This course is instructor led with a heavy emphasis on practical lab elements which allow users of all levels to carry out cyber-attacks through ‘hands-on’ labs, competitive challenges, Interactive based quizzes.
Module 1 - Introduction to Cyber
This module aims to introduce the idea that their organisations can be reduced into an attack surface of three primary domains. We also introduce the concept of the Cyber Kill Chain which allows us to see breach as a series of events that each offer opportunity, as a business, to break that chain and prevent a breach.
This module also introduces the various threat actors that might target our information assets, their methods and motivations. We also look at how businesses can appraise cyber risk in a meaningful way that will allow the appropriate allocation of resources to mitigation.
Module 2 - Recon
In this module we will understand and use some of the same recon techniques and tools that threat actors will use in the initial stages of the attack. We will use Twitter geolocation to identify employees of your own organisation and map their movements over a week. We will also use Facebook to uncover information on our own profiles that we thought was private. We will also use Maltego, Nmap and Shodan to discover vast swathes of our own infrastructure and produce target maps and uncover vulnerabilities.
Module 3 - Weaponisation
In this module we will look at how threat actors can create a range of exploits for Windows, Linux and Android devices. We will also look at how these breaches establish command and control back to the attacker and how this traffic can be hard for our NIDS systems to spot unless we properly train them. We will also look at the ways malware can disguise its true purpose using encoding and encryption.
Module 4 - Delivery
In this module we will look at how MITM techniques can be used to undermine SSL/TLS in order to retrieve sensitive information. We will also look at how modern Mani in the Middle (MITM) tools can be used to inject, in real time, A backdoor into any downloaded executable that passes over the target network. We will also use network mapping tools to uncover and attack vulnerable services, Utilising information captured from one compromised service to allow us to attack another. We will also look at how SS7 can be abused to allow us to spoof text messages, An overlooked vector for social engineering attacks.
Module 4 – Social Engineering
This short module introduces the concept of social engineering and uses ‘first person engagement’ to allow you to experience a social engineering attack first hand and see the results of decisions you make.