only this, the training also focuses on the two topics that even the standard does not fully cover; Risk Management and Business Continuity Management. This training offers separate modules for both these activities in light of their own best practices and standards.

The training covers all basics that are required to understand the language of ISO Standards and ISMS, therefore professionals belonging to IT Sector who want to thrive in their areas of expertise are encouraged to participate in this event.

The training includes performance workshops and group based exercises which will bring participants closer to the practical experience required to ensure establishment and continuity of a successful ISMS.

The training also provides project management guidelines for implementation of ISMS in an organization.

ISMS

We shall thoroughly review the standard ISO 27001 to understand requirements to establish ISMS and shall dig in deeper through use of ISO 27002 (17799) so that we understand standard’s implementation as well as Auditor’s requirements. The course includes ISMS related updates up till 2010, extracted from other related best practices.

Risk Assessment

We shall study practices that can help you in developing your own method for Risk Assessment and tailored based on the conditions of implementation of ISMS required in your organization.

Business Continuity

The obligations of developing a Business Continuity Plan to ensure running critical operations, is quite high. In this training we shall provide you with all the highs and lows that you need to pass through to make a successful Business Continuity Plan.

The Workshop is Ideal For…

• Project managers or consultants wanting to support an organization in the implementation of an ISMS;
• ISO 27001 auditors who want to master the ISMS implementation process;
• Persons responsible for the information security or conformity in an organization;
• Information security team members;
• Expert advisors in information technology.

This course is intended for technical and programmatic staff involved in the development, analysis, or testing of Information Assurance, Network Warfare, Network-Centric, and NetOPs systems. The course will provide perspective on emerging policy, doctrine, strategy, and operational constraints affecting the development of cyber warfare systems. This knowledge will greatly enhance participants’ ability to develop operational systems and concepts that will produce integrated, controlled, and effective cyber effects at each warfare level.

What You Will Learn:

• What are the relationships between Cyber Warfare, Information Assurance, Information Operations, and Network-Centric Warfare?
• How can a cyber warfare capability enable freedom of action in cyberspace?
• What are legal constraints on cyber warfare?
• How can cyber capabilities meet standards for weaponization?
• How should cyber capabilities be integrated with military exercises?
• How can military and civilian cyberspace organizations prepare and maintain their workforce to play effective roles in cyberspace?
• What is the Comprehensive National Cyber-security Initiative?

From this course you will obtain in-depth knowledge and awareness of the cyberspace domain, its functional characteristics, and its organizational inter-relationships enabling your organization to make meaningful contributions in the domain of cyber warfare through technical consultation, systems development, and operational test & evaluation.

Course Outline:

• Cyberspace as a Warfare Domain.
• Domain terms of reference.
• Comparison of operational missions conducted through cyberspace.
• Operational history of cyber warfare.
• Stack Positioning as a Maneuver Analog.
• Exploring the space where tangible cyber warfare maneuver really happens.
• Extend the network stack concept to other elements of cyberspace.
• Understand the advantage gained through proficient cyberspace navigation.
• Organizational Constructs in Cyber Warfare.
• Inter-relationships between traditional and emerging warfare, intelligence, and systems policy authorities.
• Cyberspace Doctrine and Strategy.
• National Military Strategy for Cyberspace Operations.
• Comprehensive National Cybersecurity Initiative.
• Developing a framework for a full spectrum cyberspace capabilities.
• Legal Considerations for Cyber Warfare.
• Overview of local and international laws for cyberspace.
• Understanding the international Law of Armed Conflict to cyber warfare.
• Decision frameworks and metaphors for making legal choices in uncharted territory.
• Operational Theory of Cyber Warfare.
• Planning and achieving cyber effects.
• Understanding policy implications and operational risks in cyber warfare.
• Developing a cyber deterrence strategy.
• Cyber Warfare Training and Exercise Requirements.
• Understanding of the depth of technical proficiency and operational savvy required to develop, maintain, and exercise integrated cyber warfare capabilities.
• Cyber Weaponization. Cyber weapons taxonomy. Weapon-target interplay. Test and Evaluation Standards. Observable effects.
• Survey of International Cyber Warfare Capabilities. Open source exploration of cyber warfare trends in Pakistan, India, Russia, USA and China.

In the industry, many service providers:

• Equate BCP with DRP (Disaster Recovery Planning)
• Create a BCP to sell DRP hardware and services
• Fail to understand both of the strategic and tactical dimensions of business continuity planning

Our approach is centered on the following principles:

• The BCP should leverage and ultimately enable the organization’s business strategy
• May require DRP as the manifestation of the risk mitigation action, but the BCP is truly business centric (not technology or catastrophe centric)
• Should be created by an objective party with no potential financial gain as a result of selling DRP hardware or software.
• Holistically consider key scenarios that could cause interruption in critical business functions, processes and tasks
• Evaluating risks (probability, impact) and the corporate risk tolerance against mitigation costs and remediation strategies (it is not just about insurance coverage!)

Course Details

The followings are covered in the training course offered by us:

Risk Assessment

• Identify the business risks meaningful to your business with expected probabilities and outcomes
• Provide our subject matter expertise relative to potential risk areas (that have not been identified)
• Present methods for reducing or managing those risks

Prioritization and Strategy Selection

• Develop strategy for addressing each of the prioritized BCP areas
• Work with customers and external regulatory groups to understand and document their requirements
• Discuss options, pros, cons and costs

Gain Consensus/Backup Plan Review

• Review backup mechanisms for each information system and service
• Review staff backup and cross-training in each major business function
• Review supplier alternatives for each major material and service
• Present options for improving

Testing and Maintenance

• Coordinate with internal business subject matter experts to ensure satisfactory test plans are developed
• Document all test scripts
• Coordinate recovery tests and document results
• Review results, present findings, and recommend improvements
• Develop plan for reviewing BCP on a regular basis
• Ensure that BCP is incorporated into future business processes, development, and purchases

At the end of the courses delegates will:

• Be aware of the key features and content of Business Continuity Planning
• Understand the differences between BCP code of practice and DRP, and how to use them to best effect
• Understand how to use the standards to support BCP within their own organization
• Be able to develop a Business Continuity Management system based upon best practices, principles and BS25999
• Understand the benefits and be aware of some of the pitfalls in Business Continuity Management
  Be able to weigh up the likely returns from investment in a range of different planning choices

Pre-requisites

Attendees should have a good understanding of the key functions and operations of their own organization and come prepared to discuss in broad terms some of the risk and performance issues which may affect their business.

Without a doubt, the sophistication and threats caused by malicious attacks have continued to increase at a rapid level. If you plan on responding to a security incident, you must be able to meet the challenges that these sophisticated attackers present. We help you meet the challenges presented by attackers in this hands-on Incident Response class. You will learn effective detection, response, and remediation strategies that will enable you and your organization to properly contain a security incident. This five day class has been specifically designed for technical information technology professionals, targeted at technical responders, who respond to computer security incidents. In this course, you will go over many real-world case studies, and gain the skills you need to respond to incidents via hands-on lab exercises.

A sample of the topics covered in this class are:

• Understanding the methodology of an effective Incident Response process
• Incident Response Phases
• Create working documentation and checklists usable during a real-world response crisis
• Understand the proper incident response process for live compromised Windows and Unix systems
• Learn how to detect and confirm attacks against Windows and Unix systems
• Create a system response toolkit to be used in the heat of a crisis
• Learn how to discover attack signatures in Windows and Unix log files
• Use Log Parser 2.2 to recover critical information from Windows systems
• Understand what volatile evidence is present on a system you must collect and preserver prior to system power down
• Get hands-on experience retrieving and writing to disk memory from suspicious processes
• Detect and remove Win32 Rootkits, LKM Rootkits and Trojaned files
• Discover hidden files files and processes
• Analyze and export data from critical system files in Windows including hiberfil.sys and pagefile.sys
• Learn how to recover deleted or overwritten files from Kernel memory on Unix systems
• Perform basic Reverse Engineering of unknown process and binaries, without having to know assembly language.