OS Exploits - IT Beveiliging / Security - Beveiliging - Informatiebeveiliging - Cyber Security - Security Engineer

Type product
Niveau

OS Exploits - IT Beveiliging / Security - Beveiliging - Informatiebeveiliging - Cyber Security - Security Engineer

OEM ICT Trainingen & Advies
Logo van OEM ICT Trainingen & Advies
Opleiderscore: starstarstarstarstar_half 9,0 OEM ICT Trainingen & Advies heeft een gemiddelde beoordeling van 9,0 (uit 217 ervaringen)

Tip: meer info over het programma, prijs, en inschrijven? Download de brochure!

Beschrijving

OS Exploits.

A key component in hardening security for you organization is understanding operating system exploits and how to remediate problems. In this Learning Kit, you will learn about common Microsoft and Linux exploits and tools and techniques to address these vulnerabilities. In this journey you will learn about intelligence gathering, learn about common exploits in Windows environments and associated services, how to issues with legacy software and techniques for post exploitation activities in a Windows system. Similarly for Linux environments, you will learn how to stage for exploit analysis, key vulnerabilities for Linux systems and daemons, penetration tools native to Linux to h…

Lees de volledige beschrijving

Veelgestelde vragen

Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.

Nog niet gevonden wat je zocht? Bekijk deze onderwerpen: Security Engineer, Informatiebeveiliging, Information Security Foundation (ISFS), Beveiliging en Cyber Security.

OS Exploits.

A key component in hardening security for you organization is understanding operating system exploits and how to remediate problems. In this Learning Kit, you will learn about common Microsoft and Linux exploits and tools and techniques to address these vulnerabilities. In this journey you will learn about intelligence gathering, learn about common exploits in Windows environments and associated services, how to issues with legacy software and techniques for post exploitation activities in a Windows system. Similarly for Linux environments, you will learn how to stage for exploit analysis, key vulnerabilities for Linux systems and daemons, penetration tools native to Linux to help identify vulnerabilities, and architectures with Linux to help deal with exploits. After completing this learning, you will be able to address vulnerabilities for both Linux and Windows environments.

Learning Kits are structured learning paths, mainly within the Emerging Tech area. A Learning Kit keeps
the student working toward an overall goal, helping them to achieve your career aspirations. Each part takes the student step by step through a diverse set of topic areas. Learning Kits are
made up of required tracks, which contain all of the learning resources available such as Assessments (Final Exams), Mentor, Practice Labs and of course E learning. And all resources with a 365 days access from first activation.

This Learning Kit, with more than 14 hours of online content, is divided into the following tracks:

Course content

E-learning courses (14 hours +)

Windows Exploits and Forensics: Intelligence Gathering

Course: 1 Hour, 28 Minutes

  • Course Overview
  • The Open-source Intelligence (OSINT) Methodology
  • Conducting an OSINT Investigation
  • Social Engineering Target Identification
  • Network Scanning for Open Ports
  • Conducting an Nmap Scan
  • Common Windows Services and Their Ports
  • System Scanning and Enumeration Tools
  • Conducting a Windows System Scan
  • Standard Kali Tools
  • Using Metasploitable: Common Commands and Issues
  • Windows Exploit Discovery
  • Course Summary

Windows Exploits and Forensics : Windows Environments

Course: 1 Hour, 32 Minutes

  • Course Overview
  • The Security Features and Controls on Windows Hosts
  • Windows Server Operating System Types
  • Intrusion Detection and Prevention in Windows
  • The MITRE ATT&CK Framework and Windows Intrusions
  • The Logging Features in Windows
  • Viewing Event logging
  • The Different Windows Account Types
  • Using Windows Commands
  • How Windows Permissions Work
  • NT (New Technology) LAN Manager (NTLM) in Windows
  • Cracking an NTLM Hash
  • Using the Windows Registry
  • Artifacts Found in Windows OS
  • How Active Directory and Kerberos Work
  • Course Summary

Windows Exploits and Forensics: SMB & PsExec

Course: 1 Hour, 6 Minutes

  • Course Overview
  • SMB Permissions and Defaults
  • SMB Enumeration
  • Enumerating SMB Shares
  • Identifying Vulnerabilities in SMB
  • SMB Attack Methods
  • Conducting an SMB Brute Force Attack
  • Conducting an SMB Denial of Service
  • Exploiting a System Using SMB Reverse Shell
  • How the PsExec Utility Works
  • Executing Remote Commands with PsTools
  • Executing a Pass the Hash Attack with Mimikatz
  • A Background to the EternalBlue Exploit
  • Using the EternalBlue Vulnerability to Attack
  • Course Summary

Windows Exploits and Forensics: FTP, RDP, & Other Services

Course: 1 Hour, 13 Minutes

  • Course Overview
  • Windows Service Exploitation
  • Enumerating Data from FTP
  • FTP Attack Methods
  • Conducting a Brute Force Attack on an FTP Server
  • IIS with Windows and FTP Clients
  • FTP/IIS Reverse Shell
  • RDP in a Windows Environment
  • RDP Attack Methods
  • Enumerating Using RDP
  • Exploiting an RDP system Using BlueKeep
  • Working with WMI
  • Exploiting WMI on a Windows-based System
  • Course Summary

Windows Exploits and Forensics: Legacy Systems & Third Party Applications

Course: 58 Minutes

  • Course Overview
  • Common Attacks on Windows Hosts
  • Common Attacks on Windows Servers
  • Scanning for Potential Vulnerabilities
  • Enumerating Data from Services
  • Running an Exploit to Gain Credentials
  • Running an Exploit to Gain a Reverse Shell
  • Common Third-party Applications in Windows
  • Finding Vulnerabilities for Third-party Applications
  • Exploiting Third-party Applications in Windows
  • Avoiding Honeypots
  • Course Summary

Windows Exploits and Forensics: Post Exploitation

Course: 1 Hour, 24 Minutes

  • Course Overview
  • Privilege Escalation Methods
  • Conducting a Basic Privilege Escalation
  • Using the DLL Injection
  • Pivot between Hosts
  • Stealing User Credentials
  • Using PowerView to Enumerate Information
  • Using BloodHound to Gain Admin Privileges
  • Cleanup Methods to Hide Your Tracks
  • Cleaning up Post Attack
  • APT and Configuration Methods
  • Configuring APT after Exploitation
  • Using the Nuclear Option to Clean up Post Attack
  • Course Summary

Linux Exploits & Mitigation: Staging for Exploit Analysis

Course: 1 Hour, 5 Minutes

  • Course Overview
  • Leveraging Virtual Environments
  • Setting up QEMU
  • Launching Linux in QEMU
  • Mounting Filesystems
  • Compiling Linux Kernels
  • Networking under QEMU
  • Architectural Considerations
  • Emulating Architectures in QEMU
  • Saving Machine States
  • Monitoring System Info
  • Staging Vulnerabilities
  • Protecting Staging Environments
  • Course Summary

Linux Exploits & Mitigation: Program Essentials

Course: 1 Hour, 21 Minutes

  • Course Overview
  • Programming in Memory
  • Running GDB
  • Disassembling a Program
  • Dumping Objects
  • Protection Rings
  • Kernel and Userland Separation
  • The GNU C Library
  • Using Syscalls with C
  • Using Syscalls with Assembly
  • Linux System Call Table
  • Querying Implemented System Calls
  • Executing Programs
  • Segmenting Programs
  • Course Summary

Linux Exploits & Mitigation: String Vulnerability Analysis

Course: 1 Hour, 10 Minutes

  • Course Overview
  • Exploiting Strings
  • Formatting String Weaknesses
  • Overflowing the String Buffer
  • Compiling String Weaknesses
  • Copying String Weaknesses
  • Catching Input Vulnerabilities
  • Generating String Weaknesses
  • Checking Strings Safely
  • Looping Over Strings Safely
  • Executing Unsafe Strings
  • Injecting Code in Strings
  • Returning Strings Safely
  • Course Summary

Linux Exploits & Mitigation: Memory and Pointer Vulnerabilities

Course: 1 Hour, 11 Minutes

  • Course Overview
  • Allocating Memory
  • Overflowing the Heap
  • Dangling Pointers
  • Dereferencing NULL
  • Exploiting the Heap
  • Using After-free
  • Overflowing the Stack
  • Accessing Out-of-bounds
  • Looping Off-by-one
  • Corrupting Memory
  • Executing Arbitrary Code
  • Exploiting Out-of-bounds
  • Course Summary

Linux Exploits & Mitigation: Penetration Tools

Course: 1 Hour

  • Course Overview
  • Exploring Metasploit Commands
  • Running a Vulnerable Environment
  • Exploiting a Vulnerable Web Service
  • Scanning SMTP
  • Exploiting Vulnerable File Sharing
  • Uploading Injections
  • Searching for Exploits
  • Detecting Exploits
  • Scanning with RouterSploit
  • Inspecting Opcodes
  • Converting Shellcode
  • SQL Injection
  • Course Summary

Linux Exploits & Mitigation: Linux Exploit Architecture

Course: 57 Minutes

  • Course Overview
  • Avoiding Kernel Race Conditions
  • Executing Shellcode
  • Out-of-order Execution
  • Integer Vulnerabilities and Prevention
  • Compiler Warnings for Security and Stability
  • Stack Smashing Mitigations
  • Use-after-free Consequences
  • Spectre and Meltdown Vulnerabilities and Mitigation
  • Write XOR Execute (W^X)
  • Considerations and Mitigations to Vulnerabilities and Exploits
  • Privilege Escalation Targets
  • Processes and Tasks Exploits
  • Course Summary

Assessment: OS Exploits
Will test your knowledge and application of the topics presented throughout the OS Exploits courses.

Practice Lab: OS Exploits (estimated duration: 7 hours)
Perform OS exploits such as system event auditing, testing for RDP vulnerabilities, constructing  a MSFvenom injection payload, and running a virtual environment. Then, debug and disassemble a program, catch common vulnerabilities, and recognize the dangers with pointers. 

Specificaties

Taal: Engels
Kwalificaties van de Instructeur: Gecertificeerd
Cursusformaat en Lengte: Lesvideo's met ondertiteling, interactieve elementen en opdrachten en testen
Lesduur: 14 uur
Assesments: De assessment test uw kennis en toepassingsvaardigheden van de onderwerpen uit het leertraject. Deze is 365 dagen beschikbaar na activering.
Online Virtuele labs: Ontvang 12 maanden toegang tot virtuele labs die overeenkomen met de traditionele cursusconfiguratie. Actief voor 365 dagen na activering, beschikbaarheid varieert per Training.
Online mentor: U heeft 24/7 toegang tot een online mentor voor al uw specifieke technische vragen over het studieonderwerp. De online mentor is 365 dagen beschikbaar na activering, afhankelijk van de gekozen Learning Kit.
Voortgangsbewaking: Ja
Toegang tot Materiaal: 365 dagen
Technische Vereisten: Computer of mobiel apparaat, Stabiele internetverbindingen Webbrowserzoals Chrome, Firefox, Safari of Edge.
Support of Ondersteuning: Helpdesk en online kennisbank 24/7
Certificering: Certificaat van deelname in PDF formaat
Prijs en Kosten: Cursusprijs zonder extra kosten
Annuleringsbeleid en Geld-Terug-Garantie: Wij beoordelen dit per situatie
Award Winning E-learning: Ja


Tip! Zorg voor een rustige leeromgeving, tijd en motivatie, audioapparatuur zoals een koptelefoon of luidsprekers voor audio, accountinformatie zoals inloggegevens voor toegang tot het e-learning platform.

       

Verrijk Uw Carrière met OEM's ICT Trainingen

Waarom kiezen voor OEM?
Ervaring: Meer dan 20 jaar expertise in ICT-trainingen.
Uitgebreide Selectie: Meer dan 1000 cursussen van 200 topmerken.
Hoge Tevredenheid: Beoordeeld met een 9.0 op Springest.
Kwaliteitsgarantie: Gecertificeerde docenten en award-winning E-learning.
Partnerschappen: Microsoft Partner, EC-Council Partner, Certiport en Pearson VUE.

Blijf op de hoogte van nieuwe ervaringen

Er zijn nog geen ervaringen.

Deel je ervaring

Heb je ervaring met deze cursus? Deel je ervaring en help anderen kiezen. Als dank voor de moeite doneert Springest € 1,- aan Stichting Edukans.

Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.

Download gratis en vrijblijvend de informatiebrochure

(optioneel)
(optioneel)
(optioneel)
infoEr is een telefoonnummer vereist om deze informatieaanvraag in behandeling te nemen. (optioneel)