Overview

Attackers are becoming more clever and their attacks more complex. To keep up with the latest attack methods, you need a strong desire to learn, the support of others, and the opportunity to practice and build experience. This course provides attendees with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

Learning Outcomes

The course will prepare you to:
  • Perform fuzz testing to enhance your company's SDL process
  • Exploit network devices and assess network application protocols
  • Escape from restricted environments on Linux and Windows
  • Test cryptographic implementations
  • Model the techniques used by attackers to perform 0-day vulnerability discovery and exploit development
  • Develop more accurate quantitative and qualitative risk assessments through validation
  • Demonstrate the needs and effects of leveraging modern exploit mitigation controls
  • Reverse-engineer vulnerable code to write custom exploits

Who should Attend?

  • Network and Systems Penetration Testers
  • Incident Handlers
  • Application Developers
  • IDS Engineers

Eligibility Criteria

  • Experience with programming in any language is highly recommended. At a minimum, students are advised to read up on basic programming concepts. Python is the primary language used during class exercises, while programs written in C and C++ code are the primary languages being reversed and exploited. The basics of programming will not be covered in this course, although there is an introductory module on Python.
  • You should also be well versed with the fundamentals of penetration testing prior to taking this course. Familiarity with Linux and Windows is mandatory. A solid understanding of TCP/IP and networking concepts is required.
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme.
To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page


Information is accurate as of 11 August 2020