Specialist Security Training
Threat Intelligence are experts in the area of threat and risk management, and run world-renowned training courses, that are supported by their ground breaking security research and vast amount of specialist security experience across a range of industries.

Threat Intelligence is the only company in Australia to be invited to run training at the esteemed Black Hat USA Security Conference in Las Vegas.

Specialist Security Training Descriptions

The Shellcode Lab gives students a base understanding and practical experience to develop simple shellcode. The complexity is then increased to more useful shellcode such as command execution, dynamic Windows shellcode, setting up backdoor listeners using sockets, shellcode networking to remotely gain a command shell, and egg hunter shellcode to search through memory for our payload. All of this is done whilst holding your hand so that you don't miss a beat. Students will also learn about staged-loading shellcode to bypass security controls such as firewalls and authenticated proxies, and kernel level shellcode to perform privilege escalation.

Students are taught how to encode their shellcode using the Metasploit Exploit Framework (MSF), and insert it into exploits that will be used to show that their shellcode was successfully executed. They will learn how to use MSF to generate shellcode for a variety of platforms, as well as how to integrate their shellcode into MSF so that it is available to all Metasploit exploits.

The popularity of this course is growing exponentially for companies who have their internally developed web applications tested by their QA team.

This is because this course enables the QA team to perform basic security testing to identify “low hanging” vulnerabilities.

This increases the effectiveness of your QA team, increases the security of your web applications, and increases the value of penetration testing since the specialists can then focus on identifying the more advanced attacks.

Web applications are a primary avenue that hackers exploit to break into organisations’ applications and internal systems to steal corporate data.

It is critical that developers understand how to write code that proactively protects the organisation from attacks.

This course provides developers with not only a clear understanding of web application attacks and risk mitigation techniques, but also provides them with hands on practical experience in testing their code.
This enables them to identify and fix a wide range of vulnerabilities in their code.

Web applications are a primary avenue that hackers exploit to break into organisations’ applications and internal systems to steal corporate data.

It is fast becoming a crucial security skill to be able to perform penetration testing of your corporate web applications to identify critical risks to the business.

This course teaches students:

• The concepts for each of the wide range of web application vulnerabilities,
• The impact of successful exploitation of each of these vulnerabilities,
• How to identify and exploit web application vulnerabilities using a series of hands on web application penetration testing labs, and
• How to fix the vulnerabilities to ensure that mitigation controls are also understood.

Mobile apps have become a key part of corporate strategies in recent years. This also means that experience in developing secure mobile apps and secure mobile web services is lacking. This leads to critical vulnerabilities being introduced into your organisation.

This course provides students with not only a clear understanding of mobile app vulnerabilities and mobile web service vulnerabilities, but also provides them with hands on practical experience in exploiting mobile vulnerabilities on iPhone/iPad and Android. This enables them to identify a wide range of vulnerabilities in their code, allowing these vulnerabilities to then be mitigated by the mobile developers.

Many architects do not understand the vast range of attacks that can be performed against the infrastructure, systems and applications contained within their proposed architectures.

This means that the attacks are not properly mitigated, which increases the risk to the organisation. In the current threat landscape, and the evolving global threat environment, organisations need to ensure that their architecture is designed to proactively deter threats and minimise the risk of suffering a security breach.

This is especially the case for companies who develop cloud architectures, either for their own organisation or for third party organisations.

This course takes a brand new approach in teaching secure architecture design. Most students who take this course already have some experience in designing architectures; however, this course teaches them the range of attacks that will be performed against their architecture, and how they need to design their architecture to mitigate these threats and risks.

What do you think a remote attacker or a rogue employee could do with access to your internal corporate network? They are able to take over all of your corporate systems within a day. These types of attacks can have devastating consequences for an organisation, with extreme cases leading to the company folding.

This course teaches students the concepts around the variety of internal attack techniques and how to perform these attacks so that they have a clear understanding of the attack vectors and risks within internal corporate networks. These attacks include system and user identification, online brute force attacks, vulnerability identification, system exploitation, ARP cache poisoning, rainbow tables password cracking, through to advanced attacks such as token impersonation and pivoting through compromised hosts.

Threat Intelligence has utilised their unique "Intelligence Engine", initially developed for our Threat Analytics product, to develop a brand new "Cyber Threat Intelligence Training” course.

Intelligence security services are fast becoming critical for organisations to stay on top of the latest threats and risks that are present on the Internet. This course brings this intelligence to your team to ensure that you are prepared for real-world cyber-attacks.

This course is aimed at bringing your team up to speed with the latest attacks that are occurring around the world, how these attacks are carried out, and how to protect yourself from becoming a front page news story due to a security breach.

Wireless networks have always been a risky implementation within corporate environments because they extend your corporate network outside of your physical walls. This means that wireless networks are an attractive target for attackers.

Understanding the different types of wireless attacks allows you to test your organisation’s wireless security to identify risks so that they can be mitigated appropriately.

This course teaches students about the different types of wireless networks that are commonly used, the attacks that can be performed against each type of wireless network implementation, and practical hands on labs to actually break into these wireless networks to gain unauthorised access to systems and data.

Red Teams are typically a group of penetration testers whose ultimate aim is to compromise the organisation using whatever means necessary.

This course is designed specifically to teach Red Team members a range of effective attack and exploitation techniques using a simulated corporate environment. This environment contains a number of flags that must be captured by the Red Team by compromising networks, systems and applications.

This training course is 100% practical since it is aimed at providing Red Team members with guided real-world attack scenarios designed to increase their skills and experience in breaching corporate environments using a range of attack techniques across a range of platforms and operating systems.

A highly successful attack technique to compromise your corporate environment is through a Phishing or social engineering attack against your employees. This attack technique has a 99% success rate in capturing corporate usernames, passwords, and even remote access to the corporate network, systems and data.

In the current threat environment, it is crucial that organisations perform security awareness training for all of your employees. This ensures that attacks can be identified by more people, which will ultimately reduce the risk of your organisation being compromised.

This course is designed to teach your employees simple ways to identify a variety of suspicious activities via email, phone calls, and in person. It also teaches them what actions they need to take in order to escalate the suspicious activity to the appropriate people for analysis and preventative actions.

Threat Intelligence is regularly approached to perform security and hacking presentations and demonstrations for not only conferences around the world, but also for corporate events.

Threat Intelligence is also approached to write feature blogs and articles on security and hacking topics as a part of a larger marketing campaign.

Your event may be a product launch, a vendor event, a team building day, or for awareness during specific weeks such as “Privacy Awareness Week” or “Cyber Security Awareness Week”.

If you are interested in skilling up your team so that they can protect your company effectively, then Contact Threat Intelligence for more information.