Introduction to PCI (PCI 101)
OnlineThis course is designed to introduce IT professionals to the Payment Card Industry collection of standards as defined and enforced by the Payment Card Industry Security Standards Council. The first half of the course summarizes the structure and history of PCI, the primary standards documents, and the various certification programs for professionals. The second half of the course dives into a summary of the components of the PCI Data Security Standard (PCI DSS). This is a high-level, introductory summary designed to provide a general understanding of the requirements in the PCI DSS.
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Professionally Evil Application Security (PEAS): Unveiling Server-Side Discovery and Exploitation
OnlineWelcome to the world of application security, where you'll unravel the hidden flaws lurking within server-side portions of web applications. Join us for the second course in the Professionally Evil Application Security series.
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Getting Started in Packet Decoding
OnlineOne of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
OnlineThis course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API functionality, identify authentication and authorization flaws, and exploit common API vulnerabilities. You will also gain hands-on experience with tools and techniques for testing API authorization mechanisms and access control models.
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Getting Started in Packet Decoding
OnlineOne of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.
Professionally Evil Container Security (PECSEC) – Kubernetes Under Siege: Mastering Penetration Testing Techniques
OnlineIn this comprehensive training course, participants will gain a deep understanding of the vulnerabilities that could potentially exist within Kubernetes clusters. Learn to think like an attacker, discover ways to exploit security gaps, and understand how to penetrate various defense mechanisms. The course will introduce practical scenarios and hands-on exercises that simulate real-world attacks on Kubernetes, enabling participants to apply their learning immediately. Whether you are a DevOps engineer, a security professional, or just passionate about cybersecurity, this course will empower you with knowledge and skills needed to perform penetration testing in a Kubernetes environment.
Getting Started in Packet Decoding
OnlineOne of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.
Getting Started in Packet Decoding
OnlineOne of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Professionally Evil Application Security (PEAS): Mastering Client-Side Flaws and Exploitation
OnlineEmbark on the finale of our Professionally Evil Application Security series with our course, Mastering Client-Side Flaws and Exploitation. In this session, you'll uncover the secrets of client-side vulnerabilities and learn how to secure web applications against potential threats.
Introduction to Industrial Control Systems
OnlineInstructor: Ashley Van HoesenCourse Length: 4 Days, 16 Hours Course Description This comprehensive course is designed to deeply understand cybersecurity's key concepts, components, and role in modern industries. Whether you have minimal knowledge or experience in ICS, this course will equip you with the necessary skills to excel in this field. Through theoretical instruction and...
Professionally Evil CISSP Mentorship Program
OnlineISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career. To accomplish this, Secure Ideas has developed a mentorship program designed to provide the knowledge necessary to pass the certification, while working through the common body of knowledge (CBK) in a manner that encourages retention of the knowledge. The mentorship program is designed as a 10-week series of sessions along with various student support and communication methods. These work together to provide the student a solid foundation to not only help in passing the certification but to continue as a collection of information for everyday work. This class is set up to cover the 8 domains of the ISC2 CBK.
Introduction to Industrial Control Systems
OnlineInstructor: Ashley Van HoesenCourse Length: 4 Days, 16 Hours Course Description This comprehensive course is designed to deeply understand cybersecurity's key concepts, components, and role in modern industries. Whether you have minimal knowledge or experience in ICS, this course will equip you with the necessary skills to excel in this field. Through theoretical instruction and...
Practical Physical Exploitation
Tampa, FL Tampa, Florida, United StatesInstructor: Ralph May & Travis WeathersCourse Length: 3 Days, 24 Hours (please note, this is an in-person only class) Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation. Pricing: Location: Course Description Are you a seasoned penetration tester looking to learn how to perform physical security assessments or new to the industry...
Introduction to Industrial Control Systems
OnlineInstructor: Ashley Van HoesenCourse Length: 4 Days, 16 Hours Course Description This comprehensive course is designed to deeply understand cybersecurity's key concepts, components, and role in modern industries. Whether you have minimal knowledge or experience in ICS, this course will equip you with the necessary skills to excel in this field. Through theoretical instruction and...
Practical Physical Exploitation
Tampa, FL Tampa, Florida, United StatesInstructor: Ralph May & Travis WeathersCourse Length: 3 Days, 24 Hours (please note, this is an in-person only class) Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation. Pricing: Location: Course Description Are you a seasoned penetration tester looking to learn how to perform physical security assessments or new to the industry...
Introduction to Industrial Control Systems
OnlineInstructor: Ashley Van HoesenCourse Length: 4 Days, 16 Hours Course Description This comprehensive course is designed to deeply understand cybersecurity's key concepts, components, and role in modern industries. Whether you have minimal knowledge or experience in ICS, this course will equip you with the necessary skills to excel in this field. Through theoretical instruction and...
Practical Physical Exploitation
Tampa, FL Tampa, Florida, United StatesInstructor: Ralph May & Travis WeathersCourse Length: 3 Days, 24 Hours (please note, this is an in-person only class) Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation. Pricing: Location: Course Description Are you a seasoned penetration tester looking to learn how to perform physical security assessments or new to the industry...
Professionally Evil API Testing: GraphQL, SOAP, and REST Fundamentals and Techniques
OnlineAre you interested in learning how to test different types of APIs for quality and security? Do you want to dive into the essential skills and techniques for testing GraphQL, SOAP, and REST APIs? If so, this course is for you! In this course, you will learn the fundamentals of API testing, including what APIs are, how they work, and why they are important. You will also learn the differences between GraphQL, SOAP, and REST APIs, and how they affect the way you test them for flaws and vulnerabilities. You will gain hands-on experience with various tools and frameworks for API testing, such as Postman, SoapUI, and GraphQL Playground.
Professionally Evil Container Security (PECSEC) – Fortress Kubernetes: A Comprehensive Guide to Defending and Hardening Kubernetes Systems
OnlineThis training course aims to equip participants with the skills necessary to defend and harden Kubernetes systems effectively. The curriculum will cover best practices for Kubernetes security, from deploying secure configurations to hardening runtime environments. Learners will explore how to improve the security of their Kubernetes clusters, employ proactive defense mechanisms, and implement robust hardening measures to prevent unauthorized access. Through hands-on exercises, participants will gain practical knowledge to secure their Kubernetes deployments. This course is recommended for anyone involved in managing or securing Kubernetes infrastructures, as well as those interested in mastering Kubernetes security.
Antisyphon Snake Oil? Summit 2023
OnlineJoin us for the Antisyphon Snake Oil Summit, where we will embark on a journey through the intricate landscape of cybersecurity, demystifying over-hyped products and solutions that flood the market.
Intro to Offensive Tooling
OnlineThis hands-on course covers a variety of offensive tools, such as Nmap, Recon-ng, Metasploit, Proxychains, Responder, and many more. Through a series of practical labs, you will gain experience in using these tools to assess the security of systems and networks. In addition to learning how to use these tools effectively, you will also explore the ethical considerations surrounding offensive tooling, how to responsibly use these tools to protect sensitive information, and prevent cyber attacks.
Advanced Endpoint Investigations
OnlineFor most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data.
Advanced Network Threat Hunting
OnlineSo far we’ve had over 21,000 students attend our one-day network threat hunting course. Many have asked that we provide an extended class with more hands-on lab time. That is exactly what we have rolled into this 16-hour course!
Breaching the Cloud
OnlineThis training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.
Hacking Active Directory: Fundamentals and Techniques
OnlineThe majority of enterprise networks today are managed using Microsoft Active Directory and it is crucial for a security professional to understand the current threats to a modern Windows environment.
The course begins with an overview of Active Directory architecture and how it can be leveraged by attackers to gain access to critical assets. Participants will learn about the various attack vectors and methods used to compromise Active Directory, such as password attacks, service abuse and privilege escalation.
Incident Response Foundations
OnlineThe goal of this course is to provide the core components that make up a successful Incident Response program. Students will learn how to get started on their IR journey, what to prioritize, and why boring stuff like policies and procedures are just as important as technical digital forensics skills.
Introduction to Pentesting
OnlineIn this training course, we will examine the different types of penetration testing engagements and take a deep dive into establishing a repeatable testing methodology for executing quality tests. We will look at some tools of the trade to understand what they are doing under the hood, identify what separates a great finding from a good finding in reports, and really zero in on establishing your own methodology!
Introduction to Python
OnlineThis course aims to teach the fundamentals of the Python programming language such that a student will gain a beginning to intermediate level of competency with the language. Labs will be presented in a Capture the Flag (CTF) style format as well as some more comprehensive programming tasks.
Network Forensics and Incident Response
OnlineIncident responders are continually faced with the challenge of collecting and analyzing relevant event data—network communications is no exception. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts. From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.
Next Level OSINT
OnlineThe course progresses from basic to very advanced practical OSINT techniques that you can use in your investigative routine. No special software, operating system, or paid licenses are required. Bookmarks for all tools and websites used will be provided for quick access.
Ransomware Attack Simulation and Investigation for Blue Teamers
OnlineAs a cyber security defender and investigator, we often just get to analyze an environment that suffered a ransomware attack after the ransomware execution, where we are trying to make our way back in time to understand the scope and initial infection vectors of a breach. However, knowing how attackers operate and having an understanding of their tools can help tremendously to conduct a more effective analysis and response and ultimately lower the impact of such attacks. This is why in this workshop we will teach you how to perform the common steps of every phase in a ransomware attack scenario as the attacker, from initial infection to impact.
Security Defense and Detection TTX
OnlineSecurity Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.
x86_32 Assembly and Shellcode-Lab for Linux
OnlineExplore the world of Shellcoding designed for x86 architecture! This detailed course will introduce you to the basic principles of crafting low-level codes. Learn about the assembly language, gain fundamental insights into the process of writing shellcode. We will focus mostly on shellcoding, but also touch aspects of exploitation to offer a well-rounded understanding.
Intro to Offensive Tooling
OnlineThis hands-on course covers a variety of offensive tools, such as Nmap, Recon-ng, Metasploit, Proxychains, Responder, and many more. Through a series of practical labs, you will gain experience in using these tools to assess the security of systems and networks. In addition to learning how to use these tools effectively, you will also explore the ethical considerations surrounding offensive tooling, how to responsibly use these tools to protect sensitive information, and prevent cyber attacks.
Advanced Endpoint Investigations
OnlineFor most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data.
Advanced Network Threat Hunting
OnlineSo far we’ve had over 21,000 students attend our one-day network threat hunting course. Many have asked that we provide an extended class with more hands-on lab time. That is exactly what we have rolled into this 16-hour course!
Hacking Active Directory: Fundamentals and Techniques
OnlineThe majority of enterprise networks today are managed using Microsoft Active Directory and it is crucial for a security professional to understand the current threats to a modern Windows environment.
The course begins with an overview of Active Directory architecture and how it can be leveraged by attackers to gain access to critical assets. Participants will learn about the various attack vectors and methods used to compromise Active Directory, such as password attacks, service abuse and privilege escalation.
Breaching the Cloud
OnlineThis training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.
Incident Response Foundations
OnlineThe goal of this course is to provide the core components that make up a successful Incident Response program. Students will learn how to get started on their IR journey, what to prioritize, and why boring stuff like policies and procedures are just as important as technical digital forensics skills.
Introduction to Pentesting
OnlineIn this training course, we will examine the different types of penetration testing engagements and take a deep dive into establishing a repeatable testing methodology for executing quality tests. We will look at some tools of the trade to understand what they are doing under the hood, identify what separates a great finding from a good finding in reports, and really zero in on establishing your own methodology!
Introduction to Python
OnlineThis course aims to teach the fundamentals of the Python programming language such that a student will gain a beginning to intermediate level of competency with the language. Labs will be presented in a Capture the Flag (CTF) style format as well as some more comprehensive programming tasks.
Network Forensics and Incident Response
OnlineIncident responders are continually faced with the challenge of collecting and analyzing relevant event data—network communications is no exception. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts. From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.
Next Level OSINT
OnlineThe course progresses from basic to very advanced practical OSINT techniques that you can use in your investigative routine. No special software, operating system, or paid licenses are required. Bookmarks for all tools and websites used will be provided for quick access.
Ransomware Attack Simulation and Investigation for Blue Teamers
OnlineAs a cyber security defender and investigator, we often just get to analyze an environment that suffered a ransomware attack after the ransomware execution, where we are trying to make our way back in time to understand the scope and initial infection vectors of a breach. However, knowing how attackers operate and having an understanding of their tools can help tremendously to conduct a more effective analysis and response and ultimately lower the impact of such attacks. This is why in this workshop we will teach you how to perform the common steps of every phase in a ransomware attack scenario as the attacker, from initial infection to impact.
Security Defense and Detection TTX
OnlineSecurity Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.
x86_32 Assembly and Shellcode-Lab for Linux
OnlineExplore the world of Shellcoding designed for x86 architecture! This detailed course will introduce you to the basic principles of crafting low-level codes. Learn about the assembly language, gain fundamental insights into the process of writing shellcode. We will focus mostly on shellcoding, but also touch aspects of exploitation to offer a well-rounded understanding.