PENTESTING WITH OPEN SOURCE TOOLS 

This is a program designed to provide participants with the tools and techniques necessary for them to act as ethical pentesters or hackers in an organization, or even for those curious about the world of Information Security, who wish to understand how in the real world a malicious attacker can take control of their information; This course has the advantage of dealing with advanced topics from a practical point of view.

Objectives:

This course seeks to make an approach of the people who are in the world of the Computer science towards the world of the Hackers, so that they understand and put in practice the methods, mechanisms, tools and to take action on their attackers and from this perspective to be able to improve their schemes of protection, security and defense.

Pre-requisites:

Students must have a background in TCP/IP, Networks and Operating Systems of Microsoft and Linux

Modules:

1. Recognition and fingerprinting.
2. Scanning of Ports and Services.
3. Listing and Analysis of Vulnerabilities.
4. Scripting
5. Device and service hacking.
6. Malware use.
7. Evasion an persistence techniques.
8. Wireless attacks.

PENTESTING IN WEB ENVIRONMENTS

Our websites are permanently attacked by multiple actors and this is a reality that we see reflected in the security events (logs) of our Firewalls.  

In addition, many times we do not care enough to protect the existing information on our servers, leaving vulnerabilities that could be exploited by a potential attacker.

Breaking techniques are usually used to recover system passwords. Attackers use password cracking techniques to gain unauthorized access to the vulnerable system.

For web application developers, it is a constant challenge to achieve a degree of assurance, so that the risk reaches an “acceptable” level, which is what is normally sought within all assurance frameworks, ISMS, standards, COBIT, etc.

Objectives:

The objective of this training is to show the participant, from an attacker’s perspective, which are the vulnerabilities, weaknesses or failures that are sought to achieve a successful attack. In this course we will deal with many topics ranging from vulnerabilities in code, to errors in file formats, to manipulation of variables in memory.

Pre-requisites:

To have taken the Pentesting course with OpenSource Tools.

Modules:

1. Searching techniques.
2. Exhibition / divulgation.
3. Attacks on Sessions and Credentials.
4. Attacks from the WEB.
5. Source Vulnerabilities.
6. Attacks Against End Users.
7. Denial of service.
8. SSL and TLS attacks.

PENTESTING IN MOBILE DEVICES

Each one of us wants to take our office with us, and in fact we do, we carry it in our cell phones, e-mail, our agenda, instant messaging, and any other application that may be useful for our daily life… but: do we really know what happens behind our cell phone screen? Do we know if someone is able to track our exact location, thanks to those “applications” or “apps” that we have installed? Do we know if someone is able to listen to our calls or see our messages remotely? These and many other questions are what we try to solve in this training.

Objectives:

The aim of this course is to give students the necessary skills to be able to perform penetration tests on various types of mobile devices, such as smartphones, tablets, and more, that are connected to the Internet.

Pre-requisites:

Students must have a solid foundation in Computing, Networks and Operating Systems. It is recommended to have taken both the Basic and Advanced Pentesting courses.

Modules:

1. Concepts
2. Tools for testing.
3. Vulnerability detection.
4. Penetration testing on applications.

Pentesting in SCADA and IIoT 

Considering the relevance of many of the processes that SCADA systems monitor and manage, it is understood that a risk, vulnerability, incident or error in these systems could cause significant damage, not only to the organization, through financial impact, sanctions or loss of image, but also to society itself, endangering human lives or, for example, affecting the environment.

Given the above, many of these networks and the processes they control are considered critical infrastructure by governments after identifying a potential increase in the threat.

Objectives:

In this course we will deal with regulations, standards and penetration tests in these environments.

Pre-requisites:

Knowledge in NETWORKS, TCP/IP, Operating Systems, Assembler.

Módulos:

1. Introduction to security in SCADA – IIoT environments.
2. Specific protocols.
3. Attack methodology.
4. Mapping the attack surface.
5. Vulnerability detection in SCADA – IIoT.
6. Exploitation of SCADA system.