Training Steering Committee (Inside NANO OPT Media, Inc.)
contact@f2ff.jp

Cyber Security

September 7, 2020(Mon) - September 8, 2020(Tue)Penetration testing for Basic Infrastructure
 - NotSoSecure -

Dates September 7, 2020(Mon) - September 8, 2020(Tue)
Time 09:00-17:00
Venue HEAT WAVE Seminar Room(KM Shinjuku Bld.) MAP
Capacity 30
Price
※Including lunch for 2 days
Early Bird Discount(Deadline: February 28, 2020(Fri)):¥210,000(+tax)
Price :¥250,000(+tax)

Course details

Claranet BIH-1.jpg

This class introduces the attendees with a wealth of hacking tools and techniques crucial in getting started in this dynamic field of hacking.
The class begins with laying a foundation for everyone by discussing the basic concepts and gradually builds up to the level where attendees not only use the tools and techniques to hack various components involved in infrastructure hacking, but also walk away with a solid understanding of the concepts on how these tools work and therefore ready to face the real world.

Class Outline

    Module 1
    Infrastructure Basics:
  • TCP/IP Basics
  • The Art of Port Scanning
  • Target Enumeration
  • Brute-Forcing
  • Metasploit Basics
  • Password Cracking

  • Module 2
    Hacking Unix, Databases and Applications:
  • Hacking Recent Unix Vulnerabilities
  • Hacking Databases
  • Hacking Application Servers
  • Hacking Third Party Applications (WordPress, Joomla, Drupal)

  • Module 3
    Hacking Windows:
  • Windows Enumeration
  • Hacking Recent Windows Vulnerabilities.
  • Hacking Third Party Software (Browser, PDF, Java)
  • Post Exploitation: Dumping Secrets
  • Hacking Windows Domains

Trainer

Anant Shrivastava
Anant.jpg[Background] An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra, Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.

[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.

[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.

[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.

◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting

◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack

◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec

◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017

Who Should Attend

  • Security enthusiasts
  • Anybody who wishes to make a career in this domain and have some knowledge of network and applications
  • System Administrators
  • SOC Analysts
  • Network Engineers
  • Penetration Testers who are wanting to level up their skills

Benefits

  • Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
  • Numerous scripts and tools will also be provided during the training, along with student hand-outs.
  • A certificate of attendance

Prerequisites

The only requirement for this class is that you must bring your own laptop and have admin/root access on it.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there.
We also provide a dedicated Kali VM to each attendee on the hacklab.
So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!

ContactTraining Steering Committee (Inside NANO OPT Media, Inc.)

03-6258-0590

September 9, 2020(Wed) - September 10, 2020(Thu)Advanced Infrastructure Hacking 2019 Edition
PART 2
 - NotSoSecure -

Dates September 9, 2020(Wed) - September 10, 2020(Thu)
Time 09:00-17:00
Venue HEAT WAVE Seminar Room(KM Shinjuku Bld.) MAP
Capacity 30
Price
※Including lunch for 2 days
Early Bird Discount(Deadline: February 28, 2020(Fri)):¥260,000(+tax)
Price :¥300,000(+tax)

Course details

Claranet AIH.jpgのサムネイル画像

Advanced Infrastructure Hacking class is designed for those who wish to push their knowledge.
Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities
in your environment, understanding advanced hacking techniques is critical.
This class teaches the audience a wealth of advanced penetration testing techniques, from the neat, to the new, to the ridiculous, to compromise modern Operating Systems, networking devices and Cloud environments.
From hacking Domain Controllers to local root, to VLAN Hopping, to VoIP Hacking, to compromising Cloud account keys, we have got everything covered.

Class Outline

    Module 6 : HACKING *NIX
  • Unix Exploitation
  • NFS Attacks
  • Shell Escapes
  • TTY hacks & SSH Tunneling
  • Exploiting *nix misconfigurations
  • Web Server Hacks
  • X11 Hacks
  • Privilege Escalation and credential harvesting
  • Module 7: Container Technologies (Docker & Kubernetes)
    Module 8: VPN Hacking
    Module 9: VoIP Hacking
    Module 10: VLAN Hacking
    Module 11: Cloud Pentesting

Trainer

Anant Shrivastava
Anant.jpg[Background] An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra, Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.

[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.

[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.

[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.

◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting

◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack

◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec

◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017

Who Should Attend

    System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
    While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed.
    Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.
    The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.

Benefits

  • Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
  • Numerous scripts and tools will also be provided during the training, along with student hand-outs.
  • A certificate of attendance

Prerequisites

The only requirement for this class is that you must bring your own laptop and have admin/root access on it.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there.
We also provide a dedicated Kali VM to each attendee on the hacklab.
So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!

ContactTraining Steering Committee (Inside NANO OPT Media, Inc.)

03-6258-0590

September 14, 2020(Mon) - September 15, 2020(Tue)Cloud Hacking【Sold out】
 - NotSoSecure - 

Application

Dates September 14, 2020(Mon) - September 15, 2020(Tue)
Time 09:00-17:00
Venue HEAT WAVE Seminar Room(KM Shinjuku Bld.) MAP
Capacity 30
Price
※Including lunch for 2 days
Early Bird Discount(Deadline: February 28, 2020(Fri)):¥210,000(+tax)
Price :¥250,000(+tax)

Course details

"SOLD OUT"
Whether you are an Architect, Developer, Penetration Tester, Security or DevOps Engineer or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques and how to protect yourself from them is critical.
This class covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pen test / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.

Class Outline

  • Introduction to Cloud Computing
  • Why cloud matters
  • How cloud security differs from conventional security
  • Types of cloud services
  • Legalities around attacking / pen testing cloud services.
  • Understanding the Attack Surfaces of various Cloud offerings, such as IaaS, PaaS, SaaS, FaaS
  • Exploiting serverless applications
  • Owning cloud machines
  • Attacking cloud services such as storage service or database services
  • Examples and case studies of various cloud hacks
  • Privilege escalation (horizontal and vertical) and pivoting techniques in cloud
  • Obtaining persistence in cloud
  • Exploiting dormant assets: Id's, services, resources groups, security groups and more
  • Cloud Infrastructure Defence
  • Monitoring and logging
  • Benchmarks
  • Auditing Cloud Infrastructure (Manual and automated approach)
  • Base Images / Golden Image auditing for Virtual Machine / Container Infrastructure
  • Preventive measures against cloud attacks
  • Host-based Defence
  • Using Cloud services to perform defence
  • Ending CTF to reinforce the learning


Trainer

Anant Shrivastava
Anant.jpg[Background] An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra, Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.

[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.

[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.

[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.

◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting

◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack

◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec

◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017

Who Should Attend

    System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
    While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed.
    Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.
    The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.

Benefits

  • Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
  • Numerous scripts and tools will also be provided during the training, along with student hand-outs.
  • A certificate of attendance

Prerequisites

Students must bring their own laptop and must either be able to launch a Docker Container provided by us, which includes all tools required for the class, or have root/admin access and be comfortable installing command line tools and downloading and building tools from source on GitHub, such as AWS CLI and Nimbostratus and more tools.

Application

ContactTraining Steering Committee (Inside NANO OPT Media, Inc.)

03-6258-0590

September 16, 2020(Wed) - September 17, 2020(Thu)Cloud Hacking【Sold out】
 - NotSoSecure -

Application

Dates September 16, 2020(Wed) - September 17, 2020(Thu)
Time 09:00-17:00
Venue HEAT WAVE Seminar Room(KM Shinjuku Bld.) MAP
Capacity 30
Price
Early Bird Discount(Deadline: November 29, 2019(Fri)):¥180,000(+tax)
Price :¥250,000(+tax)

Course details

"SOLD OUT"
Whether you are an Architect, Developer, Penetration Tester, Security or DevOps Engineer or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques and how to protect yourself from them is critical.
This class covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pen test / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.

Class Outline

  • Introduction to Cloud Computing
  • Why cloud matters
  • How cloud security differs from conventional security
  • Types of cloud services
  • Legalities around attacking / pen testing cloud services.
  • Understanding the Attack Surfaces of various Cloud offerings, such as IaaS, PaaS, SaaS, FaaS
  • Exploiting serverless applications
  • Owning cloud machines
  • Attacking cloud services such as storage service or database services
  • Examples and case studies of various cloud hacks
  • Privilege escalation (horizontal and vertical) and pivoting techniques in cloud
  • Obtaining persistence in cloud
  • Exploiting dormant assets: Id's, services, resources groups, security groups and more
  • Cloud Infrastructure Defence
  • Monitoring and logging
  • Benchmarks
  • Auditing Cloud Infrastructure (Manual and automated approach)
  • Base Images / Golden Image auditing for Virtual Machine / Container Infrastructure
  • Preventive measures against cloud attacks
  • Host-based Defence
  • Using Cloud services to perform defence
  • Ending CTF to reinforce the learning


Trainer

Anant Shrivastava
Anant.jpg[Background] An Engineering graduate from 2008, he has been working with computers and opensource software since 2000. He moderated a linux user group in Bhopal and was active in other major linux user groups across India during 2000-2008. He has worked with various corporates like TechMahindra, Infosys and PA Consulting before joining NotSoSecure. He has been running and maintaining the opensource project AndroidTamer since 2011. He is active with the information security community null, where he also mentors local talent as well as for the Offensive Web Testing Framework (OWTF). He is also an active contributor to the Open Web Application Security Project (OWASP) and reviews and contributes to various technical documentation, including Mobile Security Testing Guide, Mobile ASVS and Web Testing Guide.

[What he does for NSS]
Anant is responsible for NotSoSecure's entire operations in India and the technical aspects of the company's work. Managing the NotSoSecure team of Information Security specialists, he works primarily on client cases from the UK and the US with the delivery of technical work. He is also a lead trainer on NotSoSecure training courses and responsible for strategy and the general direction of the company moving forward. The key feature of his work is that he provides practical, effective solutions that allow clients to undertake their normal business operations in the most secure possible environment by establishing a holistic approach to security.

[What he likes about his work]
A computer and software specialist by nature, he is constantly stimulated by the technical environment of his work and the excellent working relationships he has established with his team of like-minded individuals. This allows him to manage a varied caseload of collaborative working and then come up with solutions to a wide range of security issues.

[In his own words]
Every day something new happens and your knowledge becomes outdated.
If you don't constantly keep your knowledge up-to-date, you're going to lose.
So if something is new, you need to say: "Let's learn about it" -- and put your best foot forward with as much capabilities as you can.
In this work, you need that willingness to go the extra mile.

◎Qualification
RHCE, SANS, GWAPT, KEY SKILLS, Infrastructure Pentesting, Web Application Pentesting, Mobile Pentesting

◎Conference
Blackhat, Nullcon, c0c0n, RootConf, ClubHack

◎Training
Blackhat (US/EU/Asia), Nullcon, c0c0n, RuxCon, DeepSec

◎Tool provided
Blackhat Arsenal (US/EU/Asia), Defcon, Demolabs 2017

Who Should Attend

    System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
    While prior pen testing experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial and a reasonable technical understanding of computers and networking in general is assumed.
    Some hands-on experience with tools commonly used by hackers, such as Nmap, NetCat, or Metasploit, will also be beneficial, although, less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class.
    The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.

Benefits

  • Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class.
  • Numerous scripts and tools will also be provided during the training, along with student hand-outs.
  • A certificate of attendance

Prerequisites

Students must bring their own laptop and must either be able to launch a Docker Container provided by us, which includes all tools required for the class, or have root/admin access and be comfortable installing command line tools and downloading and building tools from source on GitHub, such as AWS CLI and Nimbostratus and more tools.

Application

ContactTraining Steering Committee (Inside NANO OPT Media, Inc.)

03-6258-0590