Kurs:
Computer security, the „Dark side“ view
Srednji
24 časa
Materijali sa predavanja
Sertifikat o pohađanju kursa
Zašto ovaj kurs?
Ovaj kurs uvodi polaznike u svijet etičkog hakovanja. Počinje sa razumijevanjem protokola, alata, umrežavanja i uobičajenih vektora napada na mreže, operativne sisteme i aplikacije. Nastavlja se dodatnim predavanjima koja pružaju perspektivu napadača i odbrambene strategije, uključujući nekoliko demonstracija napada sa detaljnim objašnjenjima. Kako bi se shvatio proces hakovanja i njegove implikacije, kratko će se razgovarati o upravljanju rizikom, budući da se obično smatra osnovom bezbjednosti. Pregledaće se faze hakovanja, uključujući cyber kill chain i mikro segmentaciju. Koncept i upotreba testiranja proboja će biti objašnjeni kao važan alat za poslovni svijet u cilju smanjenja izloženosti hakovanju.
Polaznici će naučiti o mrežnim protokolima, MitM (Man-in-the-Middle) napadima, Windows autentifikaciji i napadima, kao i osnovama Linux operativnog sistema, autentifikaciji i napadima na Linux.
Kurs će biti zaključen uvodom u bezbjednost web aplikacija, WiFi bezbjednost i odgovarajuće koncepte hakovanja.
Kome je namijenjen ovaj kurs?
Kurs Computer security, the „Dark side“ view namijenjen je mrežnim administratorima, tenhičarima, inženjerima, ali i svakome ko ima bilo kakve admin privilegije kako bi se mogao odbraniti od različitih vrsta napada.
Poželjno predznanje su osnove administracije Linux ili Windows operativnih sistema kao i osnove poznavanja mreža.
Dodatna napomena:
Ovaj kurs nije moguće pohađati online.
Plan i program kursa:
1. Security concepts
In this short, introductory module participants will learn about basic security concepts such as the CIA and DAD triangle, Defense in depth, etc.. Current risks and threats will be discussed too.
2. Essential terminology
In this module participants will learn more about essential security terms. That includes X-teaming (focusing on the blue/red/purple team) as well as the data protection concepts in all states (@rest, in-transit and in-use). Participants will also learn about zero-trust model and SDP (Software Defined Perimeter).
3. Risk management basics
In this module, basic risk management concepts will be reviewed, and qualitative and quantitative risk management process will be explained. Importance of the Risk management in the business environment will be covered, as well as the options for organizations to deal with the risks they are exposed due to the cyber threats. Additionally, the threat modeling will be introduced as a concept, including the GRC (Governance, Risk Management and Compliance), security policies and audits.
4. Hacking phases
Participants will learn about hacking methodology (reconnaissance, scanning, gaining access, maintaining access, covering tracks). Attack demonstrations will provide 360-degree perspective on the hacking process, showing the initial compromise through vulnerable application, and then using the compromised computer as a pivot to compromise the entire organization including the AD (Active Directory).
5. Penetration testing
This module reviews the attacks conducted by professional penetration testers, including the penetration testing purpose and phases (they are slightly different from hacking phases, and yet, almost the same). Besides that, responsibilities of both the penetration testers and customers, including the risks that arise from conducting the penetration test, will be discussed. Anonymized penetration testing report will be shared with the delegates to provide an insight into the type of vulnerabilities that can be identified during the penetration testing projects.
6. Network basics and MitM attacks
Participants will learn about the basic networking concepts required for understanding of the network sniffing and MitM attacks. The OSI and TCP/IP models will be discussed, and how the data is moving from one computer to another. It will be then followed by the insight into MitM attacks and respective entry points, like ARP spoofing (IPv4). During the attack demonstration, Wireshark and Network miner will be used to analyze the traffic, while Bettercap tool will be used to create the MitM attacks including the attacks on HTTPS protocol.
7. Authentication and Windows/Linux passwords attacks
Protocols, tools and techniques used for authentication and authorization on both, Windows and Linux, are in the focus of this module. Participants will learn how to create good passwords and how to crack the password using dictionary, brute force and pre-calculated hashes attacks. Authentication methods will be defined including the biometrics and dongle-based authentication. The structure of both, Windows and Linux password storing will be defined. During the attack demonstrations, participants will have an opportunity to learn how to reset domain administrator password, local Windows, and Linux passwords.
8. WEB application attacks
Participants will learn about web technologies mostly used today and HTTP protocol. Some of the web application attacks will be reviewed too, like SQL injection, XSS, parameter tampering and directory traversal. Attack demonstrations will be performed using the tools like Burp and Zap. This module is an introduction to “Web application (in)security” course.
9. Wi-Fi attacks
Use of wireless connectivity is constantly increasing. However, networks are usually unsafe. This module covers Wi-Fi security concepts and options that are available to hack WEP, WPA, WPA2 and WPA3 protocols.
SERTIFIKACIJA
- Polaznicima pripada sertifikat o pohađanju kursa Computer security, the „Dark side“ view za ostvarenih minimalno 70% prisustva od ukupnog fonda časova
1050,00 KM
Cijena je bez PDV-a.
Cilj kursa je da naučiš
Osnovne koncepte sigurnosti
Upravaljanje rizicima i kvalitativni i kvantitativni pristup procjeni rizika
Faze hakovanja i kako sprečiti napade korišćenjem cyber kill chain
Svrhu i faze penetracijskog testa
Windows autentikacije i lozinke i drugi Windows napadi
Odgovor na napade WEB aplikacija
Šta dobijam?
Pristup kursu u trajanju od 24 časa
Materijale sa predavanja
Sertifikat o pohađanju kursa ukoliko polaznik bude prisutan na minimalno 70% predavanja
Detaljne informacije
Veljka Mlađenovića bb
Banja Luka
(krug Poslovne zone Incel)
Možda te zanima
Kurs
3200 KM
Srednji
40 časova
Termin u pripremi
Radionice
450 KM
Početni
32 časa
13. maj 2024.
Program obuke
1980 KM
Srednji
80 časova
Termin u pripremi