Date: 22-23 Feb 2020, Venue Details: Tunga Regale Hotel, P-31, Central Road, MIDC, Andheri East, Mumbai
Understanding the Cyber Attack Defence Controls & Risk Evolved In Day To Day Digital Communication & Combatting It with Active Defence Controls.
We bring an enhanced optimized way that focuses on the Development & Enhancement of Skills through Interactive, “Practical & Hands” on demonstration with custom-created training modules & Series of Labs comprising a delivery model primary focussing on Corporates & Government employees.
The objective of starting Cyber Security Training is to make sure that an Individual can Identify, Protect, Detect, Respond & Recover Cyber Threats. Our aim is to provide a maximum mitigation approach policy to an organization through making them understand the criticality of the threats & the proposed action plan based on key security Standards, Policies & Advisories by NCIIPC (National Critical Information Infrastructure Protection Centre) & Cert-IN (Computer Emergency Response Team of India).
The objective of training is to generate understanding & make the Internal SOC(Security Operation Centre) Team as well as the internal employees aware about their duty towards their particular organization from a Cyber Security point of view focussing about Insider Threat Scenarios in-terms of leaking sensitive data over social media without having the intend & the impacts towards the organization. Also provided with various case studies & live demonstration of technical attack & then understanding the cause of the attack & the modus Operandi along with the vulnerability impact.
Smith Gonsalves is India’s One Of The Youngest Cyber Security Evangelist, Information Security Professional, Offensive Security Certified Professional (OSCP), Certified Ethical Hacker(CEH), Computer Hacking Forensic Investigator(CHFI), and Security Analyst with 4 years of domain experience Smith holds to be a critical member of the Infosec Community from the age of 15 to 19 current.
Smith has trained more than 10 thousand plus audience covering Law Enforcement Officials, CIO’s, CISO’s, CEO’s & Students in the area of cyber security & emerging threat landscape. His Expertise involves a wider range of Information Security Consultancy Services & Assessments required for an organisation to leverage & strengthen its security controls of the Infrastructure. This particularly include Infrastructure Penetration Testing, Configuration Review, Policies & Optimisation of the SOC (Security Operation Centre) with Event-Driven & Monitoring Solutions.
Smith holds a wider experience on OSINT & Dark Web Intelligence Gathering on Isolated Networks in terms of Identification of Actionable Intelligence on sensitive forums with respect to corporate data leaks. He also delivers Technology & Strategical talks in various CISO & CIO Summits with respect to the expertise he holds on the cyber domain, also participates in panel discussions on various topics related to Enhancement of Information Security. His main focus realizes the challenges that major organizations face & how to combat cybersecurity issues. Smith has trained more than 10 thousand plus audience covering Law Enforcement Officials, CIO’s, CISO’s, CEO’s & Students in the area of cybersecurity & emerging threat landscape.
Day 1: Cyber Operations – Offensive Approach
Session 1: Identifying different Cyber Operations Approach. Session 2: Identifying Different VAPT Process. Session 3: Scanning: External & Internal Information Gathering. Session 4: Exploitation Overview. Session 5: Identifying OWASP TOP 10 & SANS 25 modules. Session 6: Analyzing Client Application Misconfiguration. Session 7: Over-viewing Security Architecture Misconfiguration. Session 8: Data Ex-filtration & Infiltration. Session 9: Host Machine Compromisation via Misconfiguration. Session 10: Data Leakages. Session 11: Detailed Overview of Infrastructure Penetration Testing.
Day 2: Cyber Operations – Defensive Approach
Session 1: Detailed Overview of Vulnerability & Impact Analysis. Session 2: Policy Checks & Recommendation. Session 3: Mitigation of Network & Client Application Vulnerability. Session 4: Port Filtration. Session 5: Attack Traffic Analysis. Session 6: Security Updates & patch Management Solution. Session 7: Windows Configuration Checks. Session 8: Antivirus & Anti Malware Solutions. Session 9: Over-viewing different types of WAFs Session 10: Implementation of WAFs Session 11: Importance of IDPS - Intrusion Detection Prevention System (IDS & IPS Combined) Session 12: Detailed Overview of CIS Benchmarks. Session 13: Identifying different types of Honeypots & Decoys.
Benefits to the Individual After The Training 1. Enhance Understanding of Vulnerabilities The trainings will particularly focus on various kinds of vulnerability present on various environments ranging from web application, server side & kernel level. The attendees can gain a brief idea of what the vulnerability is & what are the necessary factors to consolidate in order to perform recon for identification of the specific. Vulnerability from SANS 25, OWASP Top 10 & miss configuration issues will be more likely covered. 2. Brief Overview of The Process of Exploitation & Persistence Gaining Gaining persistence has been a key factor in targeted Cyber Ops, for the necessary an deployment has to go through various stages of runtime based presence with various evading factors, exploits & social engineering technique in order to have a better C&C established. The Training aims to deliver a core overview of how an C&C can be deployed & what factors are required to undergo. 3. Understanding of Getting Admin Privileges & Compromising Third Party C&C’s for Exfiltration of Data When a vulnerability is known the next step is to exploit the particular loop hole & get the access or privilege to the domain or the targeted machine. For the specific this training aims to demonstrate the various techniques to compromise a server & gain access to critical data. 4. Understanding The Defensive Structure & Safe Guarding an Organisation Using Defensive Controls The key factor of an organisation is to secure itself from malicious threats which can be in any forum, after the risk assessment is carried of an critical infrastructure an organisation. The role of patch management & having brief overview of Configuration Review Check is being assisted in this training. 5. Understanding Brief overview of Different Advance Persistent Threat Groups & Activities The digital landscape has been frequently targeted by various threat actors from various nation state with targeted attacks of the critical sector including the defence, SCDA & government, in order to exfiltrate the critical information or collapse a major grid. This training also talks about such groups & their presence with their skillset & kind of Operation that they were deployed along with specific exploits & payloads used.
Details of The Trainings
1. The major part of the sessions includes Live Demos and Hands on Practical Experience. 2. The Training shall include a demonstration of a temporary lab environment which has to be configured before starting the trainings 3. The Trainer may provide with various other course tools, videos & pdf which can help escalating the knowledge 4. The Training will be demonstrated by two Individuals who will be assisting in the Operational & Setting up the work. 5. The Training shall broadly cover all the prime objectives focusing on Cyber Risk & Cyber Threat
Breakfast, Two-time tea/Coffee and Lunch Buffet will be served at the venue during the day.
CF Plus Members: ₹8900; Others: ₹9900