Hacking Demo
13 November 2019| Sofia
Our most popular information security and hacking training covers the techniques used by malicious, black hat hackers with high energy lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this training teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You’ll leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking.
The goal of this training is to help you master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or hacking situation.
If the idea of hacking as a career excites you, you will benefit greatly from completing this training. You will learn how to exploit networks in the manner of an attacker, in order to find out how to protect the system from them.
Learn in the most structured, logical way how to start with as little as a website and end up taking full control over your target systems. Step by step we’ll start with extensively profiling your target. All the way to fully compromising it and making sure you maintain your access. The logical flow of the course will make it easy for you to remember how ethical hacks happen.
Training overview:
- Attacking Overview
- Open-Source Intelligence (OSINT) Reconnaissance
- Enumeration (External Recon and Internal Recon)
- Social Engineering Attacks
- Bypassing Windows User Account Control (UAC)
- Powershell For Red Teams
- Lateral Movement
- Network Persistence
- Evasion & Obfuscation
- Data Exfiltration and stealing
- Attacking Linux/Unix Environments
- Attacking ICS/SCADA
- Privilege Escalation
Duration: 8 hours including lunch break and two 15-minutes coffee breaks
Number of attendees: Up to 20 attendees
TARGET AUDIENCE:
Management/C-suite audience, CIO, CISO VP IT, VP Security, Director of IT or Director of Security Managing Principal, Partner, Director, SVP, Attorney, cyber forensic investigator, Global Risk, Manager, IT administrators, Network administrators, Information security officers
PREREQUISITES:
Notebook with internet connection
TARGET AUDIENCE:
Management/C-suite audience, CIO, CISO VP IT, VP Security, Director of IT or Director of Security Managing Principal, Partner, Director, SVP, Attorney, cyber forensic investigator, Global Risk, Manager
PREREQUISITES:
- Awareness or practice in business and corporate architecture
- Notebook with internet connection
Enterprise Security Architecture
13 November 2019| Sofia
A one-day seminar on enterprise security architecture that introduces you to the fundamentals, relationships, necessary principles and overall context for deploying and managing the discipline.
Main objectives
Enterprise security architecture is the art and science of designing and overseeing the construction of business and enterprise systems, a common information system. As a result, the systems are protected against damage, their business use without worry, and support that guarantees the ability to rely on them and is also protected against attacks. It consists mainly of two parts – enterprise risk management strategies + information security management and supervision systems. We know a lot of approaches and recommendations, but it is always an evolutionary process of medium-term / long-term nature with the necessary support for top-down management. The term Business Driven Information Security is also often used to describe the fact that security is an integral and important part of a holistic, proactive business management in all its parts. ESA builds directly on EA (enterprise architecture) and works conceptually on indicators to achieve enterprise goals, missions, services, products and partnerships in a proven and sustainable way.
Combination of Content and Knowledge
- Explanation of the content and importance of enterprise security architecture in a business context
- Description of the dimensions and layers of the enterprise security model
- Reference description of the usual ESA I/O documents from practice
- Matrix knowledge of individual roles – related to architecture, project management, operation
- Practical examples
Duration: 8 hours including lunch break and two 15-minutes coffee breaks
Number of attendees: Up to 20 attendees
Industrial Cyber SecurityHow to protect critical industrial computer infrastructure?
13 November 2019| Sofia
Industrial Cyber Security training will consist of four parts – Industrial Environment Overview, Industrial System Threats, Social Engineering a.k.a. Creating the “Human Firewall”and Applicability of the Industrial Cyber Security Standards – IEC 62443, NERC CIP, NIST SP 800-82.
Introduction to the functionalities and usabilities of industrial control systems and Distribution Control systems will be discussed in the first part. SCADA systems will be also introduced.
Industrial System Threats will be discussed in the second part of the training. Attack vectors of the Industrial Control system are the most dangerous places that shall be analyzed and protected. We will analyze the most common attacks (TriTon Malware, The Marriott Hack, Ransomware attacks, etc.). How these attacks worked?
Last few years has shown that 60% of successful attacks were delivered via Social Engineering practices. Christopher Hadnagy as on of the biggest social engineering specialist said social engineering is: “The Art of the Human Hacking”. Protect your system from the most vulnerable fact, which is “human” itself. Introducing the social engineering practices and phishing emails can mitigate the risk for the attack itself.
“How to use Industrial Security Standards”? Requirements of these industrial cyber security standards we can create a plan, how to mitigate the risks in our environment.
Duration: 8 hours including lunch break and two 15-minutes coffee breaks
Number of attendees: Up to 20 attendees
TARGET AUDIENCE:
- Industrial Security Experts
- IT/OT Managers
- ICS/DCS Engineers
- IT/OT Admins, IT/OT Specialists
PREREQUISITES:
- IT Networking basics
- Notebook with internet connection