{"course":{"productid":34890,"modality":1,"active":true,"language":"fr","title":"Cyber Security & ANTI-HACKING Workshop","productcode":"HACK","vendorcode":"IC","vendorname":"Innovator Class","fullproductcode":"IC-HACK","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/innovator-hack","objective":"<p>The aim of the course is to impart technical and organizational knowledge in the field of IT security so that participants can make sensible decisions in their daily work to improve IT security efficiently and sustainably. Numerous practical exercises will enable you to recognize and ward off attacks or to close or reduce existing security gaps.<\/p>","essentials":"<ul>\n<li>Experience with the operation and administration of IT systems<\/li><li>Basic IT security knowledge<\/li><\/ul>","audience":"<p>This beginner&#039;s course is aimed at IT security officers, IT administrators (client, server, network), programmers, IT engineers and Security Operation Center (SOC) operators as well as anyone who wants to view security risks from the perspective of the attacker and thus develop solution scenarios.<\/p>","contents":"<ul>\n<li>Basics of cyber security<\/li><li>Current trends<\/li><li>Initial infection<\/li><li>Infrastructure security<\/li><li>Linux attacks<\/li><li>Windows attacks<\/li><li>Post-exploitation<\/li><li>Active Directory<\/li><li>Post Exploitation<\/li><li>Defense in Depth<\/li><li>Ransomware<\/li><li>Ask me Anything<\/li><li>Web Security<\/li><li>Denial of Service<\/li><li>Network Security<\/li><\/ul>","outline":"<h5>Cybersecurity basics<\/h5><ul>\n<li>What is hacking?<\/li><li>What is IT security?<\/li><li>Attackers, motivation and tactics<\/li><li>General definitions and metrics<\/li><li>Attack techniques and tactics according to Mitre Att&amp;ck<\/li><\/ul><h5>Current trends<\/h5><ul>\n<li>Current metrics<\/li><li>Proven attack techniques<\/li><li>Cybersecurity trends and current threat situation<\/li><\/ul><h5>Initial infection<\/h5><ul>\n<li>Types of social engineering<\/li><li>Password-based attacks<\/li><li>Advantages and disadvantages of password policies<\/li><li>Phishing and bypassing MFA \/ 2FA<\/li><li>M365 attacks<\/li><li>Adversary-in-the-browser attack<\/li><li>Browser-in-the-browser attack<\/li><li>Recognizing and preventing phishing<\/li><li>Email-based attacks<\/li><li>Browser-based attacks<\/li><li>Attacks with peripheral devices<\/li><li>Exploit vs. social engineering<\/li><li>Physical attacks<\/li><\/ul><h5>Infrastructure security<\/h5><ul>\n<li>Introduction of the attack chain<\/li><li>Enumeration and footprinting<\/li><li>Discovery and port scanning<\/li><li>Off-line cracking<\/li><li>Reverse and bind shells<\/li><li>Evaluation of vulnerabilities<\/li><li>Command injections, webshells and SSRF<\/li><li>Introduction to Metasploit<\/li><\/ul><h5>Linux Security<\/h5><ul>\n<li>Linux basics<\/li><li>Linux Exploitation<\/li><li>Lateral movement and pivoting<\/li><li>Privilege Escalation<\/li><li>Post-exploitation<\/li><li>Case Studies<\/li><\/ul><h5>Windows Security<\/h5><ul>\n<li>Windows basics<\/li><li>Windows Credential System<\/li><li>NG Firewall Invasion<\/li><li>Pivoting<\/li><li>Memory Corruptions<\/li><li>Exploit Mitigations<\/li><li>Meterpreter advanced<\/li><li>Keylogging<\/li><li>Client-Side Exploitation<\/li><li>Sysinternals Suite<\/li><li>Library hijacking<\/li><\/ul><h5>Active Directory Security<\/h5><ul>\n<li>Active Directory basics<\/li><li>Coercion attacks<\/li><li>Passing on the hash (PTH)<\/li><li>Passing on the ticket (PTT)<\/li><li>Golden tickets, silver tickets<\/li><li>Impersonation<\/li><li>Kerberoasting<\/li><li>Over-pass the Hash \/ Pass the Key<\/li><li>Skeleton key<\/li><li>Machine account quota<\/li><li>AdminSDHolder<\/li><li>Enterprise access model<\/li><li>Privileged Access Workstations<\/li><\/ul><h5>Evasion<\/h5><ul>\n<li>Native Malware, Powershell Malware, .NET Malware<\/li><li>A\/V evasion<\/li><li>Exfiltration and C+C<\/li><\/ul><h5>Post-exploitation<\/h5><ul>\n<li>Native and meterpreter commands for post-exploitation<\/li><li>Living-off-the-land attacks<\/li><li>Fileless malware<\/li><li>Lateral Movemenent (RDP, WMI, WinRM, DCOM RPC)<\/li><\/ul><h5>Defense in Depth<\/h5><ul>\n<li>Windows hardening<\/li><li>Active Directory Hardening<\/li><li>The Kill Chain<\/li><li>Network defense<\/li><li>Basics of ISMS<\/li><li>Advanced network defense<\/li><li>Threat modeling and protecting crown jewels<\/li><li>Setting up and operating security operation centers<\/li><li>Incident response policies<\/li><li>Threat intelligence<\/li><\/ul><h5>Ransomware defense<\/h5><ul>\n<li>Backup strategy<\/li><li>RPO and RTO<\/li><li>Recovery strategy<\/li><li>Ransomware protection<\/li><li>To pay or not to pay?<\/li><li>Decryption considerations<\/li><li>Tools<\/li><\/ul><h5>Web security<\/h5><ul>\n<li>Introduction to web applications, services and http<\/li><li>OWASP TOP 10<\/li><li>Dealing with browser developer tools<\/li><li>Web vulnerabilities on the server side (SSRF, command injections, deserialization, SQLi, file inclusion)<\/li><li>Browser-supported web vulnerabilities (XSS, XSRF, etc)<\/li><li>Vulnerabilities in web services<\/li><\/ul><h5>Ask me Anything with trainer<\/h5><ul>\n<li>Open question and answer session<\/li><li>Discussion of current projects<\/li><li>Deepening<\/li><\/ul><h5>Network security<\/h5><ul>\n<li>Introduction to Wireshark and Scapy<\/li><li>Different types of MiTM attacks<\/li><li>Sniffing and injection<\/li><li>Switching security<\/li><li>Microsegementation<\/li><li>Wifi security main threats<\/li><li>Attacks on TCP\/IP stack<\/li><li>TCP, UDP, IPv4\/ IPv6 threats<\/li><li>Network access control<\/li><\/ul><h5>Secure communication<\/h5><ul>\n<li>Encryption basics<\/li><li>Different cryptosuites<\/li><li>Public key infrastructures<\/li><li>Crypto-Hardening<\/li><li>Practical use of cryptography<\/li><li>Introduction to TLS\/SSL<\/li><li>TLS\/SSL attacks and defense<\/li><li>Hard disk encryption<\/li><\/ul><h5>Denial of service<\/h5><ul>\n<li>Types of denial of service<\/li><li>Motives of the attackers<\/li><li>Memory corruption DoS<\/li><li>Focus on volume-based DDoS<\/li><li>Defense against denial of service<\/li><li>Incident response for DoS<\/li><\/ul><h4>Case studies and exercises<\/h4><h5>Basics<\/h5><ul>\n<li>Setting up a phishing page<\/li><li>DNS reconnaissance<\/li><li>Port scanning<\/li><li>Exchange-Exploitation<\/li><\/ul><h5>Linux<\/h5><ul>\n<li>Exploitation of a Linux server<\/li><li>Post-exploitation of the Linux server<\/li><li>Linux lateral movement<\/li><li>Heartbleed<\/li><\/ul><h5>Windows<\/h5><ul>\n<li>Pivot to Windows<\/li><li>Lateral movement in Active Directory - Coercion attack<\/li><li>Kerberoasting<\/li><li>Post-Exploitation<\/li><\/ul><h5>Web<\/h5><ul>\n<li>Web bruteforcing<\/li><li>XSS vulnerability<\/li><li>SQL Injection<\/li><li>Exploitation Wordpress RCE<\/li><\/ul><h5>Networking<\/h5><ul>\n<li>Scapy basics<\/li><li>Analysis of MiTM attacks<\/li><li>Wireshark basics<\/li><li>VoIP interception of WebRTC traffic<\/li><li>TLS stripping with HSTS bypass<\/li><\/ul><h5>Demos<\/h5><ul>\n<li>Attack on Keepass<\/li><li>Windows DLL hijacking<\/li><li>Examples from Virustotal and Any.run<\/li><li>Backdoor with MSFvenom<\/li><li>Targeted breaking of an A\/V signature<\/li><\/ul>","summary":"<h4>Cyber security, attack techniques and countermeasures<\/h4><p>Learn the latest techniques used by hackers and how to effectively defend against advanced attacks. In a time of limited security budgets, staff shortages and strict security standards, our workshop provides IT administrators, security officers and SOC analysts with the guidance they need.<\/p>\n<p>Among other things, our workshop covers specific attack techniques for Linux and Windows, authentication processes, web and cloud security as well as methods for defending against ransomware and protecting infrastructures. The hands-on exercises are based on the prestigious Mitre ATT&amp;CK project and actual attacks observed at customer sites. The theoretical part is based on industry standards such as the BSI baseline protection compendium and the CIS benchmarks and continuously integrates new content from security vendor reports, conference talks, news feeds, research papers and technical blogs.<\/p>\n<p>In the course, we consistently switch between the perspective of the attacker and the defense. This enables participants to derive defense measures and quick wins directly from the practical lab exercises. Equip your organization with the knowledge to fend off 0-day and 1-day attacks and meet the requirements of the GDPR and NIS2 regulations.<\/p>\n<p>The course is rounded off with advanced topics such as antivirus evasion, next-generation firewalls, XDRs, proxy whitelisting, sandboxes, EDRs and XSS filters.\nA special feature of our course compared to other basic cyber security courses and certification courses is that we do not dwell on outdated basics and attack techniques that are irrelevant today, but focus on the really important topics. We also provide space for questions that go beyond the course content.<\/p>\n<p>At the end of the course, we take 30 minutes for an <q>Ask Me Anything<\/q> (AmA) to facilitate a discussion between the participants and the trainer. This provides an opportunity to talk about current projects and topics that are relevant to the participants but were not covered in the course.<\/p>\n<h5>Lab<\/h5><p>The lab environment includes a powerful, fully dedicated lab per participant with more than 35 virtual cores and over 80 GB of RAM. The lab environment has a large bandwidth and low latency. It is accessed via a web browser and does not require any software to be installed.<\/p>\n<h5>Bonus<\/h5><p>As a bonus, after completing the 4-day Cyber Security &amp; ANTI-HACKING workshop, you will receive an additional day of full access to the hacking lab presented in the course. This additional day gives you the opportunity to deepen the attack techniques discussed and to independently get to know further attack scenarios in the lab. The exercises require creativity, technical knowledge and tenacity. You will also have time to repeat the exercises discussed in the course.<\/p>","objective_plain":"The aim of the course is to impart technical and organizational knowledge in the field of IT security so that participants can make sensible decisions in their daily work to improve IT security efficiently and sustainably. Numerous practical exercises will enable you to recognize and ward off attacks or to close or reduce existing security gaps.","essentials_plain":"- Experience with the operation and administration of IT systems\n- Basic IT security knowledge","audience_plain":"This beginner's course is aimed at IT security officers, IT administrators (client, server, network), programmers, IT engineers and Security Operation Center (SOC) operators as well as anyone who wants to view security risks from the perspective of the attacker and thus develop solution scenarios.","contents_plain":"- Basics of cyber security\n- Current trends\n- Initial infection\n- Infrastructure security\n- Linux attacks\n- Windows attacks\n- Post-exploitation\n- Active Directory\n- Post Exploitation\n- Defense in Depth\n- Ransomware\n- Ask me Anything\n- Web Security\n- Denial of Service\n- Network Security","outline_plain":"Cybersecurity basics\n\n\n- What is hacking?\n- What is IT security?\n- Attackers, motivation and tactics\n- General definitions and metrics\n- Attack techniques and tactics according to Mitre Att&ck\nCurrent trends\n\n\n- Current metrics\n- Proven attack techniques\n- Cybersecurity trends and current threat situation\nInitial infection\n\n\n- Types of social engineering\n- Password-based attacks\n- Advantages and disadvantages of password policies\n- Phishing and bypassing MFA \/ 2FA\n- M365 attacks\n- Adversary-in-the-browser attack\n- Browser-in-the-browser attack\n- Recognizing and preventing phishing\n- Email-based attacks\n- Browser-based attacks\n- Attacks with peripheral devices\n- Exploit vs. social engineering\n- Physical attacks\nInfrastructure security\n\n\n- Introduction of the attack chain\n- Enumeration and footprinting\n- Discovery and port scanning\n- Off-line cracking\n- Reverse and bind shells\n- Evaluation of vulnerabilities\n- Command injections, webshells and SSRF\n- Introduction to Metasploit\nLinux Security\n\n\n- Linux basics\n- Linux Exploitation\n- Lateral movement and pivoting\n- Privilege Escalation\n- Post-exploitation\n- Case Studies\nWindows Security\n\n\n- Windows basics\n- Windows Credential System\n- NG Firewall Invasion\n- Pivoting\n- Memory Corruptions\n- Exploit Mitigations\n- Meterpreter advanced\n- Keylogging\n- Client-Side Exploitation\n- Sysinternals Suite\n- Library hijacking\nActive Directory Security\n\n\n- Active Directory basics\n- Coercion attacks\n- Passing on the hash (PTH)\n- Passing on the ticket (PTT)\n- Golden tickets, silver tickets\n- Impersonation\n- Kerberoasting\n- Over-pass the Hash \/ Pass the Key\n- Skeleton key\n- Machine account quota\n- AdminSDHolder\n- Enterprise access model\n- Privileged Access Workstations\nEvasion\n\n\n- Native Malware, Powershell Malware, .NET Malware\n- A\/V evasion\n- Exfiltration and C+C\nPost-exploitation\n\n\n- Native and meterpreter commands for post-exploitation\n- Living-off-the-land attacks\n- Fileless malware\n- Lateral Movemenent (RDP, WMI, WinRM, DCOM RPC)\nDefense in Depth\n\n\n- Windows hardening\n- Active Directory Hardening\n- The Kill Chain\n- Network defense\n- Basics of ISMS\n- Advanced network defense\n- Threat modeling and protecting crown jewels\n- Setting up and operating security operation centers\n- Incident response policies\n- Threat intelligence\nRansomware defense\n\n\n- Backup strategy\n- RPO and RTO\n- Recovery strategy\n- Ransomware protection\n- To pay or not to pay?\n- Decryption considerations\n- Tools\nWeb security\n\n\n- Introduction to web applications, services and http\n- OWASP TOP 10\n- Dealing with browser developer tools\n- Web vulnerabilities on the server side (SSRF, command injections, deserialization, SQLi, file inclusion)\n- Browser-supported web vulnerabilities (XSS, XSRF, etc)\n- Vulnerabilities in web services\nAsk me Anything with trainer\n\n\n- Open question and answer session\n- Discussion of current projects\n- Deepening\nNetwork security\n\n\n- Introduction to Wireshark and Scapy\n- Different types of MiTM attacks\n- Sniffing and injection\n- Switching security\n- Microsegementation\n- Wifi security main threats\n- Attacks on TCP\/IP stack\n- TCP, UDP, IPv4\/ IPv6 threats\n- Network access control\nSecure communication\n\n\n- Encryption basics\n- Different cryptosuites\n- Public key infrastructures\n- Crypto-Hardening\n- Practical use of cryptography\n- Introduction to TLS\/SSL\n- TLS\/SSL attacks and defense\n- Hard disk encryption\nDenial of service\n\n\n- Types of denial of service\n- Motives of the attackers\n- Memory corruption DoS\n- Focus on volume-based DDoS\n- Defense against denial of service\n- Incident response for DoS\nCase studies and exercises\n\nBasics\n\n\n- Setting up a phishing page\n- DNS reconnaissance\n- Port scanning\n- Exchange-Exploitation\nLinux\n\n\n- Exploitation of a Linux server\n- Post-exploitation of the Linux server\n- Linux lateral movement\n- Heartbleed\nWindows\n\n\n- Pivot to Windows\n- Lateral movement in Active Directory - Coercion attack\n- Kerberoasting\n- Post-Exploitation\nWeb\n\n\n- Web bruteforcing\n- XSS vulnerability\n- SQL Injection\n- Exploitation Wordpress RCE\nNetworking\n\n\n- Scapy basics\n- Analysis of MiTM attacks\n- Wireshark basics\n- VoIP interception of WebRTC traffic\n- TLS stripping with HSTS bypass\nDemos\n\n\n- Attack on Keepass\n- Windows DLL hijacking\n- Examples from Virustotal and Any.run\n- Backdoor with MSFvenom\n- Targeted breaking of an A\/V signature","summary_plain":"Cyber security, attack techniques and countermeasures\n\nLearn the latest techniques used by hackers and how to effectively defend against advanced attacks. In a time of limited security budgets, staff shortages and strict security standards, our workshop provides IT administrators, security officers and SOC analysts with the guidance they need.\n\nAmong other things, our workshop covers specific attack techniques for Linux and Windows, authentication processes, web and cloud security as well as methods for defending against ransomware and protecting infrastructures. The hands-on exercises are based on the prestigious Mitre ATT&CK project and actual attacks observed at customer sites. The theoretical part is based on industry standards such as the BSI baseline protection compendium and the CIS benchmarks and continuously integrates new content from security vendor reports, conference talks, news feeds, research papers and technical blogs.\n\nIn the course, we consistently switch between the perspective of the attacker and the defense. This enables participants to derive defense measures and quick wins directly from the practical lab exercises. Equip your organization with the knowledge to fend off 0-day and 1-day attacks and meet the requirements of the GDPR and NIS2 regulations.\n\nThe course is rounded off with advanced topics such as antivirus evasion, next-generation firewalls, XDRs, proxy whitelisting, sandboxes, EDRs and XSS filters.\nA special feature of our course compared to other basic cyber security courses and certification courses is that we do not dwell on outdated basics and attack techniques that are irrelevant today, but focus on the really important topics. We also provide space for questions that go beyond the course content.\n\nAt the end of the course, we take 30 minutes for an Ask Me Anything (AmA) to facilitate a discussion between the participants and the trainer. This provides an opportunity to talk about current projects and topics that are relevant to the participants but were not covered in the course.\n\nLab\n\nThe lab environment includes a powerful, fully dedicated lab per participant with more than 35 virtual cores and over 80 GB of RAM. The lab environment has a large bandwidth and low latency. It is accessed via a web browser and does not require any software to be installed.\n\nBonus\n\nAs a bonus, after completing the 4-day Cyber Security & ANTI-HACKING workshop, you will receive an additional day of full access to the hacking lab presented in the course. This additional day gives you the opportunity to deepen the attack techniques discussed and to independently get to know further attack scenarios in the lab. The exercises require creativity, technical knowledge and tenacity. You will also have time to repeat the exercises discussed in the course.","skill_level":"Intermediate","version":"8.2","duration":{"unit":"d","value":4,"formatted":"4 jours"},"pricelist":{"List Price":{"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":3490},"AT":{"country":"AT","currency":"EUR","taxrate":20,"price":3490},"SE":{"country":"SE","currency":"EUR","taxrate":25,"price":3490},"IL":{"country":"IL","currency":"ILS","taxrate":17,"price":8990},"AE":{"country":"AE","currency":"USD","taxrate":5,"price":2990},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":3490},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":3490}}},"lastchanged":"2025-09-03T09:21:17+02:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course-schedule\/34890","source_lang":"fr","source":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course\/innovator-hack"}}