Audit & Pentest
Training Catalogue 2023
Knowledge is power
Awareness
Download training catalogAW 1.01 User awareness
 | N/A |
 | 2 Hours |
 | FR/EN |
Complex security measures can usually be foiled by attacking the weakest security link of your user information system. This training, based on demonstrations and concrete examples, aims to give good reflexes for users (social engineering, malicious code, social networks, mobile users, mobile equipment, MiTM type attacks, …).
AW 1.02 Developer awareness (OWASP Top 10)
| Programming knowledge (developers) |
| 1/2 Day |
| FR |
Discover the TOP 10 OWASP risks, tips and solutions to reduce them, as well as a series of examples and advice adapted to the languages used by your teams (Java, C, …).
AW 1.03 Darknet awareness
| N/A |
| 1 Day |
| FR/EN |
This one-day course will introduce you to the concepts of the Darknet and allow you to delve deeper into the darkest corners of the Internet. The aim is to help you improve your monitoring and proactive security skills. In particular, you will learn how to search and communicate on the TOR network, and how to assess the impact of a leak from a third-party company on your business.
Incident Response and Forensic Analysis
Download training catalogDFIR 1.01 – Incident policy management
| N/A |
| 1 Day |
| FR |
This course is ideal for embarking on the long journey of incident response, which is not just about acquiring the tools and techniques you'll need to use in the heat of the moment. Most of the process involves preparing in advance, and establishing procedures that you can rely on when the time comes. This half-day course is therefore an introduction to the concept of incident management, as well as the underlying best practices, norms and standards. It will enable you to lay the foundations of your defensive strategy from the point of view of preparedness.
DFIR 2.01 – Log management
| N/A |
| 1 Day |
| FR |
This one-day course covers the fundamentals of event logging on Windows and Linux, the different types of log, and the management and analysis of these logs. It is an ideal complement to the DFIR 1.01 training course, and aims to examine what needs to be logged and how, so that you can improve your ability to respond to security incidents.
DFIR 3.01 – Incident Response (Level 1)
| N/A |
| 1 Day |
| FR |
This intensive one-day course is designed to introduce you to the investigation methods and tools you can rely on in the event of a security incident. It will take you into the world of incident response and forensic analysis, covering the different scenarios for acquiring RAM and hard disks, then focusing on triage through live analysis, as well as in-depth investigation through offline analysis.
DFIR 3.02 – Incident Response (Level 2)
| DFIR 3.01 – Incident Response (Level 1) |
| 1 Day |
| FR |
This intensive one-day course expands on the content of DFIR 3.01 and introduces all the basic concepts you need to understand incident response and forensic analysis in a Windows environment. It covers advanced disk acquisition scenarios (such as FDE and SDD) and will enable you to delve into the heart of the NTFS file system in order to exploit its main metadata. You will also learn how to perform direct acquisitions of the operating system to extract valuable information from its many artefacts.
DFIR3.03 – Incident Response (Level 3)
| DFIR 3.02 – Incident Response (Level 2) |
| 1 Day |
| FR |
This intensive one-day course complements the DFIR 3.01 and DFIR 3.02 courses by covering the fundamentals of malware analysis on Windows. It aims to provide you with the methods and tools you need to carry out basic analyses, using both static and dynamic approaches. You will learn how to quickly assess the threat level of executable files and other Office documents.
Hacking
Download training catalogHA 1.01 Attacks on web applications part 1
| N/A |
| 1 Day |
| FR |
This course aims to prepare the participant to be able to test the security of a web application, but also to correct the most commonly encountered flaws. The methodology for analyzing a website is developed based on focusing first on identifying the systems and entry points, then on the exploitation of vulnerabilities such as SQL injections or Cross Site Scripting. This is above all a hands-on course where participants can exploit vulnerabilities discussed in order to fully understand how they work and thus best protect their own applications.
HA 1.02 Attacks on web applications part 2
| HA 1.01 Attacks on web applications part 1 |
| 1 Day |
| FR |
This course is a logical continuation of the course “HA 1.01 Attack of web applications part 1. It takes up certain concepts by pushing further to show that exploiting a flaw often allows not only to compromise an application, but in some cases, the entire infrastructure hosting it. The course analyzes server-side attacks, such as XML eXternal Entities Local File Inclusion or issues like weak encryption, as well as client-side attacks aimed at circumventing the “Same Origin Policy” of the browser.
HA 2.01 Attack windows environments with metasploit
| N/A |
| 1 Day |
| FR |
This training presents the characteristics of the Windows security model as well as the most common attacks against corporate environments. Demonstrations and exercises allow participants to better understand how these attacks work and how to protect these systems effectively.
HA 3.01 Mobile app attack
| N/A |
| 1 Day |
| FR |
This course aims to share experiences and knowledge in Android and iOS mobile application audits. This training presents processes and techniques helping a participant to prepare an environment ideal for assessing the security of an application. It presents several methodologies for testing, from local analysis to network traffic inspection. This course also provides several automation examples for tedious tasks that occur in the majority of mobile security audits (bypassing root/jailbreak detection or certificate pinning).
