Basics and framework conditions
- Protection goals, pillars of IT security
- types of hackers
- Laws and guidelines, KRITIS
- standards and methods
- Career paths & IT security jobs
- Relevant certifications, further education opportunities, training labs
- Project Management (Waterfall vs. Agile)
- RedTeaming vs Pentesting vs Vulnerability Analysis
- CTF vs pen testing
- Phases of an attack / kill chains, Lockheed Martin, PTES, MITER etc.
Structure and procedure of a penetration test
- Phases/procedure of a penetration test
- Goal and result of a penetration test
- Documentation of vulnerabilities
- planning / initiating a pentest)
- Risks and common-mistakes (from practice for practice) scoping
- Presentation of results for IT & Management
Conducting a penetration test
- Information Gathering / Active / Passive Reconnaissance
- Basic countermeasures (FW, IDS, IPS, WAF, EPP, logging, SIEM) & security operations (SOC, CERT, Blue Team etc.)
- Vulnerability Analysis and Vulnerability Classification (CVE, CVSS, Exploitability and Criticality)
- Dealing with 0-day's disclosure types (Responsible, Full)
- Exploitation / Low Hanging Fruits (Common Attack Paths, such as SQL/Command Injection, Basic Buffer Overflow, Misconfigurations, etc.)
- Post Exploitation Basic Privilege Escalation Looting, Persistence and Lateral Movement / Low Hanging Fruits
- Differences on-premise vs cloud
Previous
Next