YOUR UNIQUE PARTNER FOR
Highly skilled employees are the key factor in the availability, reliability and productivity of modern IT infrastructures. In this context, a complete and continuous training program is the guarantee of the sustainability of a company.
IN1.01 - Fortinet (Fortigate)
Deployment and administration of Fortinet FortiGate equipment. This course provides a foundation for Fortinet First Level Certification: Fortinet Certified Network Security Administrator (FCNSA).
IN1.02 - Fortinet avanced
This course introduces some of the advanced features of Fortinet’s FortiGate equipment. This hands-on course focuses on areas such as IPSec, Advanced Routing (Dynamic), IPv6, HA.
IN2.01 - Security Linux 1
Based on the GNU / Linux distributions of the RedHat and Debian families. The objective of this training is to present an overview of existing security techniques, best practices and evolutions of these in these two categories of Linux OS. The use of SELinux and other Mandatory Access Control (MAC) subsystems is quickly overflowed, with a focus on traditional tools and systemd.
IN2.02 - Security Linux 2
Based on the CentOS7 distribution (derived from RedHat). This training presents the operation and use of the SELinux targeted mode, including the creation and use of custom policies. The use of cgroups and LXC containers is also covered, as well as the blocking of access by firewalling. A quick overview presents the SELinux mls mode and its objectives.
IN3.01 - Microsoft PKI
This course presents the basics of setting up a PKI infrastructure in a Microsoft Windows environment. After reviewing the basics of certificates, the training will focus on the configuration and the use of a PKI through several concrete cases (Setting up a PKI, the generation of certificates, client authentication and machine, administration, …). The practice will not be forgotten with demonstrations and exercises in virtualized environments to illustrate the whole thing.
HA1.01 - Attack of Web Applications 1
The purpose of this course is to prepare the participant not only to test the security of a Web application, but also to correct the most common flaws.The methodology of analyzing a website is developed by focusing first on the identification of systems and entry points, then on the exploitation of breaches like SQL injections or Cross-Site Scripting.
HA1.02 - Attack of Web Applications 2
This course is a logical continuation of HA1.01.It takes some concepts and pushes them further to show that exploiting a vulnerability often not only compromises an application, but in some cases the entire infrastructure hosting it.The course analyzes both server-side attacks, such as XML eXternal Entities, Local File Inclusion, or other weak encryption issues, as well as client-side attacks to bypass the browser’s “Same Origin Policy”.
HA2.01 - Attack of Windows environments
This course presents the features of the Windows system security model as well as the most common attacks against enterprise environments. Demonstrations and exercises allow participants to better understand how these attacks work and – by extension – how to protect them effectively.
HA3.01 - Exploitation of memory corruptions (Linux)
This training addresses memory corruption flaws in native Linux-based programs.After a review of the basics of the x86 assembler and introduction to the structure of programs in memory, participants will learn how to create their own shellcode and then exploit the traditional vulnerabilities (buffer overflows, heap overflows, use-after-free, …).The modern protection measures (ASLR / PIE, NX, SSP, RELRO, x64 …) are introduced gradually, as well as the means of circumvention such as Return Oriented Programming.
HA4.01 - Advanced use of Metasploit
This training covers the bases of Metasploit to quickly pass on the more advanced (but sometimes unknown) techniques of this framework. Learn how to build HTTP and HTTPS payloads, evade antivirus and bypass proxy authentication. Use meterpreter to rotate through a machine, use Metasploit as a proxy server and many more features.
FOR1.01 - incident Response 1
This training aims to present methods and tools to be used to investigate a security incident. Covered topics includes the acquisition of hard disks, retrieval of information, creation of chronologies of events. This intensive training is mainly practical with many labs based on free tools. It introduces all the basics needed to understand the forensic of Windows systems.
FOR1.02 - Incident Response 2
This training aims to present methods and tools to be used to investigate a security incident. It follows the Level 1 training and discusses advanced techniques such as resuscitation of Windows systems from hard disk images and RAM analysis. This intensive training is mainly practical with many labs based on free and commercial tools.It focuses on comprehensive case studies and a professional forensic approach to Windows systems.
FOR2.01 - Incident management policy
Incident response is not just about tools and techniques. A large part is realized upstream by preparing the procedures and knowing the actions to realize. The aim of this training is to present best practices regarding incident management as well as recommendations for different scenarios.
AW1.01 - Users Awareness
The most complex security measures can usually be foiled by attacking the weakest link in the security of your information system: the user. This training, based on demonstrations and concrete examples, aims to give good reflexes to users. The content of the training can be adapted to match your expectations: social engineering, malicious code, social networking, mobile users, mobile devices, MiTM attacks, etc …
AW1.02 - Developer Awareness (OWASP TOP 10)
Discover the TOP10 of OWASP risks, tips and solutions to reduce them.