21 Penetration Testing courses delivered Live Online

Duration 4 Days 24 CPD hours This course is intended for Students in this course are interested in designing and implementing DevOps processes or in passing the Microsoft Azure DevOps Solutions certification exam. This course provides the knowledge and skills to design and implement DevOps processes and practices. Students will learn how to plan for DevOps, use source control, scale Git for an enterprise, consolidate artifacts, design a dependency management strategy, manage secrets, implement continuous integration, implement a container build strategy, design a release strategy, set up a release management workflow, implement a deployment pattern, and optimize feedback mechanisms Prerequisites Successful learners will have prior knowledge and understanding of: * Cloud computing concepts, including an understanding of PaaS, SaaS, and IaaS implementations. * Both Azure administration and Azure development with proven expertise in at least one of these areas. * Version control, Agile software development, and core software development principles. It would be helpful to have experience in an organization that delivers software. * AZ-104T00 - Microsoft Azure Administrator * AZ-204T00: Developing Solutions for Microsoft Azure 1 - INTRODUCTION TO DEVOPS * What is DevOps? * Explore the DevOps journey * Identify transformation teams * Explore shared goals and define timelines 2 - CHOOSE THE RIGHT PROJECT * Explore greenfield and brownfield projects * Decide when to use greenfield and brownfield projects * Decide when to use systems of record versus systems of engagement * Identify groups to minimize initial resistance * Identify project metrics and key performance indicators (KPIs) 3 - DESCRIBE TEAM STRUCTURES * Explore agile development practices * Explore principles of agile development * Define organization structure for agile practices * Explore ideal DevOps team members * Enable in-team and cross-team collaboration * Select tools and processes for agile practices 4 - CHOOSE THE DEVOPS TOOLS * What is Azure DevOps? * What is GitHub? * Explore an authorization and access strategy * Migrate or integrate existing work management tools * Migrate or integrate existing test management tools * Design a license management strategy 5 - PLAN AGILE WITH GITHUB PROJECTS AND AZURE BOARDS * Link GitHub to Azure Boards * Configure GitHub Projects * Manage work with GitHub Project boards * Customize Project views * Collaborate using team discussions * Agile Plan and Portfolio Management with Azure Boards 6 - INTRODUCTION TO SOURCE CONTROL * Explore DevOps foundational practices * What is source control? * Explore benefits of source control * Explore best practices for source control 7 - DESCRIBE TYPES OF SOURCE CONTROL SYSTEMS * Understand centralized source control * Understand distributed source control * Explore Git and Team Foundation Version Control * Examine and choose Git * Understand objections to using Git * Describe working with Git locally 8 - WORK WITH AZURE REPOS AND GITHUB * Migrate from TFVC to Git * Use GIT-TFS * Develop online with GitHub Codespaces 9 - STRUCTURE YOUR GIT REPO * Explore monorepo versus multiple repos * Implement a change log 10 - MANAGE GIT BRANCHES AND WORKFLOWS * Explore branch workflow types * Explore feature branch workflow * Explore Git branch model for continuous delivery * Explore GitHub flow * Explore fork workflow * Version Control with Git in Azure Repos 11 - COLLABORATE WITH PULL REQUESTS IN AZURE REPOS * Collaborate with pull requests * Examine GitHub mobile for pull request approvals 12 - IDENTIFY TECHNICAL DEBT * Examine code quality * Examine complexity and quality metrics * Measure and manage technical debt * Integrate other code quality tools * Plan effective code reviews 13 - EXPLORE GIT HOOKS * Implement Git hooks 14 - PLAN FOSTER INNER SOURCE * Explore foster inner source * Implement the fork workflow * Describe inner source with forks 15 - MANAGE GIT REPOSITORIES * Work with large repositories * Purge repository data * Manage releases with GitHub Repos * Automate release notes with GitHub 16 - EXPLORE AZURE PIPELINES * Explore the concept of pipelines in DevOps * Describe Azure Pipelines * Understand Azure Pipelines key terms 17 - MANAGE AZURE PIPELINE AGENTS AND POOLS * Choose between Microsoft-hosted versus self-hosted agents * Explore job types * Explore predefined agent pool * Understand typical situations for agent pools * Communicate with Azure Pipelines * Communicate to deploy to target servers * Examine other considerations * Describe security of agent pools * Configure agent pools and understanding pipeline styles 18 - DESCRIBE PIPELINES AND CONCURRENCY * Understand parallel jobs * Estimate parallel jobs * Describe Azure Pipelines and open-source projects * Explore Azure Pipelines and Visual Designer * Describe Azure Pipelines and YAML 19 - EXPLORE CONTINUOUS INTEGRATION * Learn the four pillars of continuous integration * Explore benefits of continuous integration * Describe build properties * Enable Continuous Integration with Azure Pipelines 20 - IMPLEMENT A PIPELINE STRATEGY * Configure agent demands * Implement multi-agent builds * Explore source control types supported by Azure Pipelines 21 - INTEGRATE WITH AZURE PIPELINES * Describe the anatomy of a pipeline * Understand the pipeline structure * Detail templates * Explore YAML resources * Use multiple repositories in your pipeline 22 - INTRODUCTION TO GITHUB ACTIONS * What are Actions? * Explore Actions flow * Understand workflows * Describe standard workflow syntax elements * Explore events * Explore jobs * Explore runners * Examine release and test an action 23 - LEARN CONTINUOUS INTEGRATION WITH GITHUB ACTIONS * Describe continuous integration with actions * Examine environment variables * Share artifacts between jobs * Examine Workflow badges * Describe best practices for creating actions * Mark releases with Git tags * Create encrypted secrets * Use secrets in a workflow * Implement GitHub Actions for CI/CD 24 - DESIGN A CONTAINER BUILD STRATEGY * Examine structure of containers * Work with Docker containers * Understand Dockerfile core concepts * Examine multi-stage dockerfiles * Examine considerations for multiple stage builds * Explore Azure container-related services * Deploy Docker containers to Azure App Service web apps 25 - INTRODUCTION TO CONTINUOUS DELIVERY * Explore traditional IT development cycle * What is continuous delivery? * Move to continuous delivery * Understand releases and deployments * Understand release process versus release 26 - CREATE A RELEASE PIPELINE * Describe Azure DevOps release pipeline capabilities * Explore release pipelines * Explore artifact sources * Choose the appropriate artifact source * Examine considerations for deployment to stages * Explore build and release tasks * Explore custom build and release tasks * Explore release jobs * Configure Pipelines as Code with YAML 27 - EXPLORE RELEASE RECOMMENDATIONS * Understand the delivery cadence and three types of triggers * Explore release approvals * Explore release gates * Use release gates to protect quality * Control Deployments using Release Gates 28 - PROVISION AND TEST ENVIRONMENTS * Provision and configure target environments * Configure automated integration and functional test automation * Understand Shift-left * Set up and run availability tests * Explore Azure Load Testing * Set up and run functional tests 29 - MANAGE AND MODULARIZE TASKS AND TEMPLATES * Examine task groups * Explore variables in release pipelines * Understand variable groups 30 - AUTOMATE INSPECTION OF HEALTH * Automate inspection of health * Explore events and notifications * Explore service hooks * Configure Azure DevOps notifications * Configure GitHub notifications * Explore how to measure quality of your release process * Examine release notes and documentation * Examine considerations for choosing release management tools * Explore common release management tools 31 - INTRODUCTION TO DEPLOYMENT PATTERNS * Explore microservices architecture * Examine classical deployment patterns * Understand modern deployment patterns 32 - IMPLEMENT BLUE-GREEN DEPLOYMENT AND FEATURE TOGGLES * What is blue-green deployment? * Explore deployment slots * Describe feature toggle maintenance 33 - IMPLEMENT CANARY RELEASES AND DARK LAUNCHING * Explore canary releases * Examine Traffic Manager * Understand dark launching 34 - IMPLEMENT A/B TESTING AND PROGRESSIVE EXPOSURE DEPLOYMENT * What is A/B testing? * Explore CI-CD with deployment rings 35 - INTEGRATE WITH IDENTITY MANAGEMENT SYSTEMS * Integrate GitHub with single sign-on (SSO) * Explore service principals * Explore Managed Identity 36 - MANAGE APPLICATION CONFIGURATION DATA * Rethink application configuration data * Explore separation of concerns * Understand external configuration store patterns * Examine Key-value pairs * Examine App configuration feature management * Integrate Azure Key Vault with Azure Pipelines * Manage secrets, tokens and certificates * Examine DevOps inner and outer loop * Integrate Azure Key Vault with Azure DevOps * Enable Dynamic Configuration and Feature Flags 37 - EXPLORE INFRASTRUCTURE AS CODE AND CONFIGURATION MANAGEMENT * Explore environment deployment * Examine environment configuration * Understand imperative versus declarative configuration * Understand idempotent configuration 38 - CREATE AZURE RESOURCES USING AZURE RESOURCE MANAGER TEMPLATES * Why use Azure Resource Manager templates? * Explore template components * Manage dependencies * Modularize templates * Manage secrets in templates * Deployments using Azure Bicep templates 39 - CREATE AZURE RESOURCES BY USING AZURE CLI * What is Azure CLI? * Work with Azure CLI 40 - EXPLORE AZURE AUTOMATION WITH DEVOPS * Create automation accounts * What is a runbook? * Understand automation shared resources * Explore runbook gallery * Examine webhooks * Explore source control integration * Explore PowerShell workflows * Create a workflow * Examine checkpoint and parallel processing 41 - IMPLEMENT DESIRED STATE CONFIGURATION (DSC) * Understand configuration drift * Explore Desired State Configuration (DSC) * Explore Azure Automation State configuration (DSC) * Examine DSC configuration file * Explore hybrid management * Implement DSC and Linux Automation on Azure 42 - IMPLEMENT BICEP * What is Bicep? * Install Bicep * Understand Bicep file structure and syntax 43 - INTRODUCTION TO SECURE DEVOPS * Describe SQL injection attack * Understand DevSecOps * Explore Secure DevOps Pipeline * Explore key validation points * Explore continuous security validation * Understand threat modeling 44 - IMPLEMENT OPEN-SOURCE SOFTWARE * Explore how software is built * What is open-source software * Explore corporate concerns with open-source software components * Explore common open-source licenses * Examine license implications and ratings 45 - SOFTWARE COMPOSITION ANALYSIS * Inspect and validate code bases for compliance * Explore software composition analysis (SCA) * Integrate Mend with Azure Pipelines * Implement GitHub Dependabot alerts and security updates * Integrate software composition analysis checks into pipelines * Examine tools for assess package security and license rate * Interpret alerts from scanner tools * Implement security and compliance in an Azure Pipeline 46 - STATIC ANALYZERS * Explore SonarCloud * Explore CodeQL in GitHub * Manage technical debt with SonarCloud and Azure DevOps 47 - OWASP AND DYNAMIC ANALYZERS * Plan Implement OWASP Secure Coding Practices * Explore OWASP ZAP penetration test * Explore OWASP ZAP results and bugs 48 - SECURITY MONITORING AND GOVERNANCE * Implement pipeline security * Explore Microsoft Defender for Cloud * Examine Microsoft Defender for Cloud usage scenarios * Explore Azure Policy * Understand policies * Explore initiatives * Explore resource locks * Explore Azure Blueprints * Understand Microsoft Defender for Identity 49 - EXPLORE PACKAGE DEPENDENCIES * What is dependency management? * Describe elements of a dependency management strategy * Identify dependencies * Understand source and package componentization * Decompose your system * Scan your codebase for dependencies 50 - UNDERSTAND PACKAGE MANAGEMENT * Explore packages * Understand package feeds * Explore package feed managers * Explore common public package sources * Explore self-hosted and SaaS based package sources * Consume packages * Publish packages * Package management with Azure Artifacts 51 - MIGRATE CONSOLIDATING AND SECURE ARTIFACTS * Identify existing artifact repositories * Migrate and integrating artifact repositories * Secure access to package feeds * Examine roles * Examine permissions * Examine authentication 52 - IMPLEMENT A VERSIONING STRATEGY * Understand versioning of artifacts * Explore semantic versioning * Examine release views * Promote packages * Explore best practices for versioning 53 - INTRODUCTION TO GITHUB PACKAGES * Publish packages * Install a package * Delete and restore a package * Explore package access control and visibility 54 - IMPLEMENT TOOLS TO TRACK USAGE AND FLOW * Understand the inner loop * Explore Azure Monitor and Log Analytics * Examine Kusto Query Language (KQL) * Explore Application Insights * Implement Application Insights * Monitor application performance with Application Insights 55 - DEVELOP MONITOR AND STATUS DASHBOARDS * Explore Azure Dashboards * Examine view designer in Azure Monitor * Explore Azure Monitor workbooks * Explore Power BI * Build your own custom application 56 - SHARE KNOWLEDGE WITHIN TEAMS * Share acquired knowledge within development teams * Integrate with Azure Boards * Share team knowledge using Azure Project Wiki 57 - DESIGN PROCESSES TO AUTOMATE APPLICATION ANALYTICS * Explore rapid responses and augmented search * Integrate telemetry * Examine monitoring tools and technologies 58 - MANAGE ALERTS, BLAMELESS RETROSPECTIVES AND A JUST CULTURE * Examine when get a notification * Explore how to fix it * Explore smart detection notifications * Improve performance * Understand server response time degradation * Reduce meaningless and non-actionable alerts * Examine blameless retrospective * Develop a just culture

Duration 5 Days 30 CPD hours This course is intended for This course is intended for Ethical Hackers, Penetration Testers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment Professionals, Cybersecurity Forensic Analyst, Cyberthreat Analyst, Cloud Security, Analyst Information Security Consultant, Application Security Analyst, Cybersecurity Assurance Engineer, Security Operations Center (SOC) Analyst, Technical Operations Network Engineer, Information Security Engineer, Network Security Penetration Tester, Network Security Engineer, Information Security Architect. Overview Upon successful completion of this course, students will master their Penetration Testing skills, perform the repeatable methodology, become committed to the code of ethics, and present analyzed results through structured reports. The main course outcomes include: 100% mapped with the NICE framework. Maps to the job role of a Penetration Tester and security analyst, based on major job portals. 100% methodology-based Penetration Testing program. Provides strong reporting writing guidance. Blended with both manual and automated Penetration Testing approaches. Gives a real-world experience through an Advanced Penetration Testing Range. Designed based on the most common Penetration Testing services offered by the best service providers in the market. Offers standard templates that can help during a Penetration test. This is a multidisciplinary course with extensive hands-on training in a wide range of crucial skills, including advanced Windows attacks, Internet of Things (IoT) and Operational Technology (OT) systems, filtered network bypass techniques, exploit writing, single and double pivoting, advanced privilege escalation, and binary exploitation. COURSE OUTLINE * Introduction to Penetration Testing * Penetration Testing Scoping and Engagement * Open Source Intelligence (OSINT) * Social Engineering Penetration Testing * Network Penetration Testing ? External * Network Penetration Testing ? Internal * Network Penetration Testing - Perimeter Devices * Web Application Penetration Testing * Wireless Penetration Testing * IoT Penetration Testing * OT/SCADA Penetration Testing * Cloud Penetration Testing * Binary Analysis and Exploitation * Report Writing and Post-Testing Actions ADDITIONAL COURSE DETAILS: Nexus Humans Certified Penetration Testing Professional (CPENT) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Certified Penetration Testing Professional (CPENT) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for The C|CT is ideal for anyone looking to start their career in cybersecurity or add a strong foundational understanding of the cybersecurity concepts and techniques required to be effective on the job. The course is especially well suited to: Early-career IT professionals, IT managers, career changers, and career advancers Students and recent graduates Overview After completing this course, you will understand: Key concepts in cybersecurity, including information security and network security Information security threats, vulnerabilities, and attacks The different types of malware Identification, authentication, and authorization Network security controls Network security assessment techniques and tools (threat hunting, threat intelligence, vulnerability assessment, ethical hacking, penetration testing, configuration and asset management) Application security design and testing techniques Fundamentals of virtualization, cloud computing, and cloud security Wireless network fundamentals, wireless encryption, and related security measures Fundamentals of mobile, IoT, and OT devices and related security measures Cryptography and public-key infrastructure Data security controls, data backup and retention methods, and data loss prevention techniques Network troubleshooting, traffic and log monitoring, and analysis of suspicious traffic The incident handling and response process Computer forensics and digital evidence fundamentals, including the phases of a forensic investigation Concepts in business continuity and disaster recovery Risk management concepts, phases, and frameworks EC-Council?s C|CT certification immerses students in well-constructed knowledge transfer. Training is accompanied by critical thinking challenges and immersive lab experiences that allow candidates to apply their knowledge and move into the skill development phase in the class itself. Upon completing the program, C|CT-certified professionals will have a strong foundation in cybersecurity principles and techniques as well as hands-on exposure to the tasks required in real-world jobs. COURSE OUTLINE * Information Security Threats and Vulnerabilities * Information Security Attacks * Network Security Fundamentals * Identification, Authentication, and Authorization * Network Security Controls: Administrative Controls * Network Security Controls: Physical Controls * Network Security Controls: Technical Controls * Network Security Assessment Techniques and Tools * Application Security * Virtualization and Cloud Computing * Wireless Network Security * Mobile Device Security * Internet of Things (IoT) and Operational Technology (OT) Security * Cryptography * Data Security * Network Troubleshooting * Network Traffic Monitoring * Network Log Monitoring and Analysis * Incident Response * Computer Forensics * Business Continuity and Disaster Recovery * Risk Management

PENETRATION TESTING TRAINING COURSE DESCRIPTION An advanced technical hands on course focusing on hacking and counter hacking. The course revolves around a series of exercises based on "hacking" into a network (pen testing the network) and then defending against the hacks. WHAT WILL YOU LEARN * Perform penetration tests. * Explain the technical workings of various penetration tests. * Produce reports on results of penetration tests. * Defend against hackers. PENETRATION TESTING TRAINING COURSE DETAILS * Who will benefit: Technical support staff, auditors and security professionals. Staff who are responsible for network infrastructure integrity. * Prerequisites: IP Security IP VPNs * Duration 5 days PENETRATION TESTING TRAINING COURSE CONTENTS * Introduction Hacking concepts, phases, types of attacks, 'White hacking', What is penetration testing? Why use pen testing, black box vs. white box testing, equipment and tools, security lifecycles, counter hacking, pen testing reports, methodologies, legal issues. * Physical security and social engineering Testing access controls, perimeter reviews, location reviews, alarm response testing. Request testing, guided suggestions, trust testing. Social engineering concepts, techniques, counter measures, Identity theft, Impersonation on social media, Footprints through social engineering * Reconnaissance (discovery) Footprinting methodologies, concepts, threats and countermeasures, WHOIS footprinting, Gaining contacts and addresses, DNS queries, NIC queries, ICMP ping sweeping, system and server trails from the target network, information leaks, competitive intelligence. Scanning pen testing. * Gaining access Getting past passwords, password grinding, spoofed tokens, replays, remaining anonymous. * Scanning (enumeration) Gaining OS info, platform info, open port info, application info. Routes used, proxies, firewalking, Port scanning, stealth port scanning, vulnerability scanning, FIN scanning, Xmas tree scanning, Null scanning, spoofed scanning, Scanning beyond IDS. Enumeration concepts, counter measures and enumeration pen testing. * Hacking Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology, hacking tools and countermeasures. * Trojan, Backdoors, Sniffers, Viruses and Worms Detection, concepts, countermeasures, Pen testing Trojans, backdoors, sniffers and viruses. MAC attacks, DHCP attacks, ARP poisoning, DNS poisoning Anti-Trojan software, Malware analysis Sniffing tools. * Exploiting (testing) vulnerabilities Buffer overflows,, simple exploits, brute force methods, UNIX based, Windows based, specific application vulnerabilities. * DoS/DDoS Concepts, techniques, attack tools, Botnet, countermeasures, protection tools, DoS attack pen testing. * SQL Injection Types and testing, Blind SQL Injection, Injection tools, evasion and countermeasures. * Securing networks 'Hurdles', firewalls, DMZ, stopping port scans, IDS, Honeypots, Router testing, firewall testing, IDS testing, Buffer Overflow. * Cryptography PKI, Encryption algorithms, tools, Email and Disk Encryption. * Information security Document grinding, privacy.

Duration 5 Days 30 CPD hours This course is intended for The Certified Ethical Hacking v12 course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Overview Information security controls, laws, and standards. Various types of footprinting, footprinting tools, and countermeasures. Network scanning techniques and scanning countermeasures Enumeration techniques and enumeration countermeasures Vulnerability analysis to identify security loopholes in the target organization?s network, communication infrastructure, and end systems. System hacking methodology, steganography, steganalysis attacks, and covering tracks to discover system and network vulnerabilities. Different types of malware (Trojan, Virus, worms, etc.), system auditing for malware attacks, malware analysis, and countermeasures. Packet sniffing techniques to discover network vulnerabilities and countermeasures to defend against sniffing. Social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and social engineering countermeasures. DoS/DDoS attack techniques and tools to audit a target and DoS/DDoS countermeasures. Session hijacking techniques to discover network-level session management, authentication/authorization, and cryptographic weaknesses and countermeasures. Webserver attacks and a comprehensive attack methodology to audit vulnerabilities in webserver infrastructure, and countermeasures. Web application attacks, comprehensive web application hacking methodology to audit vulnerabilities in web applications, and countermeasures. SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures. Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools. Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools. Firewall, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures. Cloud computing concepts (Container technology, serverless computing), the working of various threats and attacks, and security techniques and tools. Penetration testing, security audit, vulnerability assessment, and penetration testing roadmap. Threats to IoT and OT platforms and defending IoT and OT devices. Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools. CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so you will be better positioned to setup your security infrastructure and defend against future attacks. An understanding of system weaknesses and vulnerabilities helps organizations strengthen their system security controls to minimize the risk of an incident. CEH was built to incorporate a hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential. You will be exposed to an entirely different posture toward the responsibilities and measures required to be secure. Now in its 12th version, CEH continues to evolve with the latest operating systems, tools, tactics, exploits, and technologies. 1 - INTRODUCTION TO ETHICAL HACKING * Information Security Overview * Cyber Kill Chain Concepts * Hacking Concepts * Ethical Hacking Concepts * Information Security Controls * Information Security Laws and Standards 2 - 2 - FOOT-PRINTING AND RECONNAISSANCE * Footprinting Concepts * Footprinting through Search Engines * Footprinting through Web Services * Footprinting through Social Networking Sites * Website Footprinting * Email Footprinting * Who is Footprinting * DNS Footprinting * Network Footprinting * Footprinting through Social Engineering * Footprinting Tools * Footprinting Countermeasures 3 - SCANNING NETWORKS * Network Scanning Concepts * Scanning Tools * Host Discovery * Port and Service Discovery * OS Discovery (Banner Grabbing/OS Fingerprinting) * Scanning Beyond IDS and Firewall * Draw Network Diagrams 4 - ENUMERATION * Enumeration Concepts * NetBIOS Enumeration * SNMP Enumeration * LDAP Enumeration * NTP and NFS Enumeration * SMTP and DNS Enumeration * Other Enumeration Techniques * Enumeration Countermeasures 5 - VULNERABILITY ANALYSIS * Vulnerability Assessment Concepts * Vulnerability Classification and Assessment Types * Vulnerability Assessment Solutions and Tools * Vulnerability Assessment Reports 6 - SYSTEM HACKING * System Hacking Concepts * Gaining Access * Escalating Privileges * Maintaining Access * Clearing Logs 7 - MALWARE THREATS * Malware Concepts * APT Concepts * Trojan Concepts * Virus and Worm Concepts * Fileless Malware Concepts * Malware Analysis * Countermeasures * Anti-Malware Software 8 - SNIFFING * Sniffing Concepts * Sniffing Technique: MAC Attacks * Sniffing Technique: DHCP Attacks * Sniffing Technique: ARP Poisoning * Sniffing Technique: Spoofing Attacks * Sniffing Technique: DNS Poisoning * Sniffing Tools * Countermeasures * Sniffing Detection Techniques 9 - SOCIAL ENGINEERING * Social Engineering Concepts * Social Engineering Techniques * Insider Threats * Impersonation on Social Networking Sites * Identity Theft * Countermeasures 10 - DENIAL-OF-SERVICE * DoS/DDoS Concepts * DoS/DDoS Attack Techniques * BotnetsDDoS Case Study * DoS/DDoS Attack Tools * Countermeasures * DoS/DDoS Protection Tools 11 - SESSION HIJACKING * Session Hijacking Concepts * Application Level Session Hijacking * Network Level Session Hijacking * Session Hijacking Tools * Countermeasures 12 - EVADING IDS, FIREWALLS, AND HONEYPOTS * IDS, IPS, Firewall, and Honeypot Concepts * IDS, IPS, Firewall, and Honeypot Solutions * Evading IDS * Evading Firewalls * IDS/Firewall Evading Tools * Detecting Honeypots * IDS/Firewall Evasion Countermeasures 13 - HACKING WEB SERVERS * Web Server Concepts * Web Server Attacks * Web Server Attack Methodology * Web Server Attack Tools * Countermeasures * Patch Management * Web Server Security Tools 14 - HACKING WEB APPLICATIONS * Web Application Concepts * Web Application Threats * Web Application Hacking Methodology * Web API, Webhooks, and Web Shell * Web Application Security 15 - SQL INJECTION * SQL Injection Concepts * Types of SQL Injection * SQL Injection Methodology * SQL Injection Tools * Evasion Techniques * Countermeasures 16 - HACKING WIRELESS NETWORKS * Wireless Concepts * Wireless Encryption * Wireless Threats * Wireless Hacking Methodology * Wireless Hacking Tools * Bluetooth Hacking * Countermeasures * Wireless Security Tools 17 - HACKING MOBILE PLATFORMS * Mobile Platform Attack Vectors * Hacking Android OS * Hacking iOS * Mobile Device Management * Mobile Security Guidelines and Tools 18 - IOT AND OT HACKING * IoT Hacking * IoT Concepts * IoT Attacks * IoT Hacking Methodology * IoT Hacking Tools * Countermeasures * OT Hacking * OT Concepts * OT Attacks * OT Hacking Methodology * OT Hacking Tools * Countermeasures 19 - CLOUD COMPUTING * Cloud Computing Concepts * Container Technology * Serverless Computing * Cloud Computing Threats * Cloud Hacking * Cloud Security 20 - CRYPTOGRAPHY * Cryptography Concepts * Encryption Algorithms * Cryptography Tools * Public Key Infrastructure (PKI) * Email Encryption * Disk Encryption * Cryptanalysis * Countermeasures ADDITIONAL COURSE DETAILS: Nexus Humans EC-Council Certified Ethical Hacker (CEH) v.12 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the EC-Council Certified Ethical Hacker (CEH) v.12 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This course is designed for IT professionals who want to develop penetration testing skills to enable them to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities. Target students who also need to offer practical recommendations for action to properly protect information systems and their contents will derive those skills from this course. This course is also designed for individuals who are preparing to take the CompTIA PenTest+ certification exam PT0-002, or who plan to use PenTest+ as the foundation for more advanced security certifications or career roles. Individuals seeking this certification should have three to four years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management. Overview After completing this course, you will be able to plan, conduct, analyze, and report on penetration tests, including the ability to: Plan and scope penetration tests. Conduct passive reconnaissance. Perform non-technical tests to gather information. Conductive active reconnaissance. Analyze vulnerabilities. Penetrate networks. Exploit host-based vulnerabilities. Test applications. Complete post-exploit tasks. Analyze and report pen test results. Security remains one of the hottest topics in IT and other industries. It seems that each week brings news of some new breach of privacy or security. As organizations scramble to protect themselves and their customers, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to some general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company. 1 - OUTLINE * Lesson 1: Scoping Organization/Customer Requirements * Lesson 2: Defining the Rules of Engagement * Lesson 3: Footprinting and Gathering Intelligence * Lesson 4: Evaluating Human and Physical Vulnerabilities * Lesson 5: Preparing the Vulnerability Scan * Lesson 6: Scanning Logical Vulnerabilities * Lesson 7: Analyzing Scanning Results * Lesson 8: Avoiding Detection and Covering Tracks * Lesson 9: Exploiting the LAN and Cloud * Lesson 10: Testing Wireless Networks * Lesson 11: Targeting Mobile Devices * Lesson 12: Attacking Specialized Systems * Lesson 13: Web Application-Based Attacks * Lesson 14: Performing System Hacking * Lesson 15: Scripting and Software Development * Lesson 16: Leveraging the Attack: Pivot and Penetrate * Lesson 17: Communicating During the PenTesting Process * Lesson 18: Summarizing Report Components * Lesson 19: Recommending Remediation * Lesson 20: Performing Post-Report Delivery Activities ADDITIONAL COURSE DETAILS: Nexus Humans CompTIA Penetration Testing Certification (PenTest Plus) - (Exam PT0-002) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CompTIA Penetration Testing Certification (PenTest Plus) - (Exam PT0-002) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Pen Testers Ethical Hackers Network Auditors Cybersecurity Professionals Vulnerability Assessors Cybersecurity Managers IS Managers Overview A Certified Penetration Testing Engineer imagines all of the ways that a hacker can penetrate a data system.  You have to go beyond what you learned as an Ethical Hacker because pen testing explores technical and non-technical ways of breaching security to gain access to a system. Our C)PTE course is built on proven hands-on methods utilized by our international group of vulnerability consultants. In this course you will learn 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. Plus, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data. Additionally, you will learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. Once you have completed this course, you will have learned everything you need know know to move forward with a career in penetration testing. A Certified Penetration Testing Engineer imagines all of the ways that a hacker can penetrate a data system.ÿ You have to go beyond what you learned as an Ethical Hacker because pen testing explores technical and non-technical ways of breaching security to gain access to a system.ÿ ÿ Our C)PTE course is built on proven hands-on methods utilized by our international group of vulnerability consultants.ÿ In this course you will learn 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. Plus, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data. Additionally, you will learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. Once you have completed this course, you will have learned everything you need know know to move forward with a career in penetration testing. COURSE OUTLINE * Business & Technical Logistics of Pen Testing * Information Gathering Reconnaissance ? Passive (External Only) * Detecting Live Systems ? Reconnaissance (Active) * Banner Grabbing and Enumeration * Automated Vulnerability Assessment * Hacking Operating Systems * Advanced Assessment and Exploitation Techniques * Evasion Techniques * Hacking with PowerShell * Networks and Sniffing * Accessing and Hacking Web Techniques * Mobile and IoT Hacking * Report Writing Basics

Duration 5 Days 30 CPD hours This course is intended for This course is designed primarily for cybersecurity practitioners preparing for or who currently perform job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. It is ideal for those roles within federal contracting companies and private sector firms whose mission or strategic objectives require the execution of Defensive Cyber Operations (DCO) or DoD Information Network (DoDIN) operation and incident handling. This course focuses on the knowledge, ability, and skills necessary to provide for the defense of those information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes. Overview In this course, you will identify, assess, respond to, and protect against security threats and operate a system and network security analysis platform. You will: Assess cybersecurity risks to the organization. Analyze the threat landscape. Analyze various reconnaissance threats to computing and network environments. Analyze various attacks on computing and network environments. Analyze various post-attack techniques. Assess the organization's security posture through auditing, vulnerability management, and penetration testing. Collect cybersecurity intelligence from various network-based and host-based sources. Analyze log data to reveal evidence of threats and incidents. Perform active asset and network analysis to detect incidents. Respond to cybersecurity incidents using containment, mitigation, and recovery tactics. Investigate cybersecurity incidents using forensic analysis techniques. This course covers network defense and incident response methods, tactics, and procedures that are in alignment with industry frameworks such as NIST 800-61r2 (Computer Security Incident Handling Guide), US-CERT's National Cyber Incident Response Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents. The course introduces tools, tactics, and procedures to manage cybersecurity risks, defend cybersecurity assets, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and remediate and report incidents as they occur. This course provides a comprehensive methodology for individuals responsible for defending the cybersecurity of their organization. This course is designed to assist students in preparing for the CertNexus CyberSec First Responder (Exam CFR-410) certification examination. What you learn and practice in this course can be a significant part of your preparation. In addition, this course and subsequent certification (CFR-410) meet all requirements for personnel requiring DoD directive 8570.01-M position certification baselines: CSSP Analyst CSSP Infrastructure Support CSSP Incident Responder CSSP Auditor The course and certification also meet all criteria for the following Cybersecurity Maturity Model Certification (CMMC) domains: Incident Response (IR) Audit and Accountability (AU) Risk Management (RM) LESSON 1: ASSESSING CYBERSECURITY RISK * Topic A: Identify the Importance of Risk Management * Topic B: Assess Risk * Topic C: Mitigate Risk * Topic D: Integrate Documentation into Risk Management LESSON 2: ANALYZING THE THREAT LANDSCAPE * Topic A: Classify Threats * Topic B: Analyze Trends Affecting Security Posture LESSON 3: ANALYZING RECONNAISSANCE THREATS TO COMPUTING AND NETWORK ENVIRONMENTS * Topic A: Implement Threat Modeling * Topic B: Assess the Impact of Reconnaissance * Topic C: Assess the Impact of Social Engineering LESSON 4: ANALYZING ATTACKS ON COMPUTING AND NETWORK ENVIRONMENTS * Topic A: Assess the Impact of System Hacking Attacks * Topic B: Assess the Impact of Web-Based Attacks * Topic C: Assess the Impact of Malware * Topic D: Assess the Impact of Hijacking and Impersonation Attacks * Topic E: Assess the Impact of DoS Incidents * Topic F: Assess the Impact of Threats to Mobile Security * Topic G: Assess the Impact of Threats to Cloud Security LESSON 5: ANALYZING POST-ATTACK TECHNIQUES * Topic A: Assess Command and Control Techniques * Topic B: Assess Persistence Techniques * Topic C: Assess Lateral Movement and Pivoting Techniques * Topic D: Assess Data Exfiltration Techniques * Topic E: Assess Anti-Forensics Techniques LESSON 6: ASSESSING THE ORGANIZATION'S SECURITY POSTURE * Topic A: Implement Cybersecurity Auditing * Topic B: Implement a Vulnerability Management Plan * Topic C: Assess Vulnerabilities * Topic D: Conduct Penetration Testing LESSON 7: COLLECTING CYBERSECURITY INTELLIGENCE * Topic A: Deploy a Security Intelligence Collection and Analysis Platform * Topic B: Collect Data from Network-Based Intelligence Sources * Topic C: Collect Data from Host-Based Intelligence Sources LESSON 8: ANALYZING LOG DATA * Topic A: Use Common Tools to Analyze Logs * Topic B: Use SIEM Tools for Analysis LESSON 9: PERFORMING ACTIVE ASSET AND NETWORK ANALYSIS * Topic A: Analyze Incidents with Windows-Based Tools * Topic B: Analyze Incidents with Linux-Based Tools * Topic C: Analyze Indicators of Compromise LESSON 10: RESPONDING TO CYBERSECURITY INCIDENTS * Topic A: Deploy an Incident Handling and Response Architecture * Topic B: Mitigate Incidents * Topic C: Hand Over Incident Information to a Forensic Investigation LESSON 11: INVESTIGATING CYBERSECURITY INCIDENTS * Topic A: Apply a Forensic Investigation Plan * Topic B: Securely Collect and Analyze Electronic Evidence * Topic C: Follow Up on the Results of an Investigation ADDITIONAL COURSE DETAILS: Nexus Humans CertNexus Certified CyberSec First Responder (CFR-410) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CertNexus Certified CyberSec First Responder (CFR-410) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

SECURING KUBERNETES TRAINING COURSE DESCRIPTION This course introduces concepts, procedures, and best practices to harden Kubernetes based systems and container-based applications against security threats. It deals with the main areas of cloud-native security: Kubernetes cluster setup, Kubernetes cluster hardening, hardening the underlying operating system and networks, minimizing microservices vulnerabilities, obtaining supply chain security as well as monitoring, logging, and runtime security. WHAT WILL YOU LEARN * Harden Kubernetes systems and clusters. * Harden containers. * Configure and use Kubernetes audit logs. SECURING KUBERNETES TRAINING COURSE DETAILS * Who will benefit: Technical staff working with Kubernetes * Prerequisites: Kubernetes_for_engineers_course.htm Definitive Docker for engineers * Duration 2 days SECURING KUBERNETES TRAINING COURSE CONTENTS This course does not only deal with the daily security administration of Kubernetes-based systems but also prepares delegates for the official Certified Kubernetes Security Specialist (CKS) exams of the Cloud Native Computing Foundation (CNCF). Structure: 50% theory 50% hands on lab exercise MODULE 1: USER AND AUTHORIZATION MANAGEMENT * Users and service accounts in Kubernetes * Authenticating users * Managing authorizations with RBAC MODULE 2: SUPPLY CHAIN SECURITY * Vulnerabilit checking for images * Image validation in Kubernetes * Reducing image footprint * Secure image registries MODULE 3: VALIDATING CLUSTER SETUP AND PENETRATION TESTING * Use CIS benchmark to review the security configuration of Kubernetes components. * Modify the cluster components' configuration to match the CIS Benchmark. * Penetration testing Kubernetes for known vulnerabilities. MODULE 4: SYSTEM HARDENING * Use kernel hardening tools * Setup appropriate OS level security domains * Container runtime sandboxes * Limit network access MODULE 5: MONITORING AND LOGGING * Configure Kubernetes audit logs * Configure Audit Policies * Monitor applications behaviour with Falco

OVERVIEW -------------------------------------------------------------------------------- Cyber Security plays an important role in every business as it encompasses everything that relates to protecting sensitive data, personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries. This course is designed to understand and gain practical skills to plan, deliver and monitor IT/cyber security to internal and external clients understanding a complete, knowledge in the areas of IT policies, Security-Operational-Run-Book, security/penetration testing, ethical hacking and black hat hacking including understanding the basics of Kali Operating System and its tools and techniques. It will also cover WiFi security, Website security, human factors, cyber forensics, and cyber security team management, including all other areas in relation to Cyber Security.