Abdul Alanazi - An Introductory Bootcamp on Network & Web Penetration Testing - $1,400 early
$1,400.00
Trainer bio:
Abdul is a seasoned penetration testing technical manager at SabrySecurity, a key player in Sabry InfoSec, boasting close to a decade of experience in the field. Before his tenure at Sabry, he honed his skills as a Penetration Testing Consultant at prestigious firms like Booz Allen Hamilton, HYAS InfoSec, ManTech, and various other global and local entities. Abdul holds a MASc in Computer Engineering with a specialization in Applied Network Security & Machine Learning from UVIC.ca. His academic prowess extends to publishing research on Botnet Detection, including the paper "Holistic Model for HTTP Botnet Detection Based on DNS Traffic Analysis" in 2017, showcasing his deep understanding of cybersecurity. Abdul holds multiple certifications from Offensive Security, including OSCP, OSCE, OSWE, OSEP, OSWA, OSWP, as well as a GPEN from GIAC, among others. He has also trained individuals in Advanced Network Penetration Testing. Outside of work, Abdul is passionate about coding and delving into the intricacies of open-source security tools. Notably, he has graced the stage at DEF CON 30 and contributed to the community with his open-source tool/framework titled "PMR - PT & VA Management & Reporting."
Abdul is a seasoned penetration testing technical manager at SabrySecurity, a key player in Sabry InfoSec, boasting close to a decade of experience in the field. Before his tenure at Sabry, he honed his skills as a Penetration Testing Consultant at prestigious firms like Booz Allen Hamilton, HYAS InfoSec, ManTech, and various other global and local entities. Abdul holds a MASc in Computer Engineering with a specialization in Applied Network Security & Machine Learning from UVIC.ca. His academic prowess extends to publishing research on Botnet Detection, including the paper "Holistic Model for HTTP Botnet Detection Based on DNS Traffic Analysis" in 2017, showcasing his deep understanding of cybersecurity. Abdul holds multiple certifications from Offensive Security, including OSCP, OSCE, OSWE, OSEP, OSWA, OSWP, as well as a GPEN from GIAC, among others. He has also trained individuals in Advanced Network Penetration Testing. Outside of work, Abdul is passionate about coding and delving into the intricacies of open-source security tools. Notably, he has graced the stage at DEF CON 30 and contributed to the community with his open-source tool/framework titled "PMR - PT & VA Management & Reporting."
Trainer social media links:
@alenazi_90
Full description of the training:
This specialized training is designed for professionals looking to transition their careers from backgrounds in IT, network engineering, or programming to cybersecurity. It is also suitable for individuals with skills and backgrounds in networking and programming who are ready to advance to the next level in cybersecurity, particularly in professional enterprise environments.
Full description of the training:
This specialized training is designed for professionals looking to transition their careers from backgrounds in IT, network engineering, or programming to cybersecurity. It is also suitable for individuals with skills and backgrounds in networking and programming who are ready to advance to the next level in cybersecurity, particularly in professional enterprise environments.
The course provides a comprehensive understanding of penetration testing methodologies, techniques, and tools. Participants will learn a wide range of topics, including reconnaissance, scanning, exploitation, post-exploitation, and reporting. They will learn how to identify and exploit vulnerabilities in various systems and networks, using both manual and automated techniques. The training includes hands-on exercises and real-world scenarios to enhance learning and practical skills.
Participants will gain the professional skills needed for penetration testing and corporate pentesting, preparing them to work in professional enterprise environments with confidence and expertise.
Short description of what the student will know how to do, after completing the class:
After completing the class, students will have the knowledge and skills to conduct thorough penetration tests on systems and networks, identify vulnerabilities, and provide actionable recommendations for improving security posture. They will be able to use a variety of tools and techniques to simulate real-world cyber attacks and help organizations improve their overall security defenses. Students will also gain the professional skills needed to work in professional enterprise environments, including effective communication, report writing, and teamwork.
After completing the class, students will have the knowledge and skills to conduct thorough penetration tests on systems and networks, identify vulnerabilities, and provide actionable recommendations for improving security posture. They will be able to use a variety of tools and techniques to simulate real-world cyber attacks and help organizations improve their overall security defenses. Students will also gain the professional skills needed to work in professional enterprise environments, including effective communication, report writing, and teamwork.
Outline of the class:
Outline of the 2-Day Bootcamp with Learning Paths:
Day 1: Network Penetration Testing
Morning Session:
Introduction to network penetration testing
Reconnaissance: Tools and techniques for gathering network information
Learning Path: Online resources for further study in network reconnaissance
Next Steps: Hands-on practice with reconnaissance tools, such as Nmap and netexec, project discovery tools, and others
Afternoon Session:
Scanning and Enumeration: Network scanning techniques
Writing Python scripts to automate penetration testing tasks
Exploitation: Exploiting common network vulnerabilities
Common OSINT Techniques
Network Mapping And Target Identification
Brute-Force Attacks
Vulnerability Identification And Exploitation Using Common Hacking Tools
Insecure Protocols
Security Misconfigurations Leading To Privilege Escalation Attacks
Password Attacks And Password Cracking
Administrative Shares Exploitation
Persistence Techniques
Learning Path: Recommended books and courses on network scanning and exploitation
Next Steps: Practice exploiting vulnerabilities in a controlled lab environment
Lab Exercises:
Conducting reconnaissance on target networks
Scanning networks for open ports and services
Exploiting network vulnerabilities
Day 2: Web Application Penetration Testing
Morning Session:
Introduction to web application penetration testing
Reconnaissance: Gathering information about web applications
Learning Path: Online tutorials and documentation for web application reconnaissance
Next Steps: Hands-on practice with reconnaissance tools, such as Burp Suite and OWASP ZAP, project discovery tools and usage techniques
Afternoon Session:
Scanning and Enumeration: Web application scanning techniques
Identification And Exploitation Of OWASP Top 10 Vulnerabilities
XML External Entity Attack
SQL Injection
Cross-Site Request Forgery
Practical Cryptographic Attacks
Authentication Related Vulnerabilities
Brute force Attacks
Password Storage and Password Policy
TLS Security
Identification of TLS security Misconfigurations.
Server-Side Request Forgery
Authorization And Session Management Related Flaws –
Insecure Direct Object Reference (IDOR)
Parameter Manipulation attacks
Insecure File Uploads
Code Injection Vulnerabilities
Business Logic Flaws
Directory Traversal Vulnerabilities
Common Security Misconfigurations.
Information Disclosure.
Vulnerable And Outdated Components.
Exploitation: Exploiting common web application vulnerabilities
Learning Path: Recommended blogs and forums for web application security enthusiasts
Next Steps: Practice exploiting vulnerabilities in popular web applications
Lab Exercises:
Identifying and exploiting vulnerabilities in web applications
Using tools like Burp Suite for web application testing
Note: Each day will include a mix of lectures, hands-on lab exercises, and practical scenarios to reinforce learning. Participants will be required to bring their laptops with relevant software installed for the lab sessions.
Technical difficulty of the class:Beginner & Intermediate
Suggested prerequisites for the class:
Suggested prerequisites for the class:
· Basic understanding of networking concepts (e.g., TCP/IP, DNS, HTTP)
· Familiarity with common operating systems (e.g., Windows, Linux)
· Basic knowledge of programming languages (e.g., Python, Bash)
· Prior experience with cybersecurity concepts is beneficial but not required
· Willingness to learn and participate in hands-on lab exercises
Note: While these are suggested prerequisites, motivated individuals with a strong desire to learn cybersecurity are welcome to join the class.
Items students will need to provide:
· Laptop with administrative access (Windows, macOS, or Linux)
· Virtualization software (e.g., VirtualBox, VMware)
· Install required software (TBD Later)
· Willingness to participate actively in hands-on lab exercises and practical scenarios
DATE: August 12th-13th, 2024
TIME: 8am to 5pm PDT
VENUE: Sahara Las Vegas
TRAINER: Abdul Alanazi
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2024.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.