• Goa'17
  • Training
  • Advanced Infrastructure Security Assessment Training

Advanced Infrastructure Security Assessment Training

Abhisek Datta & Omair

Trainer Name: Abhisek Datta & Omair
Title: Advanced Infrastructure Security Assessment Training
Duration: 3 Days
Dates: 28th Feb - 2nd March

Objective

Security systems have been improving and becoming more complex, so have the hacking techniques. But our le arning have not changed. Every successful hacks penetrating our Infrastructure has to evade through multiple layers of security in a perfect sequence, but we learn security and attack methods as isolated concepts, which won’t work in Real World. The Best Defence comes with the Best understanding of the Attack Techniques. And that is the reason we have created this unique Training giving you deep understanding of the classic to latest Hacking Techniques.

How do we do that? Our hands on lab and scenario driven Training ensures you get first-hand experience to explore the vulnerabilities, craft exploits and carry out the attacks, and learn all the possible places where & how the security needs to be. This course is delivered by the people who have been testing Infrastructure security, creating security systems and writing exploits for decades before teaching the art of Infrastructure hacking.

    The course is broadly divided in four categories:

  • Introduction to Infrastructure Penetration Testing
    1. Covering various tools and techniques to gather as much information as possible about the target.
  • Vulnerabilities and exploits
    1. This section will cover details about server and client side vulnerabilities and exploits. We will also discuss about post exploitation techniques to gain higher privileged and pivoting.
  • Exploiting Corporate Networks
    1. Hands-on scenario with real life example how to exploit various infrastructure components. We will cover Window, Linux and Web based vulnerabilities and exploits with hands-on session.
  • Hacking contest to exploit infrastructure - Capture the Flag
    1. Half day capture the flag contest to exploit dummy e-commerce based and web blog based infrastructure.

Course Details

Day 1 – Introduction to Infrastructure Penetration Testing
  • Information Gathering and Vulnerability Analysis
  • Components of an Exploit
  • Introduction to Shellcode
  • Server Side Exploitation
  • Client Side Exploitation
  • Auxiliary Scanner Module
  • Post Exploitation:
  • Pivoting
  • Privilege Escalation
  • Exploiting complex scenarios using Metasploit Framework
  • Generating custom payloads using Metasploit Framework
Day 2 –Exploiting Corporate Networks
  • Hacking enterprise Web Applications for Internal Network Access
  • Information Gathering using Network Monitoring Solutions
  • Attacking Windows domain controller
  • Attack Unix servers
  • Privilege escalation on Windows Domain environment
  • Privilege escalation on Unix environment
  • Password cracking for Windows and Linux environment
  • Attacking DNS Servers: DNS Cache Poisoning
Day 3 – Web Application Attacks
  • Exploiting SQL Injection
  • Exploiting Local/Remote File Inclusion
  • Exploiting OS Commanding
  • Hacking Scenario - CTF
  • Attacking (custom) CMS application
  • Attacking E-Commerce Infrastructure
  • Attacking Web Blog Infrastructure

Who should attend?

  • This training is useful for:
    1. System Administrator
    2. Developer
    3. Security Enthusiasts
    4. Anyone interested in penetration testing

What to expect?

  • Exposure to infrastructure Penetration Testing tools and techniques.
  • Exploiting enterprise network.
  • Live real-life scenarios.
  • Multi vector attacks.
  • Exploiting configuration vulnerabilities.
  • Custom Capture the Flag (CTF) to test skills.

Prerequisites

  • Experience in networking, system administration and workstation setup.
  • The participants are expected to have a basic knowledge of Application and Network protocol.
  • Familiarity in developing or testing Web Applications.
  • Familiarity with vulnerability assessment.
  • Familiarity with a scripting language such as Perl/Python/Ruby (optional).

What to Bring?

  • A laptop with administrator privileges.
  • 50 GB of free Hard Disk Space.
  • 4 GB of RAM.
  • Laptop should have a working wired/Ethernet (Preferred) and wireless connection.
  • VM Player or VMWare Workstation installed

Trainers Profile

Abhisek Datta is a Security Researcher and Consultant with over 10+ years of experience. His core area of expertise includes Penetration Testing, Vulnerability Analysis, Exploit Development, Reverse Engineering & Malware Analysis and Source Code Review. He has been involved in multiple high profile Reverse Engineering and Penetration Testing projects in the past for clients in India and abroad. He has multiple CVE’s under his name for reporting vulnerabilities in various products. Some of latest CVE’s reported by him CVE-2014-4117, CVE-2015-0085, CVE-2014-6113, CVE-2015-1650, CVE-2015-1682, CVE-2015-2376, and CVE-2015-2555.

He is involved in setting up a Security Research Team & Operations from scratch and leading the team in vulnerability research and security tool development projects. He has worked with various enterprise customers including NSDL, Vodafone, TCS, MakeMyTrip, Web18, CRISIL, nRuns, Deutsche Bank etc.

Omair has over eight years of experience in penetration testing, vulnerability assessment and network security. He has been responsible for maintaining a secure network for mission critical applications. His area of work includes Vulnerability Assessment, Security Audits, Penetration Test, Source Code Reviews and Trainings.

He was led penetration tester for various clients in the telecom, retail, government and banking sector based in India, Saudi, Morocco, Mauritius, UAE, Kuwait, Oman and Bahrain with a team size varying from 5-8 members.

He has also published security advisories pertaining to various vulnerabilities in commonly used software like Excel, Real Player, Internet Explorer and Chrome. His area of expertise includes Vulnerability Research, Reverse Engineering and Fuzzing. Some of the latest CVE’s reported by him CVE-2015-1240, CVE-2015-1668, CVE-2015-0043, CVE-2015-0042, CVE-2014-4128, CVE-2014-6354, CVE-2014-4145, CVE-2014-4050, CVE-2014-1772, CVE-2014-0313, and CVE-2014-0263.

Omair has various industry certification under his name.

OSCP Offensive Security Certified Professional

CEH Certified Ethical Hacker

RHCE Red Hat Certified Engineer

VCP VMware Certified Professional

JNCIS-JES Juniper Networks Certified Internet Specialist, Enhanced Services

JNCIA-EX Juniper Networks Certified Internet Associate, Enterprise

IBM IBM Certified System Expert - System x Blade Centre Technical Switching Support V5

IBM IBM System x Technical Principles V9

HP Accredited Platform Specialist - Proliant ML/DL Servers

Copyright © 2018-19 | Nullcon India | International Security Conference | All Rights Reserved