March 10, 2020(Tue) - March 11, 2020(Wed)Penetration testing for Basic Infrastructure
- NotSoSecure -
Dates | March 10, 2020(Tue) - March 11, 2020(Wed) |
---|---|
Time | 09:00-17:00 |
Venue | NANO OPT Media Conference Room (SHINJUKU L-TOWER 12F) MAP |
Capacity | 30 |
Price ※Including lunch for 2 days |
Early Bird Discount(Deadline: November 29, 2019(Fri)):¥180,000(+tax) |
Price :¥250,000(+tax) |
Course details
This class introduces the attendees with a wealth of hacking tools and techniques crucial in getting started in this dynamic field of hacking.
The class begins with laying a foundation for everyone by discussing the basic concepts and gradually builds up to the level where attendees not only use the tools and techniques to hack various components involved in infrastructure hacking, but also walk away with a solid understanding of the concepts on how these tools work and therefore ready to face the real world.
Class Outline
-
Module 1
- TCP/IP Basics
- The Art of Port Scanning
- Target Enumeration
- Brute-Forcing
- Metasploit Basics
- Password Cracking
- Hacking Recent Unix Vulnerabilities
- Hacking Databases
- Hacking Application Servers
- Hacking Third Party Applications (WordPress, Joomla, Drupal)
- Windows Enumeration
- Hacking Recent Windows Vulnerabilities.
- Hacking Third Party Software (Browser, PDF, Java)
- Post Exploitation: Dumping Secrets
- Hacking Windows Domains
Infrastructure Basics:
Module 2
Hacking Unix, Databases and Applications:
Module 3
Hacking Windows:
Trainer
- Anant Shrivastava
- [Background]
An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra,
Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including
Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.
[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.
[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.
[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.
◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting
◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack
◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec
◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017
Who Should Attend
- Security enthusiasts
- Anybody who wishes to make a career in this domain and have some knowledge of network and applications
- System Administrators
- SOC Analysts
- Network Engineers
- Penetration Testers who are wanting to level up their skills
Benefits
- Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
- Numerous scripts and tools will also be provided during the training, along with student hand-outs.
- A certificate of attendance
Prerequisites
The only requirement for this class is that you must bring your own laptop and have admin/root access on it.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there.
We also provide a dedicated Kali VM to each attendee on the hacklab.
So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!
ContactTraining Steering Committee (Inside NANO OPT Media, Inc.)
March 12, 2020(Thu) - March 13, 2020(Fri)Advanced Infrastructure Hacking 2019 Edition
PART 2
- NotSoSecure -
Dates | March 12, 2020(Thu) - March 13, 2020(Fri) |
---|---|
Time | 09:00-17:00 |
Venue | NANO OPT Media Conference Room (SHINJUKU L-TOWER 12F) MAP |
Capacity | 30 |
Price |
Early Bird Discount(Deadline: November 29, 2019(Fri)):¥230,000(+tax) |
Price :¥300,000(+tax) |
Course details
Advanced Infrastructure Hacking class is designed for those who wish to push their knowledge.
Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities
in your environment, understanding advanced hacking techniques is critical.
This class teaches the audience a wealth of advanced penetration testing techniques, from the neat, to the new, to the ridiculous, to compromise modern Operating Systems, networking devices and Cloud environments.
From hacking Domain Controllers to local root, to VLAN Hopping, to VoIP Hacking, to compromising Cloud account keys, we have got everything covered.
Class Outline
-
Module 6: Hacking *nix
- Enumeration
- AppLocker / Bypasses
- Privilege Escalation
- Post Exploitation
- Active Directory Delegation
- Lateral Movement
- Persistence Techniques
Module 7: Container Technologies (Docker & Kubernetes)
Module 8: VPN Hacking
Module 9: VoIP Hacking
Module 10: VLAN Hacking
Module 11: Cloud Pentesting
Trainer
- Anant Shrivastava
- [Background]
An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra,
Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including
Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.
[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.
[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.
[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.
◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting
◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack
◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec
◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017
Who Should Attend
-
System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed.
Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.
The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.
Benefits
- Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
- Numerous scripts and tools will also be provided during the training, along with student hand-outs.
- A certificate of attendance
Prerequisites
The only requirement for this class is that you must bring your own laptop and have admin/root access on it.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there.
We also provide a dedicated Kali VM to each attendee on the hacklab.
So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!
ContactTraining Steering Committee (Inside NANO OPT Media, Inc.)
March 16, 2020(Mon) - March 17, 2020(Tue)Cloud Hacking
- NotSoSecure -
Dates | March 16, 2020(Mon) - March 17, 2020(Tue) |
---|---|
Time | 09:00-17:00 |
Venue | NANO OPT Media Conference Room (SHINJUKU L-TOWER 12F) MAP |
Capacity | 30 |
Price |
Early Bird Discount(Deadline: November 29, 2019(Fri)):¥180,000(+tax) |
Price :¥250,000(+tax) |
Course details
Whether you are an Architect, Developer, Penetration Tester, Security or DevOps Engineer or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques and how to protect yourself from them is critical.
This class covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pen test / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.
Class Outline
- Introduction to Cloud Computing
- Why cloud matters
- How cloud security differs from conventional security
- Types of cloud services
- Legalities around attacking / pen testing cloud services.
- Understanding the Attack Surfaces of various Cloud offerings, such as IaaS, PaaS, SaaS, FaaS
- Exploiting serverless applications
- Owning cloud machines
- Attacking cloud services such as storage service or database services
- Examples and case studies of various cloud hacks
- Privilege escalation (horizontal and vertical) and pivoting techniques in cloud
- Obtaining persistence in cloud
- Exploiting dormant assets: Id's, services, resources groups, security groups and more
- Cloud Infrastructure Defence
- Monitoring and logging
- Benchmarks
- Auditing Cloud Infrastructure (Manual and automated approach)
- Base Images / Golden Image auditing for Virtual Machine / Container Infrastructure
- Preventive measures against cloud attacks
- Host-based Defence
- Using Cloud services to perform defence
- Ending CTF to reinforce the learning
Trainer
- Anant Shrivastava
- [Background]
An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra,
Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including
Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.
[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.
[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.
[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.
◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting
◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack
◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec
◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017
Who Should Attend
-
System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed.
Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.
The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.
Benefits
- Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
- Numerous scripts and tools will also be provided during the training, along with student hand-outs.
- A certificate of attendance
Prerequisites
Students must bring their own laptop and must either be able to launch a Docker Container provided by us, which includes all tools required for the class, or have root/admin access and be comfortable installing command line tools and downloading and building tools from source on GitHub, such as AWS CLI and Nimbostratus and more tools.