Technical Trainings

This is an immersive hands-on course that simulates a full-scale enterprise attack scenario. It allows students to assess the situation at every stage of a complex multi-layered penetration test and teaches them multiple ways to identify, enumerate, exploit and compromise an organisation. more…

The In & Out – Network Data Exfiltration Techniques [RED edition] training class has been designed to present students modern, emerging tools and techniques available for network data exfiltration, testing and bypassing DLP/IDS/IPS/FW systems, protocol tunneling, hiding, pivoting and generating malicious network events. Highly technical content and only a hands-on practical approach guarantees that the usage of this transferred knowledge & technologies in real production environments will be easy, smooth and repeatable. more…

This training provides the latest information on SAP specific attacks and remediation / protection activities, starting with an introduction to SAP (No previous SAP knowledge is required). You will learn through several hands-on exercises and demos, how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform. more…

This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.
The training begins with a detailed view of Continuous Application Security, through Application Security Automation with SAST, DAST, SCA, IAST and RASP. We will focus on real-world tools and techniques to automate application security tooling in a CI/CD pipeline. Including a deep-dive of several popular Test Automation Frameworks like Tavern, ThreatPlaybook, Robot Framework and Selenium that can be leveraged extensively to parameterize application security tests with test automation scripts. All of this expertise will go into actually “building” security pipelines that can be integrated into the organization’s DevOps processes. more…

This course provides an introduction to the tools and methodologies used to perform malware analysis on scripts and executables, in Windows systems. Students will expose on how to analyze the functionality of a malicious script, debugging executables and observing malware functions. more…

New generation malware and attacks have been targeting ICS and systems causing huge monetary and human life losses. ICS system still vulnerable in nature because it’s poorly understood. Penetration testing on ICS systems is a very niche field which requires in-depth knowledge and has a huge dependency in terms of the Hardware availability. In this course, will concentrate on methodologies to conduct penetration testing of commercial Hardware devices such as PLCs as well as simulators and also provide an excellent opportunity for participants to have hands-on experience on Penetration Testing of these devices and systems.. more…

The course introduces students to exploit development in MIPS processor architecture. Exploit development on MIPS processor hasn’t seen the attention that other architectures such as x86 and ARM got. With the growing IoT devices, we have been seeing many embedded devices with MIPS architecture along side ARM. Exploit development is getting harder and harder with exploit mitigation techniques in place… more…

This 2-days course pack with a hands-on focus on the phase after getting access on a target, the phase that not usually be the case in a traditional vulnerability assessment and penetration test. There are 2 mains topics to be discussed during this course and they are Privilege Escalation and Data Exfiltration. On each topic, facilitators will help the participants to gain an understanding of the concept of both. Various method in performing both privilege escalation and data exfiltration will be discussed throughout this course. Participants will be provided with access to both cloud-based lab and virtual machine, which is to be deployed locally. These target systems will be the practice for the hands-on exercises during the session. These practical exercises will help the participants to obtain the first-hand experience in performing privilege escalation and data exfiltration, in a controlled environment. more…

The course focuses on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers. The course aims to equip the attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.
In addition, it will also cover web vulnerabilities within the OWASP Top 10 – 2017, taught using real world case studies, demonstrations and hands on exercises. The modules are designed to drive home the concept of building applications securely, irrespective of the technology or platform. more…

During the training, attendees will learn the latest techniques to assess mobile applications and best practices to build secure mobile apps. With the experience of writing the book Hacking Android and making several online tutorials about Mobile Security, the trainers have designed the course in such a way that the attendees not only learn the most common techniques, but also get a taste of few edge cases. more…