Home About
Services
Consulting and Expertise Security Management Security Governance Business Continuity Security Awareness
Formations
SECURITE OFFENSIVE - ETHICAL HACKING
Cybersecurity Awareness Hacking & Security: Fundamentals Hacking & Security: Advanced Hacking & Security: Expert Certified Ethical Hacker v10 Penetration Testing: Audit Simulation Web Site Audit Social Engineering and Countermeasures Conducting a Security Audit: SI Audit Method Certified Web Application Security Pentester Python for Pentesting Advanced Exploitation with Metasploit Certified of Cloud Security Knowledge Intelligent Android Application Testing Computer Hacking Forensic Investigator v9
INFORENSIQUE
Computer Hacking Forensic Investigator v9 Advanced Forensic Analysis and Incident Response Mobile Device Forensics
MANAGEMENT
ISO 27001: Certified Lead Implementer ISO 27001: Certified Lead Auditor ISO 27005: Certified Risk Manager ISO 27005: Certified Risk Manager + EBIOS Method Certified Information Systems Auditor Certified Information Systems Security Professional Certified Data Protection Officer Certified Information Security Manager ISO 31000: Certified Risk Management ISO/IEC 22301 Certified Lead Auditor ISO/IEC 22301 Certified Lead Implementer ISO/IEC 27032 Certified Cybersecurity Manager ISO/IEC 27034 Certified Lead Auditor ISO/IEC 27034 Certified Lead Implementer ISO/IEC 27035 Lead Incident Manager Certified Lead Pen Test Professional ISO 9001 Certified Lead Auditor ISO 9001 Certified Lead Implementer
SECURITE DEFENSIVE
Android Device Security Awareness >Linux Security Windows Security Network Security Technology Watch Security SIEM Implementation Secure Web Development: Python Session Secure Web Development: PHP Session
Team Contact

Language

FR EN AR
Home / Training / Hacking & Security: Expert v4

Hacking & Security: Expert v4

Become an expert in offensive security with advanced scenarios and in-depth vulnerability analysis.

Offensive
Pentest
Expert

Objective

This course will allow you to acquire a high level of expertise in the field of security by performing various complex attack scenarios. This training also focuses on in-depth vulnerability analysis. This training is particularly intended for consultants, administrators, and developers who want to be able to perform advanced technical tests during their penetration tests on internal or external systems, or to apply appropriate security solutions to their IS.

Specific objectives:

  • Acquire a high level of expertise in the field of security by performing various complex attack scenarios

Prerequisites

  • Having followed the HSA training is strongly recommended
  • Be comfortable using standard pentesting tools (Kali)

General Information

  • Code: HSE
  • Duration: 5 days
  • Schedule: 8:30 AM - 5:30 PM
  • Location: Training Center, Centre Urbain Nord

Target Audience

  • CISO, IT Directors
  • Security Consultants
  • Engineers / Technicians
  • System/Network Administrators/Developers

Resources

  • Course materials
  • 40% demonstration
  • 40% theory
  • 20% practical exercises

Training Program

  • Days 1 & 2
    • Network
    • Scanning techniques
    • Different types of scans
    • Customizing flags
    • Packet-trace
    • Using NSE Scripts
    • Filtering detection
    • Error messages / Traceroute
    • Nmap outputs
    • Firewalking with NSE Firewalk
    • Infrastructure plan
    • Issues / Mistakes to avoid
    • Defense elements
    • Packet crafting
    • Basic commands
    • Reading packets from a pcap
    • Creating and sending packets
    • Packet sniffing
    • Exporting to pcap format
    • Exporting to PDF format
    • Packet filtering with filter
    • Modifying packets via scapy
    • Scapy fuzzing tools
    • Creating tools using Scapy
    • Communication hijacking
  • Day 2 (continued)
    • System
    • Metasploit
    • Attacking a remote service, a client, and bypassing antivirus
    • Attacks targeting Internet Explorer, Firefox
    • Attacks targeting Microsoft Office suite
    • Generating Meterpreter binary
    • AV bypass (killav.rb, encryption, padding, etc.)
    • Using cmd/Privilege escalation
    • MultiCMD, attacking 5 sessions or more
    • Filesystem manipulation
    • Sniffing / Pivoting / Port Forwarding
    • Attacks via malware
    • Attacking a Microsoft network
    • Architecture / PassTheHash
    • Token theft (impersonate token)
    • Rootkit
  • Day 3
    • Web
    • Discovering the infrastructure and associated technologies
    • Searching for vulnerabilities
    • Server side (searching for credentials, injection vectors, SQL injection)
    • File injection
    • Session issues
    • Web Service
    • Client side (Clickjacking, XSS, CSRF)
  • Day 4
    • Linux shellcoding
    • Linux shellcoding
    • From C to assembly
    • Removing NULL bytes
    • Executing a shell
    • Advanced Buffer Overflow on Linux
    • Presentation of standard methods
    • Overwriting variables
    • Controlling EIP
    • Executing shellcode
    • Presentation of ROP and bypass techniques for the latest protections
    • ASLR / NX / PIE / RELRO
  • Day 5
    • Final practical exercise
    • Applying the acquired knowledge

Do not hesitate to contact our experts for any additional information, study, and free calculation of an audit service.

Information security is essential for any company that must protect and enhance its information assets.

Contact Us