Our Security Training service line transfers our expertise in performing Attack Simulations exercises and Penetration Tests to your teams. We have structured our broad knowledge of vulnerabilities and technologies as well as our knowledge of threat actors into various Offensive Security courses. Those can be taken by nearly everyone including Security Enthusiasts, Developers, Penetration Tester or Red Teamers. Our Offensive Security courses are supplemented by tailored security awareness workshops which suite all levels of expertise.
Our Y-Security team has performed formal and informal trainings for years and shares their knowledge in a way that matches the audience’s level of experience. Trainings are instructor-led and performed hands-on to practically explore the world of Attack Simulations, Penetration Tests and more.
CHALLENGES
MAINTAIN KNOWLEDGE
Technologies and attack types have changed in complexity and functionality throughout the years which also changed the types of vulnerabilities that may arise.
DEFEND AGAINST THE UNKNOWN
Developers and IT employees can not defend against what they are not aware of. Training IT professionals is a fundamental part to be a step ahead in the game.
DIFFERENT LEVEL OF AWARENESS
Employees have different levels of security awareness and some are more likely to be part of a successful attack of a threat actor.
HOW WE CAN HELP
Our Team has delivered trainings and knowledge transfer for years and we provide a forum where attendees learn from experienced Attack Simulation specialists and Penetration Tester who have worked day-to-day on breaching security defences over the last decade.
RED TEAM 101 / 102
Get ready for our instructor-led Red Team trainings. Explore how Attack Simulations are performed and where the benefits are in having a good understanding of how threat actors act to gain access to crucial assets, information in your organization and bypass security controls. Learn up-to-date real world attacks in a hands-on way from our experienced consultants who performed Attack Simulations and Penetration Tests for years and remain on top of threat actors.
| Format: | 3 Days / 5 Days |
| Language: | English / German |
| When: | On Demand |
| Location: | Remote / Onsite |
| Skill Level: | Beginner / Intermediate |
In our Red Team 101 training you start from an external attacker’s perspective and work your way up into an organization’s network to access high value asset and ultimately compromise the full active directory. In our hands-on training, attendees follow through a variety of attack categories and learn about modern Attack Simulations which includes:
- MITRE ATT&CK® framework
- Common Red Team Toolkit
- Gaining initial access to an organization
- Establishing Command & Control channels
- Lateral Movement within the network
- Maintaining Access
- Bypassing Defenses
Our Red Team 102 training complements our Red Team 101 training and we focus on how sophisticated threat actor bypass security defenses, chain up vulnerabilities and perform lateral movement around the network without getting caught by the defense team. You start from an external attacker’s perspective and work your way up into an organization’s network to access high value asset and ultimately compromise the full active directory. In our hands-on training, attendees follow through a variety of attack categories and learn about modern Attack Simulations which includes:
- Topics of our Red Team 101 course in a nutshell
- Chaining vulnerabilities & Attacking Multi Factor Authentication Controls
- Bypassing Advanced Security Controls
- Active Directory Security & Practical Active Directory Attacks
Use gathered knowledge and new way of thinking in your day-to-day business to improve your organizations technical, physical or process-based security controls and procedures either by developing new threat scenarios or performing playbook exercises. After the training, attendees receive a free one-month access to the training environment comprising of multiple applications and systems that can be attacked to further proof their exploitation skills and strengthen learned material.
Are you ready to break out of your daily routine and discover something new today?
PENETRATION TEST 101 / 102
Get ready for our instructor-led Offensive Penetration Testing trainings. Explore how penetration testing is performed and where the benefits are in having a good understanding of how attackers build attack scenarios, identify common vulnerabilities in systems and exploit them to gain access to crucial assets and information. Learn real world attacks in a hands-on way from our experienced consultants who performed Penetration Tests and Attack Simulations for years.
| Format: | 3 Days / 5 Days |
| Language: | English / German |
| When: | On Demand |
| Location: | Remote / Onsite |
| Skill Level: | Beginner / Intermediate |
In our Penetration Test 101 course attendees learn how vulnerabilities in web applications and infrastructure components are identified and exploited to compromise the security state. Attendees gain insights into a largely manual approach which is combined with tools used to automate tasks for vulnerability identification and receive hands-on experience in including:
- Concepts of Penetration Testing
- OWASP Top10
- Introduction to Burp Suite
- Manual Web Application Penetration Testing
- Manual Infrastructure Scanning and Penetration Testing
Our Penetration Test 102 training complements our Penetration Test 101 training and we focus on performing more sophisticated attacks against applications. This course exceeds vulnerabilities discussed in OWASP Top10 and shows the big variety of vulnerabilities that exist in different technologies and application workflows. Attendees learn to build customised tools for pentesting applications and writing own tools to test unknown protocols and network services.
- Topics of our Penetration Test 101 course in a nutshell
- In-Depth usage of Burp Suite
- Handling unknown protocols and network services
- Webservice testing
- Working with multi-step applications
- Extend toolset with custom exploit code
Use gathered knowledge and new way of thinking in your day-to-day business to improve your organizations security posture, coding guidelines and threat modelling. After the training, attendees receive a free one-month access to the training environment comprising of multiple applications and systems that can be attacked to further proof their exploitation skills and strengthen learned material.
Are you ready to break out of your daily routine and discover something new today?
TAILORED
Get ready for your completely tailored training, presentation or workshop. With our training courses about Red Team and Penetration Test we have built a good base which fits for most who want to start in Offensive Security or want to level-up their existing skillset.
At Y-Security we have a broad knowledge of various vulnerabilities and testing methodologies and are ready to transfer that knowledge into your organisation by forming a new training course perfectly customized to your needs.
| Format: | Approximately 4 – 20+ Days |
| Language: | English / German |
| When: | On Demand |
| Location: | Remote / Onsite |
| Skill Level: | Beginner / Intermediate |
In out tailored approach for training we can build the training 100% for your needs. With a tailored training we will work with you to identify the current knowledge level and develop a training to close the skill gaps we have identified. The service is ideal to not only build something special for very skilled technical employees, but also for a wider, maybe non-technical team member.
As a non-complete list the following holds an example of trainings performed in the last years under this category:
- Phishing Awareness
- Tabletop Exercises
- Mobile Application Testing
- Reverse Engineering
- Building Capture the Flag (CTF) environments
- Privilege Escalation & Break Out
Are you ready to break out of your daily routine and discover something new today?
BENEFITS
LEARN FROM THE BESTS
Learn from experienced Attack Simulation specialists and Penetration Tester who have worked day-to-day on breaching security defences for the last decade.
ENHANCE YOUR CAPABILITIES
Increase knowledge about threats and vulnerabilities and use it to enhance guidelines of your development and IT team by identifying security gaps in your secure coding guidelines and threat models.
STAY UP-TO-DATE
Proof yourself in a realistic environment that matches up with common vulnerabilities as well as new threats and vulnerability types.