Unveiling the Dark Side of Generative AI: Challenges and Mitigation Strategies

• Overview of Generative AI and its applications.
• Examples of AI-generated content.
• The potential impact of Generative AI.

• Ethical dilemmas posed by Generative AI.
• Real-world case studies highlighting societal consequences.
• The role of AI in amplifying bias and stereotypes.

• Recognizing bias in AI models.
• Strategies and techniques for measuring and mitigating bias.
• Promoting fairness in AI

• The connection between Generative AI and misinformation.
• Privacy concerns associated with AI-generated content.
• Techniques for privacy preservation.

• Responsible AI Practices and Mitigation Strategies
• Legal and regulatory considerations.
• Group discussion and brainstorming on mitigation strategies.

Web Application Penetration Testing

• Penetration Testing Process
• Introduction to Web Applications OWASP
• Cross Site Scripting
• SQL Injection
• Broken Access Control
• Other Attacks
• Broken Authentication

Mobile Application Penetration Testing

• Introduction to Mobile Application Security
• Android Architectures
• Device and Data Security
• Network Traffic
• Reversing APKs
• Static Application Analysis
• Dynamic Application Analysis
• OWASP MOBILE TOP 10

Pentesting AWS with Python

• Rule for pen-testing AWS
• Using AWS Boto3
• Enumerating Policies
• Enumerating AWS Resources
• Using Pacu
• Lambda Privilege Escalation
• Cloud Breach S3
• IAM Privilege Escalation
• EC2 SSRF

Automated Security Testing

• Introduction to ASVS 4.0
• Static Application Security Testing with SonarQube
• Dynamic Analysis Security Testing with Postman
• Dynamic Analysis Security Testing with OWASP ZAP
• Software Bill of Material(SBOM)
• Generating SBOM with Syft
• Vulnerability Scanning with Grype

Threat Modeling in Action

• Regulatory Compliance in Summary :
  • Scope identification and System Decomposition;
  • Threat identification;
  • Attack Modelling
• Security Design Principles
• Threat Modeling Methodology
• Define Business and Technical Scope
• Application Decomposition
• Vulnerability and Weakness Analysis
• Risk Handling

Adaptive Network-based Infrastructure Attacking

• TCP/IP Basics
• The Art of Port Scanning
• Brute-Forcing
• Metasploit Basics
• Target Enumeration
• Network Enumeration
• Windows Enumeration
• Post Exploitation: Dumping Secrets
• Hacking Third Party Applications (WordPress, Joomla, Drupal)
• Gaining Access Through Network Exploitation
• Escalation of Access
• Client-Side Attack
• Hacking Recent Unix Vulnerabilities
• Hacking Recent Windows Vulnerabilities
• Password Cracking
• External Network Footprinting
• Hacking Application Servers
• Vulnerability Identification
• Internal Network Attacks
• Gaining Situational Internal Awareness
• Impact Demonstration
• Internal Lateral Movement

Wireless Hacking and Security Assessment

• Wireless Network and IEEE 802.11
• Network Interaction
• Aircrack-ng Essentials
• Cracking WEP with Various Methods
• Cracking WPA/WPA2
• Optimize the Cracking Tools
• Real World Attacking Techniques

Cyber Security Forensics and Investigation

• Even and Incident
• Incident Handling
• Digital Forensics
• Integrating Digital Forensics into Cyber Incident Response
• Case Study
• Workshop
  • Digital Evidence Acqusition
  • Digital Evidence Analysis

All-In-One Cybersecurity

• Overview Cybersecurity Framework
• Understanding Cyber Attack
• Risk Management
• Data Protection and Privacy
• Infrastructure Security
• Cloud Security
• Application Security
• Mobile Application Security
• Incident Response and Handling

Cyber Attack Incident Responder for Technical

• Introduction of Cybersecurity Framework and Cyber Resilience
• Introduction of Incident Management
• Incident Handling Methodology
• Incident Response Preparation
• Incident Threats and Categories
• Workshop: Know your Enemy
• Incident Handling Case Study by Category
• Incident Handling Tools
• Workshop Incident Handling

How to be a Cyber Threat Hunter

• Overview Threat Hunting
• Threat Hunting Methodology
• Threat Exchange Source
• Threat Exchange Protocols
• MISP (Malware Information Sharing Platform) Implementation
• OSINT Tools
  • Search Engine (Google Hacking)
  • Search Engine (Shodan)
  • Darkweb Search Engine
• Host-Based Threat Hunting
• How to Apply IOC for Host-Based Scanning
• SCAP Protocol and Automate Vulnerability Detection
• Network-Based IOC (Indicator of Compromise)
• Microsoft Windows Event Log Analysis
• Network-Based Threat Hunting
• Malicious Code Activity
• Log Analysis (Splunk & Sysmon)
• Malware Analysis Techniques

SOC: Cybersecurity Threat Detection and Analysis

• Cybersecurity Threat and Attack Techniques>
• Overview SOC (Security Operation Center)
  • What is SOC?
  • Type of SOC
  • SOC Service Catalog
  • SOC Roles and Responsibility
  • SOC Architecture
• Incident Management Process
• Security Analyst Skills and Certification
• Intrusion Analysis Techniques
  • Log Analysis Concept
  • Basic Splunk Indexes
  • Basic Splunk Search and Query
  • Workshop: Log Analysis to Cyber Security Threats by Incident Category
  • Network Traffic Analysis Tools
  • Analyze and Drilldown Threats
• Use Case Development

Active Directory Attacks

• Extensive AD Enumeration
• Active Directory Trust Mapping and Abuse
• Privilege Escalation (User Hunting, Delegation Issues and More)
• Kerberos Attacks and Defense (Golden, Silver Ticket, Kerberoast and More)
• Abusing Cross Forest Trust (Lateral Movement Across Forest, PrivEsc and More)
• Attacking Azure Integration and Components
• Abusing SQL Server Trust in AD (Command Execution, Trust Abuse, Lateral Movement)
• Credentials Replay Attacks (Over-PTH, Token Replay etc.)
• Persistence (WMI, GPO, ACLs and More)
• Defenses (JEA, PAW, LAPS, Deception, App Whitelisting, Advanced Threat Analytics etc.)
• Bypassing Defenses

Malware Analysis Techniques

• Introduction to Malware Analysis
• Setting up Malware Analysis Lab and Environment
• Behavioral Analysis Overview
• Malware Static Analysis
• Malware Dynamic Analysis
• Memory Analysis
• Real World Malware Analysis
• Workshop: Ransomware Analysis

CyberOps Fundamental

• Security Policies and Procedures
• Network Attacks and Network Security Threats
• Network Security Solutions
• Network Security Monitoring
• Network Intrusion Analysis