Ideal for teams that…
Application and infrastructure security — a workshop for technical teams.
How to create test environments for penetration testing (Kali Linux, DVWA, Metasploitable2)
How to detect and exploit web application vulnerabilities (SQLi, XSS, CSRF, LFI, RFI, Command Injection)
How to conduct attacks on WLAN networks (WEP, WPA/WPA2, WPS, Evil Twin, Rogue AP)
How to analyze and attack remote access services (VNC, SSH, Samba, RDP)
How to understand SSL/TLS weaknesses and perform Man-in-the-Middle attacks
How to exploit vulnerabilities in Windows systems and identify security gaps
How to implement basic defense mechanisms and incident response strategies
What we actually do
- · Introduction to vulnerable-by-design environments
- · Configuring Kali Linux as the main pentesting tool
- · DVWA (Damn Vulnerable Web Application) – testing web applications
- · Metasploitable / Metasploitable2 – environment for testing network services and exploits
- · OWASP – Open Web Application Security Project: mission, goals, Top 10
- · Path Traversal
- · Local File Inclusion (LFI)
- · Remote File Inclusion (RFI)
- · SQL Injection
- · Command Injection
- · Cross-Site Scripting (XSS)
- · Cookie manipulation & Session Hijacking
- · Brute-force attacks
- · Cross-Site Request Forgery (CSRF)
- · Vulnerabilities in file upload mechanisms
- · Introduction to wireless network security
- · Monitor mode – packet capturing
- · Attacks on protocols: WPS, WEP, WPA/WPA2
- · Offensive techniques: Wardriving, Evil Twin attack, Rogue Access Points
- · Samba – unauthorized access to resources
- · VNC remote access – session hijacking
- · SSH remote access – exploiting weak passwords or known exploits
- · Basics of SSL/TLS – purpose and functionality
- · Known SSL/TLS attacks: POODLE, SSL Stripping, FREAK, Lucky Thirteen, Raccoon, BEAST
- · Introduction to MITM
- · Tools: Bettercap, SSLStrip
- · Decrypting SSL/TLS – intercepting encrypted traffic
- · File History service vulnerability
- · Critical flaw in Microsoft Outlook
- · ZeroLogon – domain controller privilege escalation
- · Windows CryptoAPI Spoofing Vulnerability
- · Remote Desktop Gateway – RDP attacks over the internet
- · SAMBA vulnerability in Windows 7
- · Exploiting RDP services – remote desktop session takeover
From brief to retro in 30 days.
Brief & diagnosis
A call with the team lead + a short survey for participants. We define goals, gap and context.
Program customization
We adapt modules, case studies and code examples to your stack. Approval in 5 days.
Workshop
Trainer-led sessions, hands-on, code review. Mentor available between sessions too.
Retro + report
Outcome report for the team and lead. 30 days of consulting included.
Send a brief. We'll reply within 1 day.
After a short brief we'll prepare a program and a quote. No obligations — it's just a starting point.
Thank you!
We'll get back to you within 1 business day.
Other programs for teams
See all →AWS Cloud Security Training
Application and infrastructure security — a workshop for technical teams.
Azure Cloud Security Training
Application and infrastructure security — a workshop for technical teams.
Container Security Management Training
Application and infrastructure security — a workshop for technical teams.