Emerging Security Threats and Countermeasures

Learn Security Awareness Best Practices

People are the key information assets of an organization. Unfortunately, they are often not properly trained to detect and identify threats noticing them on time. This becomes easy for an adversary to easily siphon out organization’s intellectual property such as blueprints, business plans, policy details, source codes, patents, copyrights causing irreplaceable competitive advantage and reputation in industry. The only proven and time-tested deterrent to such nefarious activities is a well groomed security mindset that people need to imbibe through regular training in security.

In this two-day workshop, candidates are introduced to real-life incidents which have caused multi-million dollar losses to companies due to lax security controls and implementation. Frequently, they happen due to lack of proper security awareness among the people of the organization. We see how people become the security’s “weakest” link.

Next, we delve deeper into the discovery and reconnaissance techniques which are popularly used by attackers to know about the weak points of entry in the organization’s network. Specific attack techniques such as privilege escalation, password cracking, denial-of-service attacks and so on are put forward to demonstrate how weak security practices and implementation go a long way to compromise the security of the systems where the information assets reside.

Security exploits framework, Threat modeling are now put forward to demonstrate how an attacker is able to penetrate and compromise the security of the organization’s network. Finally, we look into defensive strategies to contain the impact of threat agent to the most prized information asset(s) in the organization. Last but not the least, if in case any breach does take place, the incident management procedures are put forward for proper asset recovery and salvaging.

Duration

2 Days

Who Should Attend?

This course is focused on all security enthusiasts, team leads, IT managers, decision makers, senior managers to understand the latest threats to information security and the preventive measures for the same.

Course Contents

  • Introduction & Case Studies
  • Business Risks from Security Vulnerabilities
  • Security Testing Methodologies
  • Types of Attacks
  • Recent Security Incidents
  • Identify the security incidents
  • Why Compliance Policies are not enough
  • Emerging Malicious Codes & Trends
  • People – The Usual Entry Point to Corporate
  • Advanced Persistent Threats
    • RSA – Anatomy of Attack
    • Stuxnet
  • Reconnaissance Principle
  • Fingerprinting & Footprinting
  • GHDB
  • Social Engineering
  • Network Mapping
  • Breaking Crypto
  • Privilege Escalation
  • Password Cracking
  • Denial of Service
  • Remote Code Execution
  • Attacking Web Application
  • Proxy Based Attacks
  • Introduction to Metasploit
  • Understanding
    • Vulnerabilities
    • Exploitation
    • Post Exploitation
  • Metasploiting the target
  • Owning the Enterprise
  • (in)security – An Overview
  • Threat Modeling – Objectives
  • Threat Modeling – Meaning and terminology
  • Hacker’s Interest Area
  • Threat Profiling
  • Practical Considerations
  • Security in Design
  • Security in Depth
  • Security in Defaults
  • Concept of Least Privilege
  • Minimize Attack Surface
  • Preventive & Detective controls
  • Hacked – Now What?
  • Digital Forensics

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content