Module 1: Fundamentals of information security management
This module helps participants understand the key concepts of information security, as well as key terminology that will be used throughout the course.
Module 2: Networking architecture
This module presents the core networking concepts, such as a conceptual view of the information flow frameworks, types of networks, as well as devices that can be found on networks.
Module 3: Network-based attacks
This module discusses major attacks that can be accomplished while the information is in transit. It presents different offensive techniques to gather data from computers, and establish active connections allowing intruders to monitor sessions.
Module 4: Securing a network infrastructure
This module discusses the technology used to harden security at the network level, essentially defensive techniques and countermeasures to block or delay attacks at the network.
Module 5: Authentication and access control mechanisms
This module helps participants understand how security works upon authenticating to different system. We explore the authentication frameworks, and discuss how these are used to identify uniqueness in user accounts to permit certain types of access.
Module 6: Password-based attacks
This module allows an understanding of the attack techniques over logins and authentication mechanisms. We discover how passwords can be found, cracked, and used as replay to infiltrate networks under a spoofed identity.
Module 7: Malware types
This module discovers the common types of malware programs which objectives are to interrupt the proper functioning of a system. Terms such as spyware, adware, viruses, and worms will be explained.
Module 8: Computer systems security
This module deals with key information on how to secure deskops and servers. It provides an insight at the way a system can be hardened to reduce the surface of attack.
Module 9: Public key infrastructure
This module explains an extremely powerful way to defend against several types of attacks that can occur at the network or computer level. We explore the PKI, a set of technologies reinforcing security globally on the network, as long as it is properly used.
Module 10: Web-based attacks
In this module, we explore different types of attacks targeting Web applications and servers. We will understand the differences between several attack types, such as cross-site scripting or SQL injection.
Module 11: Systems and resources discovery
This module explains how it is possible to find and identify key resources (operating systems, applications, etc.) used to provide a proper insight at a target network. Multiple tools to scan and automate the process will be seen.
Module 12: Network scanning
This module explain how an attacker can perform discovery of running services as well as ports on a computer system. Tools performing network scanning will be used to show how relatively easy it is to launch a network scan, and collect several useful information regardint the security posture of a network ad its running processes.
Module 13: Privilege escalation techniques
This module helps participants discover how an attacker can increase a given set of privileges to become a superuser on a target system, and then execute malicious programs to keep control of the system, and execute its own programs.
Module 14: Social-based exploitation techniques
Attacking humans instead of computers is a technique that is commonly used to find out key information on a computer system, network, or even the company itself. Several ways to perform social engineering will be discovered in this module.
Module 15: Data hiding and trails masquerading
It is possible to hide data on a remote system upon taking over it. This step is critical in order to avoid presence in log files, or to help in identification of the attackers' source. This module explains how attackers proceed with tempering with the integrity of a system to inject their own programs, and cover tracks on a system they are owning.
Module 16: Cyberattacks detection and reporting
This module presents ways to understand a cyberattack has taken place, and ways to efficiently manage, collect information about it and report it.