• Goa'18
  • Training
  • Advanced Infrastructure Security Assessment Training

Advanced Infrastructure Security
Assessment Training

Abhisek Datta & Omair

Register Now
Abhisek Datta Omair

Trainer Name: Abhisek Datta & Omair
Title: Advanced Infrastructure Security Assessment Training
Duration: 3 Days
Dates: 27th Feb - 1st March 2018

Training overview

Security systems are improving and becoming more complex, so are the hacking techniques. Every successful hack penetrating network infrastructure has to evade through multiple layers of security in a perfect sequence. But we learn security and attack methods as isolated concepts, which does not work in real world. The best defence comes with the best understanding of the attack techniques and that is the reason we have created this unique training offering deep understanding of conventional as well as latest infrastructure hacking techniques.

The training is organised primarily in terms of scenarios where participants are required to attack and compromise one or more systems in the scenario. The objective is to teach approach and impart experience to handle an infrastructure security assessment exercise. The hands-on nature of the training requires prior knowledge and experience of basic penetration testing techniques.

Content

  • Introductory Concepts
    • Information Gathering and Recon Techniques
    • Metasploit Framework
      • Payload Generation and Encoding with msfvenom
      • Meterpreter
      • Pivoting
  • Linux Server Exploitation
  • Windows Server Exploitation
  • Mac OSX Exploitation
  • Web Application Exploitation
    • OS Command Injection
    • XXE
    • SQL Injection Exploitation for shell access
  • Introduction to Fortinet / Cisco Firewall exploits
  • Attack Scenarios
    • Exploiting Windows Domain Controller Environment
    • Exploiting Linux Server and Pivoting to Internal Network
    • Oracle Database Server Enumeration and Exploitation
    • SMB Server Configuration Vulnerability Exploitation
    • Wordpress Custom Plugin Exploitation
    • E-Commerce Application Exploitation
    • Enterprise Application Exploitation

Prerequisites

  • Experience with vulnerability assessment and penetration testing.
  • Familiarity with web application security vulnerabilities.
  • Basic knowledge of TCP / IP network protocol.
  • Familiarity with virtualization tools like VMware / VirtualBox

What to expect

  • Exposure to infrastructure penetration testing tools and techniques.
  • Exploiting enterprise network.
  • Live real-life scenarios.
  • Multi vector attacks.
  • Exploiting configuration vulnerabilities.
  • Capture the Flag (CTF) to test skills.

What to bring

  • A laptop with administrator privileges.
  • Minimum 50 GB of free hard hisk space.
  • Minimum 4 GB RAM for virtual machines.
  • Laptop should have a ethernet and wifi capability.
  • VM Player or VMWare Workstation installed.

About the trainer

Abhisek Datta

Abhisek Datta is a Security Researcher and Consultant with over 10+ years of experience. His core area of expertise includes Penetration Testing, Vulnerability Analysis, Exploit Development, Reverse Engineering & Malware Analysis and Source Code Review. He has been involved in multiple high profile Reverse Engineering and Penetration Testing projects in the past for clients in India and abroad. He has multiple CVE's under his name for reporting vulnerabilities in various products. Some of CVE's reported by him CVE-2014-4117, CVE-2015- 0085, CVE-2014-6113, CVE-2015-1650, CVE-2015-1682, CVE-2015- 2376, and CVE-2015-2555.

At present he heads the technology team at Appsecco Consulting Pvt. Ltd. and is responsible for security tools develoment and process automation.

Omair

Omair has over eight years of experience in penetration testing, vulnerability assessment and network security. He has been responsible for maintaining a secure network for mission critical applications. His area of work includes Vulnerability Assessment, Security Audits, Penetration Test, Source Code Reviews and Trainings.

He was led penetration tester for various clients in the telecom, retail,government and banking sector based in India, Saudi, Morocco,Mauritius, UAE, Kuwait, Oman and Bahrain with a team size varying from 5-8 members.

He has also published security advisories pertaining to various vulnerabilities in commonly used software like Excel, Real Player, Internet Explorer and Chrome. His area of expertise includes VulnerabilityResearch, Reverse Engineering and Fuzzing. Some of the latest CVE's reported by him CVE-2015-1240, CVE-2015-1668, CVE-2015-0043, CVE-2015-0042, CVE-2014-4128, CVE-2014-6354, CVE-2014-4145, CVE-2014-4050, CVE-2014-1772, CVE-2014-0313, and CVE-2014-0263.

Omair has various industry certification under his name.

  • OSCP Offensive Security Certified Professional
  • CEH Certified Ethical Hacker
  • RHCE Red Hat Certified Engineer
  • VCP VMware Certified Professional
  • JNCIS-JES Juniper Networks Certified Internet Specialist, Enhanced Services
  • JNCIA-EX Juniper Networks Certified Internet Associate, Enterprise
  • IBM Certified System Expert - System x Blade Centre Technical Switching Support V5
  • IBM IBM System x Technical Principles V9
  • HP Accredited Platform Specialist - Proliant ML / DL Servers

Copyright © 2017-18 | Nullcon India | International Security Conference | All Rights Reserved