CSX VULNERABILITY AND EXPLOITATION COURSE
The Cybersecurity Nexus (CSX) Vulnerability and Exploitation Course (CVEC) provides students, who possess a basic understanding of penetration testing, a deeper understanding of vulnerability identification and exploitation capabilities. Students will work with real systems in real environments and will leverage real vulnerability analysis and exploitation tools in a live environment. Upon completion, students will understand the how to successfully exploit and maintain a presence within information systems.
CONTENUTO:
Open Source Research (Lesson)
- Understand footprinting;
- Conduct target research;
- Perform “Google hacking”;
Footprinting (Lab/Instructional)
This lab instructs students on the basics of open source researching a target domain.
Initial Vulnerability Scanning (Lesson)
- Discover known vulnerabilities;
- Learn vulnerability scanner implementation;
- Prepare vulnerability scanners;
Initial Vulnerability Scanner Setup (Lab/Instructional)
OpenVAS is a popular open-source vulnerability scanner and management tool. One of the tools included with OpenVAS is the Greenbone Security Assistant (GSA), a web application which connects to the OpenVAS manager daemon to provide a GUI for vulnerability management. In this lab, you'll become familiar with how these tools work and how to use them.
Vulnerability Identification (Lesson)
- Research vulnerabilities;
- Identify vulnerability severity;
- Identify patch levels;
Vulnerability Analysis (Lab/Instructional)
Conducting a vulnerability scan is important. In this lab, students will learn how to interpret the results from the vulnerability scans.
Basic Exploitation (Lesson)
- Match a vulnerability with an exploit;
- Successful post exploitation steps;
- Additional post exploitation failure research;
Initial Exploitation (Lab/Instructional)
It's important to realize not all exploits require scripted code and payloads. Sometimes a simple Nmap scan - coupled with a Telnet connection and a clever username - is all you need!
Privilege Escalation (Lesson)
- Learn system privileges;
- Remote compile local exploits;
- Escalate privileges;
- Establish Netcat listeners;
Privilege Escalation (Lab/Instructional);
Privilege escalation exploits are one of the most common exploit types. By exploiting flaws in the OS, this type of exploit allows a user to elevate their level of system access. Once elevated, a user can make permanent changes and gain control of the vulnerable system.
Backdoor Implants (Lesson)
- Learn backdoors;
- Establish a backdoor;
Backdoor Implementation (Lab/Instructional)
This lab will take students through creating backdoors in systems as well as implementing inadvertent backdoors and exploitations.
Covering Tracks (Lesson)
- Learn how to cover tracks after an exploitation;
- Modify date/time stamps on files;
- Search logs for evidence;
- Delete evidence from logs;
Covering Tracks (Lab/Instructional)
When a system is accessed, either by normal or clandestine operations, evidence is left behind in log files. Sanitation of those log files is important to cover up any activity that had taken place.
System Exploration (Lesson)
- Identify valuable information;
- Discover password files on a system;
- Crack discovered passwords;
- Identify open network file shares;
Deeper Exploration (Lab/Instructional)
Once a system has been compromised with administrator level access all sensitive system information is available to the attacker. In this lab, we'll take you through obtaining that system information.
CVEC Challenge (Lab/Challenge)
This is a challenge lab for the CVEC series which is based on the materials covered in the previous 8 labs.
- Understand footprinting;
- Conduct target research;
- Perform “Google hacking”;
Footprinting (Lab/Instructional)
This lab instructs students on the basics of open source researching a target domain.
Initial Vulnerability Scanning (Lesson)
- Discover known vulnerabilities;
- Learn vulnerability scanner implementation;
- Prepare vulnerability scanners;
Initial Vulnerability Scanner Setup (Lab/Instructional)
OpenVAS is a popular open-source vulnerability scanner and management tool. One of the tools included with OpenVAS is the Greenbone Security Assistant (GSA), a web application which connects to the OpenVAS manager daemon to provide a GUI for vulnerability management. In this lab, you'll become familiar with how these tools work and how to use them.
Vulnerability Identification (Lesson)
- Research vulnerabilities;
- Identify vulnerability severity;
- Identify patch levels;
Vulnerability Analysis (Lab/Instructional)
Conducting a vulnerability scan is important. In this lab, students will learn how to interpret the results from the vulnerability scans.
Basic Exploitation (Lesson)
- Match a vulnerability with an exploit;
- Successful post exploitation steps;
- Additional post exploitation failure research;
Initial Exploitation (Lab/Instructional)
It's important to realize not all exploits require scripted code and payloads. Sometimes a simple Nmap scan - coupled with a Telnet connection and a clever username - is all you need!
Privilege Escalation (Lesson)
- Learn system privileges;
- Remote compile local exploits;
- Escalate privileges;
- Establish Netcat listeners;
Privilege Escalation (Lab/Instructional);
Privilege escalation exploits are one of the most common exploit types. By exploiting flaws in the OS, this type of exploit allows a user to elevate their level of system access. Once elevated, a user can make permanent changes and gain control of the vulnerable system.
Backdoor Implants (Lesson)
- Learn backdoors;
- Establish a backdoor;
Backdoor Implementation (Lab/Instructional)
This lab will take students through creating backdoors in systems as well as implementing inadvertent backdoors and exploitations.
Covering Tracks (Lesson)
- Learn how to cover tracks after an exploitation;
- Modify date/time stamps on files;
- Search logs for evidence;
- Delete evidence from logs;
Covering Tracks (Lab/Instructional)
When a system is accessed, either by normal or clandestine operations, evidence is left behind in log files. Sanitation of those log files is important to cover up any activity that had taken place.
System Exploration (Lesson)
- Identify valuable information;
- Discover password files on a system;
- Crack discovered passwords;
- Identify open network file shares;
Deeper Exploration (Lab/Instructional)
Once a system has been compromised with administrator level access all sensitive system information is available to the attacker. In this lab, we'll take you through obtaining that system information.
CVEC Challenge (Lab/Challenge)
This is a challenge lab for the CVEC series which is based on the materials covered in the previous 8 labs.
ESAME:
The CSX Vulnerability and Exploitation Certificate Exam assesses candidates understanding of network and system vulnerability scanning, scanner implementation and usage, vulnerability analysis, exploitation, privilege escalation, backdoor implants, and track obfuscation. The two-hour exam is a real-time, hands-on exam which challenges students to demonstrate their skill set in a live environment.
This two-hour exam contains no multiple-choice questions or simulations and intentionally restricts access to the internet. Where applicable, man pages and help files are available.
Objectives:
Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:
Demonstrate an ability to:
- Scan and enumerate a network;
- Conduct a vulnerability scan;
- Conduct vulnerability analysis;
- Exploit a designated system;
- Escalate privileges on a system;
- Implement a backdoor;
- Cover the tracks of an exploitation;
Students must be comfortable leveraging Linux terminal tools and interfaces.
Objectives:
Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:
Demonstrate an ability to:
- Scan and enumerate a network;
- Conduct a vulnerability scan;
- Conduct vulnerability analysis;
- Exploit a designated system;
- Escalate privileges on a system;
- Implement a backdoor;
- Cover the tracks of an exploitation;
Students must be comfortable leveraging Linux terminal tools and interfaces.
LIVELLO:
INTERMEDIATEDOMINIO:
DETECTPREZZO:
400,00 € + IVA
PREZZO ESAME:
250,00 € + IVA
