Course

Infosec Skills Challenge: June 2022 *RSA special edition*

    Syllabus

  • Sandworm APT Lab 2 Lab — 00:30:00
    • Sandworm APT is an advanced hacking group that has been active since at least 2009. Most famous for their attacks on Ukrainian electrical companies and the NotPetya attacks in 2016, they are a Russian-backed threat group. 

      In this lab we’ll take a look at and emulate some of the techniques that Sandworm has used in the past to compromise, pivot from, and destroy a server.

  • Common Attack Types – Insecure Direct Object Reference (IDOR) & Directory Traversal Lab — 00:30:00
    • This lab walks a user through an example of Insecure Direct Object Referencing and Directory Traversal

      Insecure direct object reference (IDOR) is a type of access control vulnerability that occurs when an application exposes a direct reference to an internal object. Finding an IDOR allows attackers to enumerate and extract other information.

      Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to access restricted directories on the server. The directories can contain anything from application code and credentials for back-end systems to sensitive operating system files. In case read and write permissions are not correctly set, attackers can modify the files and ultimately take full control of the server.

  • Cyber Threat Hunting – Finding Threats in .vmem Files Lab — 00:30:00
    • In this lab you will examine a vmem file for threats using volatility3, the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples.

Syllabus

Course description

Join us at RSA for an interactive session on threat hunting hosted by Keatron Evans ‚Äî then jump over to our June Challenge to put your own skills to the test! Start out by playing the role of an adversary and attempt to exploit two common vulnerabilities. Then, set out on your own cyber threat hunt by getting hands-on with volatility3 inside .vmem files. The third and final level will put you up against advanced adversarial tactics used by Sandworm APT! Don’t forget to share your certificate of completion on LinkedIn and tag our @Infosec profile for your chance to win a $100 Amazon gift card, Infosec hoodie and a free year of on-demand training with Infosec Skills!

Meet the author

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certification and skills training. We also empower all employees with security awareness training to stay cybersecure at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library