Course Overview:

This course engages students by providing in-depth knowledge of the most prominent and powerful attack vectors and an environment to perform these attacks in numerous hands-on scenarios. This course goes far beyond simple scanning for low-hanging fruit, and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of the attacks and the effectiveness.

Attendees to TN-989: Advanced Penetration Testing, Exploits, and Ethical Hacking course will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

  • Accessing the Network
  • Advanced Fuzzing Techniques
  • Advanced Stack Smashing
  • Attacking the Windows Domain – Enumeration
  • Attacking the Windows Domain – Restricted Desktops
  • Attacking the Windows Domain – The Attacks
  • Building a Metasploit Module
  • Crypto for Penetration Testers
  • Exploiting the Network
  • Fuzzing Introduction and Operation
  • Introduction to Memory and Dynamic Linux Memory
  • Introduction to Windows Exploitation
  • Manipulating the Network
  • Python and Scapy For Penetration Testers
  • Shellcode
  • Smashing the Stack
  • Windows Heap Overflow Introduction
  • Windows Overflows

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students


User: ryanv

Instructor comments: Great.

Facilities comments: N/A. Hotel.


User: sean.hollinger

Instructor comments: Instructor is technically knowledgeable as he has been on every course I've taken with TechNow.

Facilities comments: adequate


Liked the class?  Then let everyone know!

Course Overview:

This is an introductory course into the Python scripting language.  This class uses a hands-on approach in teaching the Python language.  This course builds the prerequisite skills for TechNow's P-345: Python for Pentration Testers course.  Getting comfortable with Python is important to understanding how Python can be utilitized for offensive measures.

This course is hands-on with the instructor walking the students through many short examples to exemplify an objective.  Dexterity with the language comes through many small code examples to produce the desired result.  Students have fun acquiring points for all the code examples they get correct.  We must be having fun because TechNow is always amazed at how competitive students are in trying to acquire the most points!  

The instructor will focus on the level that each student is currently at, and ensure the student absorbs the subject matter.  Programming is not a daily tasking of administrators or offensive operators and TechNow understands that.  As an instructor led course TechNow is very successful in making Python accessible to those who do not live eat and breath programming.  If a student's ultimate goal is to attend a course like TechNow's P-345: Python for Pentration Testers course, then not being bogged down in the Python language is critical, and this course (P-325: Python Programming) meets that objective.

Recently we have introduced Raspberry Pi's and multiple sensors to the P-325: Python Programming course.  This enables the student to actually see productive results from their coding skills in the physical world!  Some examples that students create programs for are: Motion detectors, distance, temperature, cameras and keypads.

Attendees to P-325: Python Programming will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • How Python Runs Programs
  • Introducing Python Object Types
    • Numeric Types
    • Dynamic Typing
  • Variables
  • Regular Expressions
  • Strings
  • Conditionals
    • if Tests and Syntax Rules
  • Lists and Dictionaries
  • Tuples and Files
  • Introducing Python Statements
  • Assignments, Expressions, and Prints
  • while and for Loops
  • Iterations and Comprehensions
  • Documentation
  • Function Basics
  • Built-In Functions
  • Scopes
  • Arguments
  • Modules
  • Module Packages and Importing
  • Classes and OOP
  • Operator Overloading
  • Recursion
  • Exception Coding Details
  • Exception Objects
  • Unicode and Byte Strings
  • Working with Raspberry Pi
    • Writing code for sensors

Prerequisites:

  • Experience with some form of programming is preferred

 

Comments

Latest comments from students


User: slewis8435

Instructor comments: Very good instructor - he was excited about the material, very knowledgeable, and explained things clearly.

Facilities comments: The facilities were fine - plenty of room for each student to set up an extra computer and have room for note taking


User: nathan.karras

Instructor comments: Instructor was extremely knowledgeable in programming and scripting. He encouraged students to explore and ask questions. He would work with individuals to troubleshoot lab problems sets. Would highly recommend as an instructor.

Facilities comments: Room got a little warn. Instructor purchased fans to cool things off for the class. Projector had over scan.


Liked the class?  Then let everyone know!

  

 

Course Overview: PA-213: Palo Alto Networks Firewall Install, Configure, and Manage (EDU-201) Training Class is a three-day course that teaches students to configure and manage the entire line of Palo Alto Networks next-generation firewalls. This course prepares the student for the Palo Alto Networks Accredited Configuration Engineer (ACE) and progress to the Palo Alto Networks Certified Network Security Engineer (PCNSE).  Through hands-on training, students learn high end skills of how to integrate Palo Alto next-generation firewalls into their network infrastructure.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.  TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.

This course sets up the foundation for the two day course PA-212: Palo Alto Networks Firewall Configure Extended Features. The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.

Attendees to the PA-213: Palo Alto Networks Firewall Install, Configure, and Manage (EDU-201) Training Course will receive TechNow approved course materials and expert instruction.

TechNow PA-212: Palo Alto Networks Firewall Configure Extended Features (EDU-205) immediately follows this course in the schedule so that you can take both courses in the same week.  We also offer a discount for attending both classes in the same week!!

Dates/Locations: No Events

Duration: 3 days

Course Objectives:   Students attending this foundational-level training course will gain an in-depth knowledge of how to configure and manage their Palo Alto Networks firewall, including hands-on experience in configuring the security, networking, threat prevention, logging, and reporting features of the Palo Alto Networks Operating System (PAN-OS).

Day 1

  • Module 0 – Introduction & Overview
  • Module 1 – Platforms and Architecture
    • Single-Pass Architecture
    • Flow Logic
  • Module 2 – Initial Configuration
    • Initial Access to the System
    • Configuration Management
    • Licensing and Software Updates
    • Account Administration
  • Mod 3: Basic Interface Configuration
    • Security Zones
      Layer 2, Layer 3, Virtual Wire, and Tap
    • Subinterfaces
    • DHCP
    • Virtual Routers
  • Mod 4: Security and NAT Policies
    • Security Policy Configuration
    • Policy Administration
    • NAT (source and destination)

Day 2

  • Mod 5: Basic App-ID™
    • App-ID Overview
    • Application Groups and Filters
  • Mod 6: Basic Content-ID™
    • Antivirus
    • Anti-spyware
    • Vulnerability
    • URL Filtering
  • Mod 7: File Blocking and WildFire™
    • File Blocking
    • WildFire
  • Mod 8: Decryption
    • Certificate Management
    • Outbound SSL Decryption
    • Inbound SSL Decryption

       

       

Day 3

  • Mod 9: Basic User-ID™
    • Enumerating Users
    • Mapping Users to IP Addresses
    • User-ID Agent
  • Mod 10: Site-to-Site VPNs
    • IPSec Tunnels
  • Mod 11: Management and Reporting
    • Dashboard
    • Basic Logging
    • Basic Reports
    • Panorama
  • Mod 12: Active/Passive High
    • Availability
    • Configuring Active/Passive HA

 

Prerequisites:

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students


Like the class?  Then let everyone know!

 

Course Overview:

TechNow Cloud Security Fundamentals addresses the loss of hands-on control of system, application, and data security in the Cloud computing environment.  Security teams wrestle with the impact and liability of Cloud computing on an organization.  This course enables the security team to assist in contract language and Service Level Agreements (SLAs) when utilizing Cloud Service Providers (CSPs).

Compliance and auditing are introduced with strategies for control verification and audit analysis in the CSP environment.  Software as a Service (SaaS) to Infrastructure as a Service (IaaS) and everything in between require a compliance strategy.  Students will go in-depth into the architecture and infrastructure fundamentals for private, public, and hybrid clouds.   Topics covered include: patch and configuration management, virtualization security, application security, and change management. Policy, risk assessment, and governance within cloud environments will be covered with recommendations for both internal policies and contract provisions to consider.

TechNow has worked worldwide enterprise infrastructures for over 20 years and has developed demos and labs to exemplify the techniques required to effectively manage security in the cloud environment.

Attendees to TN-913: Cloud Security Fundamentals will receive TechNow approved course materials and expert instruction.

Date/Locations:

Date/Time Event
11/12/2024 - 11/14/2024
08:30 -16:30
TN-913: Cloud Security Fundamentals
TechNow, Inc, San Antonio TX

Course Duration: 3 days

Course Objectives:

  • Cloud computing introduction
  • Security challenges in the cloud
  • Infrastructure security in the cloud
  • Policy, risk, and governance for cloud computing
  • Compliance and legal considerations
  • Audit and assessment for the cloud
  • Data security in the cloud
  • Identity and Access Management (IAM)
  • Disaster Recovery and Business Continuity Planning (DR/BCP) in the cloud
  • Intrusion detection and incident response

Course Prerequisites:

  • GSEC, CISSP, CASP or equivalent experience in managing enterprise infrastructures
  • Managing or administering at least one of UNIX, Windows, Databases, networking, or security

Comments

Latest comments from students


User: reedrobt

Instructor comments: Dave is like an encyclopedia of technical topics...what "doesn't" he have expertise in?

Facilities comments: Home2 location was well-kept and convenient to other services.


 

Liked the class?  Then let everyone know!

Course Overview:

This course is very hands-on with respect to SP 800-53 controls as related to ICD-503, leveraging experience with DCD 6/3, and incorporating a broad array of technologies found in the field.  Assessors and Auditors have to face many technologies that are not part of the main stream.  TechNow has gone to great efforts to build a very broad, comprehensive, and complex lab to simulate many scenarios and architectures.  Technologies such as a network appliance that is not a typical infrastructure product, a radio/satellite communications device, or many other technologies that build up a weapon system.  Students learn how controls are integrated into many different devices and how they fit in the overall security architecture of monitoring, reporting, and compliance testing.

Directly discussed are overlays for different requirements i.e.: tactical, medical, network type: JWICS, SIPR; IC or AF.  TechNow has developed a funnel concept to overlays to exemplify the encapsulation of a control within different requirements.  TechNow has over 15 years experience in Trusted Solaris/Trusted Extensions and labeled security.  Cross Domain overlays are presented that fits the work flow of an assesor.  PII overlays and any overlays that an organization uses and can be made available are also presented.  

This course allows the student to leverage years of experience in DoD DCD 6/34 for transition to the Risk Management Framework (RMF) applied to the Intelligence Community as mandated by ICD 503.  Utilizing NIST SP 800-37 to establish a baseline of RMF knowledge, the student learns how to integrate the NIST pubs to provide cohesive information assurance architectures and compliance.  ICD 503 scorecard evaluations are integral in demonstrating a successful ICD 503 compliance program.  TechNow's ICD 503 course provides students with the skill to assess security programs and evaluate ICD 503 compliance to build an improvement and sustainable program for score consistency.  TechNow's instructors have unparralleled expertise in federal compliance initiatives, and we bring this expertise instructing students on the complete life cycle of RMF.

More than a simple checklist, we instruct students not only how to validate essential security controls, programs, and metrics, but that they are operating effectively.  The student leaves the course knowing how to: identify gaps where controls, programs, or metrics are incomplete, missing or ineffective, and provide actionable findings and recommend remediation strategies.  Students learn to internalize NIST pubs to meaningul and effective IA guidelines and work with the Body of Evidence templates which include: Risk Assessment Report (RAR), Systems Security Plan (SSP), Security Assessment Report (SAR), and Plans of Action and Milestone (POAM).

TechNow training materials are aligned with the most recent set of National Institute of Standards and Technology (NIST), Committee on National Security Systems (CNSS), and Office of the Director of National Intelligence (ODNI) policies standards, processes, policies and instructions to be addressed/explained include ICD 503, ICS 503-1, ICS 500-16, ICS 500-18, ICS 500-27, ICD 502, NIST SP 800-37, NIST SP 800-30, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, NIST SP 800-47, CNSSP 22, CNSSI 1253, and CNSSI 4009.

A majority of time is spent on in-depth compliance review of NIST SP 800-53 controls.  Instruction discusses which method should be used to test and validate each security control and what evidence should be gathered.  This course is not theory or death by power point.  Real scenarios are presented as exercises.  A complete live cyber range simulating the IC is utilized for hands-on labs for techniques of validating and documenting compliance of NIST SP 800-53 controls as related to ICD 503.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Establish a baseline of RMF knowledge
  • Validate essential security controls, programs, and metrics
  • DoD DCD 6/3 to ICD 503 Transition
  • Lab Environtment and the Cyber Range
  • Overlays: Tactical, Medical, Network type(JWICS, SIPR; IC or AF), Cross Domain, PII
  • Risk Assessment Report (RAR)
  • Systems Security Plan (SSP)
  • Security Assessment Report (SAR)
  • Plans of Action and Milestone (POAM)

Prerequisites:

Experience in the field of auditing and assesments.

Comments

Latest comments from students


Liked the class?  Then let everyone know!