SECURITY TRAINING

Our security training program has been designed for engineering teams seeking to grow their knowledge on how to build secure software and keep company data safe. Participants will learn the most recent security vulnerabilities, exploitation techniques and their countermeasures.

The training is led by our best security engineers, whose CTF teams rank in the world’s top ten.

Let us know what kind of security training you are interested in and we will contact you shortly.

Contact us


Summary

During the two-day security training you will explore methods used by hackers and ways of defending against them. We keep theory to a minimum while ramping up the practice side of the equation: each topic is exemplified with a real-world case that gives you the opportunity to understand all the details in depth.

Target Audience and Requirements

The training is designed for web developers, administrators and anyone seeking to improve their awareness of common security threats in web applications.

Outline

  • Enumeration and information gathering
  • Client-side web security - attacks against web browser end users
    • XSS
    • CSRF - Cross-site request forgery
    • Same Origin Policy bypass
    • DNS rebinding
    • Clickjacking
    • Session fixation
  • Server-side web security - attacks against web servers
    • Attacks on popular database engines
    • Authentication bypass mechanisms
    • Threats related to popular programming languages - PHP, Python
  • Threats related to REST API
  • Common security design mistakes made by programmers and how to avoid them

Summary

The training presents methods hackers use to gain unauthorized code execution access. Over two days we cover a deep analysis of low-level hardware architecture and interfaces, modern exploitation techniques and how they can be countered.

Target Audience and Requirements

Security training mostly for low-level developers, security engineers and administrators and anyone interested in raising their awareness of common security threats in native applications.

Outline

  • A review of binary analysis tools - IDA, OllyDbg, Veles
  • Identifying popular vulnerabilities in compiled machine code
    • Fuzzing
    • Exploitation techniques
    • Shellcoding - methods of writing target-specific malicious code
      • Bypassing security filters (ASCII only shellcodes…)
    • Return-oriented programming (ROP)
    • Manipulating binary specific structures to alter code flow

Summary

This two-day security training provides a unique opportunity to learn reverse engineering - from small, simple programs to advanced malicious viruses. You will start from scratch, from building your own lab and analyzing code and behavior to dealing with anti-analyzing and anti-debugging protection. The training provides hands-on experience based on real programs and viruses.

Target Audience and Requirements

The training is designed for security engineers and anyone seeking to gain knowledge about modern threats, how those threats behave and what they are capable of, and ways to defend against them.

Outline

  • A review of binary analysis tools
    • IDA
    • Ollydbg/x64dbg
    • gdb
    • x86/amd64 assembly and architecture
    • Calling conventions
    • Recognizing patterns in assembly code
  • The structure of executable files
    • PE
    • ELF
  • Windows, Linux operating system internals
    • System calls
    • User-kernel mode context switching
  • Code analysis
  • Behavioral analysis
    • Interaction with the operating system and its resources
    • Static analysis
      • Automatic code vulnerability scanning
      • Manual analysis
    • Dynamic analysis
      • Debugging
      • Symbolic execution
  • Anti-debugging and reversing techniques
  • Polymorphic, self-modifying and packed binaries
    • Common obfuscation methods
    • VM-based programming
    • Debugger detection
    • Sandbox detection