Technical training
Cogiceo offers technical training. The training days are each made up of a total of around 3 hours of theoretical lessons and 3 hours of practical work. These courses address all of the classic vulnerabilities present in the professional world.
In order to follow the training, students need a simple computer. The trainer will provide a laboratory containing many virtual machines to carry out the practical work.
Our training courses allow you to acquire technical skills in security through practical workshops. During these sessions, students are responsible for attacking specific targets to learn how to defend better afterwards.
Secure system and network administration
The most common system and network vulnerabilities are explained during practical workshops. Prior system knowledge is strongly recommended to attend this training. Our trainers explain in particular cases of real exploitation of vulnerabilities encountered traditionally in internal company networks. A test environment is available for practical workshops.
Day 1
- Getting started with Kali distribution
- Linux commands 101
- System and network mapping
Day 2
- System and network mapping (continued)
- Collection of identifiers and bruteforce of accounts
- Finding and exploiting vulnerabilities
Day 3
- Finding and exploiting vulnerabilities (continued)
- Password hash collection and cracking
- Focus on the domain controller
Active Directory Security
This training allows trainees to set up a complex attack scenario for an Active Directory environment, including many successive steps. Throughout the training, many theoretical concepts (authentication mechanisms, password storage, approval relationships, etc.) will be detailed. From a simple network access to the total compromise of the domain, the trainees will grasp the vision of the attacker to better understand the security issues. At each stage of the scenario, the trainer will provide countermeasures and the means of detecting the attacks studied.
Day 1
- Presentation of the attack machine
- Access to the laboratory
- Presentation of the main tools
- Methodology of a penetration test
- Linux command reminders
- Network mapping techniques
- Anonymous listing, SID Translation
- NTLM Relay attack
Day 2
- Theoretical reminders on Active Directory
- Password cracking techniques
- Interception of network communications
- Bruteforce attacks
- Kerberoast attack
- Exploitation of system vulnerabilities
- Clear Password Search
Day 3
- Privilege escalation by software vulnerability
- Privilege escalation through bad configuration
- Pass The Hash attack
- Using Mimikatz
- Exploiting dangerous ACLs
- Exploiting delegated rights
- Exploiting trust relationships
Secure web development
In addition to being recognized technical experts, our trainers are also passionate teachers. Their field of experience allows them to conduct pragmatic training sessions enriched with anecdotes and representative exercises. Our trainers present the main common application security vulnerabilities, their consequences, and good development practices to avoid introducing these vulnerabilities. Practical work is carried out on machines in the laboratory.
Day 1
- Unverified redirects and referrals
- Using components with known vulnerabilities
- Cross-site request forgery (CSRF)
- Lack of access control at functional level
Day 2
- Exposure of sensitive data
- Incorrect security configuration
- Unsecured direct references to an object
- Cross-Site Scripting (XSS)
Day 3
- Violation of Authentication and Session Management
- Injection
- Web-shell and reverse-shell
- Tunneling
- Complex exercises