Course
digicode: HAK4
Cyber Security Tester/Analyst – Hands-On Exploiting
Course facts
- Implementing known and new exploiting techniques
- Testing of security measures against exploits in test environments (hacking labs)
- Sharpening of analytical skills against targeted attacks
- Better understanding and faster detection of attack patterns
- Setting up your own exploiting lab
- Classifying computer architectures and assembler code in the context of exploits
- Getting started with debugging programs such as gdb, OllyDbg, and Immunity
- Detecting vulnerabilities using fuzzing
- Understanding basic exploiting techniques such as buffer and heap overflows, format string vulnerabilities, etc.
- Creating your own exploit scripts together
- Understanding the use of shellcodes within exploiting
- Generating shellcodes and embedding them in your own exploit script
- Ensuring the exploit is executable (bad chars)
- Performing various user space exploits
- Gaining root privileges using kernel exploits
- Exploit vulnerable program libraries (DLLs)
- Classify the protective effect and limitations of DEP and ASLR in the context of system hardening
- Test protective measures with “living off the land hacking”
- Understand basic attack techniques against web applications such as XSS, SQL injection, etc.
- Tasks for your own LABs to independently deepen your knowledge
Component of the following courses
The course is rounded off with essential attack techniques against web applications, as these are a particularly exposed and popular target for criminal hackers. Thanks to the knowledge you will have acquired together, after completing this course you will be able to analyze known and novel exploit techniques in your own test environments and thus improve your own cyber security measures and detection rules. All participants expressly undertake not to misuse the knowledge they have acquired. A corresponding written agreement must therefore be signed before the start of the course.
This course is aimed at security professionals, computer scientists and managers who have attended the course «digicomp.ch/d/HAK2https://digicomp.ch/e/HAK2» and would like to deepen their previously acquired knowledge and analytical skills in a hands-on training with various exploiting techniques.
Completion of one of the following courses or equivalent broad practical hacking experience with KALI LINUX™:
This compact seminar can be used together with own exercises to prepare for various IT security and hacking certificates and is part of the preparation for the renowned certificate: «OSSTMM Professional Security Analyst».
RDP info
Participants must have a remote desktop client installed on their PC/laptop.
- On Windows, the official Microsoft client is usually already installed.
- macOS users can download the official Microsoft client from the Apple App Store: https://apps.apple.com/ch/app/microsoft-remote-desktop/id1295203466
Important: For security reasons, companies often block remote desktop connections on business devices and within the company network. We recommend participating in the training on a private device and not on the company network. Alternatively, you can check with your IT department in advance to see if remote desktop connections are possible.