Join us for Wild West Hackin’ Fest Deadwood virtual conference! Register Here

Workshop: Tactical Vulnerability Assessment with Matt Toussain

Course Authored by .

Workshop: Tactical Vulnerability Assessment with Matt Toussain

As cyber threats evolve, so must our defense strategies. This workshop offers streamlined, practical training on vulnerability assessment and management tailored for modern enterprises.

Course Length: 4 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: Content is loading, please wait.

Description

As cyber threats evolve, so must our defense strategies. This workshop offers streamlined, practical training on vulnerability assessment and management tailored for modern enterprises.

Covering key topics such as threat management, vulnerability assessment frameworks, and dynamic security programs, attendees will gain hands-on experience with industry-standard tools and methodologies.

This workshop is designed to be hands on in nature, incorporating multiple lab exercises focused on vulnerability discovery with tools such as Sirius Scan and Nuclei.

By the end of the workshop, participants will be equipped to engage with vulnerabilities at a tactical level. Attendees will discover system vulnerabilities through multiple mechanisms to include custom scanning and development of Nmap Scripting Engine, Sirius, and Nuclei scripts.

System Requirements
  • Student/Lab Requirements:
    •  All VMs and labs will be accessed through the training portal: training.opensecurity.com
    • VM access will be through a cloud hosted range environment that is accessible via the user’s browser

Syllabus

    • What is Vulnerability Assessment?

    • The Vulnerability Assessment Framework

    • Discovery
      • OSI Model discovery opportunity analysis
      • Network-based discovery
        • Sirius Scan
        • RunZero
      • Operational Technology (OT) discovery
        • Active vs Passive Discovery

        • Cloud discovery

            • Cloud presence scanning

                • SpiderfootHX and more

            • GitHub sensitive artifact scanning

    • Lab: Network and Cloud Discovery

    • Case Study: Hybrid-Cloud Ransomware Breach of a Operational Technology Software as a Service Vendor

    • Vulnerability Scanning
      • General-Purpose and Application-Specific Scanning
        • Sirius Scan
        • Nuclei
      • Lab: General-Purpose Vulnerability Scanning
      • Authenticated Scanning
        • Scan policy and account management
        • Privileged Access Management Integration
        • Agent-based scanning
          • EDR and endpoint agent scanners

        • Lab: Credentialed Scanning with Agents

    • Validation
      • Calculating risk
      • Understanding confidence metrics

        • Vulnerability Data Management Solutions
          • DefectDojo
          • Brinqa
          • ServiceNow

            • More

    • Lab: Enterprise Vulnerability Management with DefectDojo

    • Vulnerability Assessment to Vulnerability Management Cycle

    • Conclusions

FAQ

Who Should Attend/Prerequisites:
Vulnerability Assessors and Managers, IT System Administrators, Security Auditors, Compliance Professionals, Penetration Testers, Vulnerability Program Managers, Security Analysts, Security Architects, Senior Security Engineers, Technical Security Managers

As this is a lab-oriented, specialized, and technical course, functional knowledge of information security concepts, technology, and networking is highly recommended
Audience Skill Level:
Intermediate

About the Instructor

Pixel splash background
Matt Toussain Instructor
Matt Toussain
Bio

Matthew Toussain is the Founder and CIO of Open Security, an information security consulting firm specializing in end-to-end cybersecurity services. Matt served as the senior cyber tactics development lead for the U.S. Air Force and worked as a security analyst for Black Hills Information Security and CounterHack Challenges. As a former SANS instructor and current member of IANS faculty Matthew regularly delivers educational seminars to security practitioners around the world.

Related products

Shopping Cart

No products in the cart.