Participants will perform active and passive reconnaissance using Shodan and Netcraft to identify vulnerable assets over the Internet.
Passive operating system identification will also be conducted to identify public information which may lead to the compromise of websites.
VandaTheGod Case Study – Analysis of Government websites defaced.
Network Exploration and System Auditing with Nmap, RedHawk and Sparta
Explore the network topology and perform advanced information gathering with Nmap, configure various port scans and fingerprint devices and operating systems within the network.
Perform banner grabbing, Nmap scans, Geo-IP lookup and more using RedHawk.
Perform network enumeration, automated website auditing and vulnerability assessment using the open-source network infrastructure pen-testing GUI (graphical user interface) tool Sparta.
Participants will use Nessus and OpenVAS to perform remote vulnerability scanning to discover vulnerabilities, research CVE’s and create reports via the process of thorough self-inspection designed to identify potential crises before they occur.
Website Auditing using Nikto
Nikto automates the process of scanning web servers for out-of-date and unpatched software as well as searching for dangerous files that may reside on web servers. Participants will use one of the most popular automated and open-source web server and web application scanners to perform comprehensive assessments against over 6500 vulnerabilities.
Kali Nethunter and BYOD policies
Participants will be introduced to the mobile version of Kali Linux, which is a full and portable penetration testing platform specifically built for select Android devices. Discussions will focus on the importance of robust BYOD devices and the impact of such devices on the security posture within a network.
Participants should have Kali Linux 2019.2 or 2019.3 (as well as the following targets below) installed on a virtual machine.
Kali images for VMWare and VirtualBox can be downloaded here: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/
The BadStore_123 ISO can be download from here: https://download.vulnhub.com/badstore/BadStore_123s.iso
The LazySysAdmin VM can be downloaded from here: https://www.vulnhub.com/entry/lazysysadmin-1,205/
Participants can also install a Windows Operating system of their choice (Win 7 -10, Server) on a VM (if resources allow) or use their host machine as a target.
Earn 7 CPEs
About the Facilitator
Shiva V.N. Parasram is a Cyber Security professional with 13 years of experience in IT security and over 8 years in penetration testing and digital forensics investigations and training. Some of his qualifications include an MSc. in Network Security (Distinction), CCISO, CEH, CHFI, ECSA, CEI, CCNA, ACE, and NSE.
He has been the Director and CISO of his own company, the Computer Forensics and Security Institute (CFSI), since 2011, and has carried out investigations and pentesting for medium and large private companies in Trinidad and the Caribbean. As a Certified EC-Council Instructor (CEI), he has also trained many persons within the banking and private sectors, Government Ministries (regionally), and also members of various arms of the protective services in courses such as the Certified Network Defender, Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI) and the EC-Council Certified Security Analyst (ECSA).
Shiva is currently a consultant and cyber security trainer with Pure-ICT (Curacao) and has partnered with Fujitsu Caribbean to be their trainer for all staff in advanced Cyber Security courses (CEH, CHFI, ECSA and CCISO) with the goal of establishing thereafter a Regional Cyber Security Centre of Excellence with Fujitsu Caribbean (Trinidad and Jamaica) at the fore-front.
Within the past 3 years he has also authored 2 books for Packt Publishing, namely:
Digital Forensics with Kali Linux (https://www.amazon.com/Digital-Forensics-Kali-Linux-investigation/dp/1788625005/ref=sr_1_1?keywords=kali+forensics&qid=1566939481&s=books&sr=1-1 )
Kali Linux 2018: Assuring Security by Penetration Testing:
Prices for Cyber Threat Hunter - Bootcamp and other Training Week Topics