実際の攻撃者がサイバー攻撃をどのように行うのか疑問に思ったことはありませんか? BHPTは、オンデマンドラボを活用し、特定のホストを対象に攻撃者の立場で模擬ハッキングを行い、脆弱性を発見、攻撃、報告、対応する方法論を学ぶ実践中心の総合講義です。
受講生 760名
ペネトレーションテスト
ホストベースの模擬ハッキング
オフェンシブセキュリティの基礎
レッドチーム
/builder/23de526e-3a52-457d-bb5b-75ddd718cdf5/332385-2.png?w=960)
レドラクーンが提供する初めての実務ホストベースのモックハッキング講義BHPTは、最新のサイバーセキュリティ動向を反映し、オンデマンドの実践ラップ環境を活用し、モックハッキングに初めて接する学生に実務中心の実習機会を提供する総合講義です。
BHPT講義を通じ、生徒は攻撃者の視点で模擬ハッキングを経験し、脆弱性を発見、攻撃、報告、対応するオッペンシブセキュリティの基本的な方法論を学ぶことができます。
<script>alert(1)</script> - XSS 취약점 발견 - 就職時にWebとモバイルが重要だとして今日も一生懸命勉強しますが、それでもニュース記事を見るたびに気になることがあります。
攻撃者は、外部に公開されたWeb SSL VPNアプライアンスをゼロデイを介して攻撃し、内部ネットワークにアクセスします。
内部ネットワークからネットワーク分離が正しく行われていない銀行のSWIFTネットワークにアクセスして支払いを試みます。
XYカジノの内部ネットワークに浸透した後、仮想インフラストラクチャを担当していたvCenterサーバーにアクセスし、中にあった何百もの仮想マシンにランサムウェアを実行...
これらの攻撃はどのように起こるのでしょうか?実際、攻撃者はどのような心構え、方法論、命令、ツールを使ってサイバー攻撃を行うのでしょうか?どのように彼らの方法論を覗いて防御者として防げるのでしょうか。
スクリプトキディのPoint-and-Shootエクスプロイトキット攻撃から国家背後のアドバンストパーシスタントスリート(APT)グループまで、攻撃者が実行するすべての実際のサイバー攻撃にはホストベースの攻撃がデフォルトで実行されます。 CTFと破片的な模擬ハッキングを超えて、Opensive Securityの最も基本的で基本的なホストベースの攻撃の概念と方法論を実践中心に教えるBHPTを紹介します。
模擬ハッキングの全体的な方法論、概念、基礎の理解:
攻撃者が使用する基本的な戦略と方法論の深い理解を提供します。これにより、学生は攻撃者の視線からシステムを分析し、セキュリティの脆弱性を識別するスキルを習得します。
ホストベースのモックハッキングを実行するための基礎学習:
概念、命令、オペレーティングシステム、シェル使用法などを介してホストベースのモックハッキングを実行する基礎学習を通じて、実際のハッキングシナリオに備えた基礎スキルを向上させます。
実務経験ベースの模擬ハッキング方法論の理解:
実証済みの現職者の経験に基づいた方法論を学習し、実際の実務で適用可能な能力を育成します。
方法論に基づく模擬ハッキングの実行:
本講義で模擬ハッキング学習した方法論を活用し、様々なシナリオのオンデマンドラップを通じて実務に必要な技術を習得します。
成果物の作成と文書化:
模擬ハッキングの結果を効果的に文書化する方法を学びます。これは、実務における報告書作成能力を向上させ、今後の実務チームのコラボレーションにおいて効果を発揮する。
/builder/18cf5087-55e8-457f-8089-789b23e4db5b/BHPT-모듈1-개요 (1).png?w=960 "BHPT-モジュール1-概要(1).png")
/builder/836b9e52-1a86-423e-a41c-abaa892c660e/red-raccoon-img-1.png?w=960 "red-raccoon-img-1.png")
コミュニティディスコードですぐに実行可能
オンデマンド本番ラボ環境を提供
/builder/cad746a4-7167-4674-bc46-487da4909bc8/red-raccoon-img-2.png?w=960 "red-raccoon-img-2.png")
BHTP コミュニティを通じて
リアルタイムコミュニケーション
/builder/d8180fcd-6b2e-4fdf-9444-76f8c0426bee/red-raccoon-img-3.png?w=960 "red-raccoon-img-3.png")
実戦模擬ハッキング試験提供
/builder/8c9278e6-0c0f-480c-964a-1eca45f90db8/red-raccoon-img-4.png?w=960 "red-raccoon-img-4.png")
BHPT修了証の提供
学習対象は
誰でしょう?
模擬ハッキングの基礎について学びたい方
キーボードを直接叩きながら、模擬ハッキングを実習中心で学びたい方
Web/Mobile/Pwnable以外にホストベースの攻撃を学びたい方
オフェンシブセキュリティ(またはレッドチーム)の原則を理解したい方
ブルーチーム/開発者/システム管理者として、実際の攻撃者の手口を理解したい方
情報セキュリティ関連の進路を希望される方
1,086
受講生
95
受講レビュー
8
回答
4.9
講座評価
3
講座
레드라쿤은 사이버 보안 커뮤니티로, 사이버 보안 해킹 기술 강의 뿐만 아니라 사이버 보안 주제/팁/노하우 등을 공유합니다.
現 국내 대기업 레드팀 오퍼레이터 - 공격자 시뮬레이션, 침투 업무 수행
前 Fortune 100에서 미국 및 전세계 기업들을 상대로 내부망, 외부망, 웹 모의해킹 업무 수행
Defcon 30, Defcon 31에서 블루팀 워크샵 + 레드팀 워크샵 제작 및 진행
한국 최초의 오펜시브 시큐리티 오픈소스 위키피디아 운영 (레드팀.com)
Global CPTC(Collegiate Penetration Testing Competition) 2020 - 1등, 팀장
자격증: OSCP, CRTO, CRTL, EvilGinx2 피싱 마스터리 코스, Breaching the Cloud
現 선임 사이버 보안 엔지니어 & 사이버 보안 부트캠프 리드 강사
前 CrowdStrike 선임 사이버 보안 인텔 연구원
前 CyberCX MSSP SOC 팀장, 선임 모의 해커
블루팀, 레드팀, 인텔 연구원등 다양한 도메인에서 경력 보유
자격증: OSCP, CRTO, CREST, 보안 제품 벤더 자격증 (CrowdStrike, LogRhythm, Okta, Microsoft Security, Netskope등)
全体
111件 ∙ (17時間 10分)
講座資料(こうぎしりょう):
3. 講師陣の紹介 & 講義制作の背景
05:30
4. BHPT講義紹介
06:46
5. ホストベース模擬侵入の重要性
03:28
6. BHPTコミュニティ
06:30
7. 模擬ハッキングの現在と未来、そしてAI
07:54
8. 環境設定
06:52
9. BHPTラボの使い方
14:38
10. Kali Linux の設定
05:24
12. Linux実習環境の準備
03:49
13. Linux実習ボックスへのアクセス方法
01:50
14. Linux - システムコマンド
06:42
15. Linux - 読み取りコマンド
15:20
16. Linux - 書き込みコマンド
21:33
17. CHMOD パーミッション - 概念
05:31
20. Vimエディタの基本
08:31
21. 仕上げ - スクリプティング
08:43
22. ネットワーク必須概念 - Part 1
07:12
23. ネットワーク必須概念 - Part 2
03:02
24. ネットワーク最終攻撃シナリオ
03:45
25. ネットワークコマンド
06:59
27. Tmuxの使い方 1
06:25
28. Tmuxの使い方 2
08:07
29. ウィンドウの概念
11:12
30. Windows - 必須コマンド 1
10:19
31. Windows - 必須コマンド 2
07:59
32. Windows - 必須コマンド 3
09:12
34. 追加必須概念
09:41
全体
72件
5.0
72件の受講レビュー
受講レビュー 17
∙
平均評価 4.8
5
I have taken about 35% of the current lectures and will write a review and revise it after I finish it. Advantages: While I was self-studying through lectures or books on information security or development, the most difficult thing was not the difficulty of the concepts and knowledge, but the establishment of a practical environment. I can't say the name of the instructor here, but the level of the lecture is very high and it is a lecture that will never be available in Korea, but I was a little disappointed when I saw that dozens of people, including me, had a hard time establishing a practical environment, but this lecture seems good in that it understands such job seekers and allows anyone to easily use the environment created through Discord. Also, when I asked a question through Discord, they answered clearly, and even if I asked a question outside of the lecture, they explained it in detail as if it was a question related to the lecture. They usually answer questions related to the lecture, but for other things, they are not actually obligated to explain them, but it felt like they were explaining it in an easy way because I was worried that I wouldn't understand the explanation. Disadvantages: Rather than a disadvantage, it seems that the male instructor's communication skills are a little better than the female instructor's. Another thing I was disappointed about was that the field of mock hacking is not an easy field at all, and it involves a lot of knowledge, but the difficulty level of the course was beginner, so I was a little puzzled. But when I listened to it, it seemed like they quickly and superficially taught the prerequisite knowledge required for the mock hacking for 40% of the lecture, and then proceeded with practice based on that knowledge. Because I had focused on CS studies before studying hacking, the CS content learned in the lecture seemed a little shallow until hacking. Of course, since the lecture was made by experts who are obviously more experts than me, the intention was probably to get a feel for the lecture and then study the contents covered in the lecture in depth yourself. (In the actual lecture, they say that CS is a lifelong study.) But the lecture itself is not boring, the delivery is good, and it seems like a comfortable environment that allows you to focus on studying. I think it is one of the few lectures in Korea that is not boring. I will write an additional review after I finish it. Recommended for: Those with some basic knowledge + Those who want to experience mock hacking Not recommended for: Those who are sure about how to study + Those with a lot of basic knowledge -------------------------------------- Review after completing 99.09% of the lecture Oh, I was fooled I realized that the thoughts I had when I watched about half of the lecture were completely wrong. First, I thought you were talking about 10 lab machines for practice like mod3ex or mod3post But separately from that, there were 11 actual mock hacking lab machines (including those in the lecture) such as Hackerbox and Tryhackme I started wondering what this was, but it seems to be really helpful. At the beginning of the lecture, I thought it was a lecture for beginners because it covered basic contents such as Linux commands and usage, but the difficulty of the lab machine was higher than I thought, so I was surprised. LOL In fact, even when I didn't know about the existence of the lab machine, looking at the teaching ability, I didn't regret spending 200,000 won, but it was cheap.. I hope you buy it right away. On the other hand, it's a shame that this kind of person only appeared now.
Thank you for your review. Regarding the difficulty of Infraon, please understand that the introduction is set to beginner level for those who have no knowledge of security/IT. I will wait for additional reviews after completion. Thank you!
受講レビュー 5
∙
平均評価 5.0
5
Best lecture. Is there a practice machine? ______> o Does the instructor answer students' questions well? __________>o Is the lecture content practical? _______> o The content is
It seems like the content was cut off in the middle, but thank you so much for the course review! I will try harder.
受講レビュー 3
∙
平均評価 5.0
5
<Advantages> 1. A good environment for practice - You can quickly build a stable practice environment through Discord without the need for environment setup/setting issues that are always indispensable when studying IT. In particular, lectures that were filmed a long time ago are difficult to set up, but this lecture has no such problems at all. 2. Solid structure from basics to completion - They kindly explain everything from basic Linux commands to mock hacking report writing. Even those who are not familiar with Linux can easily take the lecture. (However, you will need to practice a lot to get used to the Linux shell environment, but I think you can learn even that quickly with redraccoon's raccoon city content.) - Those who already have some knowledge of web hacking or service hacking can organize it by following the flow of the lecture. In particular, they provide a guidebook in addition to the lecture, and if you do not have enough time to watch the video, the guidebook is detailed enough to follow the content just by following the guidebook. 3. Content not available on the market - In the case of Windows, there is no content related to vulnerability diagnosis on the market compared to Linux, but it is covered here, so it was good to study. 4. Various practice problems - You can practice various environments by creating 10 target machines and even doing self-tests. In particular, since it is a high-quality machine that can be solved in various ways rather than a general CTF, if you want to get a job related to mock hacking, you can write a mock hacking report and receive feedback. 5. Quick feedback - They give quick feedback through Discord. Although neither of them are in Korea, if you ask a question on Deco, you will get feedback so fast that you will wonder if they are in Korea. <Disadvantages> 1. Price - Considering the content of the lecture, it is not expensive at all, but it is not a price that you can just take a look at with a light heart. In my case, I decided to buy it after reading the table of contents, but I thought about it again after seeing the price. Of course, at this point, I do not regret buying it at all, and considering the content, it is really cheap. => Overall Review: This is a very high quality content, so if you are hesitant to buy it, I recommend eating a few less chickens and then buying it. ㅎㅎ
Thank you so much for your detailed and thoughtful course review! We are so grateful that you asked us many questions and that you are so passionate about studying more deeply. We will continue to make better lectures and updates. Thank you again!
For a lighthearted perspective, you can find a lot of great resources on the Red Raccoon YouTube channel or blog.
受講レビュー 1
∙
平均評価 5.0
5
24/02/14 I'll give you 5 stars first. I'll come back after listening to all the lectures~! 25/01/09 The best lecture for those who want to work in simulated penetration.
Thank you! Please come back with feedback after listening to the lecture! I'll be waiting :)
受講レビュー 3
∙
平均評価 5.0
5
I have seen many similar lectures on security, but My thoughts after watching Red Raccoon's lecture 1. It is the most updated 2. Answers questions and answers well 3. The explanations are readable and visible, so it is fun to watch 4. There are few difficult programs or specific programs, and it works well (Usually there are many, or when you install it, it doesn't work, so you have to find out how to use it) 5. Red Raccoon's unique lab (program) makes it easy to learn (At least from what I've seen from other lectures, the learning hurdle is lower than other lectures, and it's easy to learn by following along) 6. I feel a lot of consideration for beginners, especially since the guidebook contains almost all the necessary content, so it takes less time to look up terms and is easy to understand Conclusion: The educational content itself is detailed and easy to access, so it's easy for beginners to learn I'm not saying that other lectures are wrong, but I'm just picking out the strengths that I felt were unique to Red Raccoon's lectures.
Thank you so much for the detailed course review! I will come back again for better quality security lectures. Thank you.
¥24,288
知識共有者の他の講座を見てみましょう!
同じ分野の他の講座を見てみましょう!
