Duration
06 MonthsPlacement Support
100%Course Fee
Rs. 35,000/-Easy EMI
AvailableClass Mode
Online + Offline*Extra Benefits
FREE DataSpace Lab AccessThe Advance Pentesting Program by DataSpace Academy is specially designed for pentesting professionals who aspire to step up in their careers. It offers extensive training with hands-on exposure to critical tools and technologies related to Cybersecurity and Ethical Hacking, including Nikto, NMap, and HashCat. If you have already completed a course in the basics of pentesting, this course will help you to dive deep into the nuances of cybersecurity and master the essential skills needed to take your career to the next level
We are proud to express our support for the cybersecurity initiative by the Indian Government, with the help of Cyber Swachhta Kendra, Indian CERT, and Cyber Security Awareness programs. These initiatives emphasize on raising awareness and promoting safe internet practices. It pledges to promote and adhere to these practices as a responsible member of the digital community.
#IndianCERT # CyberSwachhtaKendra #DigitalIndia #CyberSecurityAwareness
Mobile Penetration Testing (OWASP Top 10, Burp Suite, Tools…)
Lab Setup using Android Emulator
Vulnerable apps and VM download
Android Application Pentesting basics
Using Apk-tool,dex2jar,JD-GUI to decompile apps and review the source code
Intercepting HTTP and HTTPS traffic
Insecure Data Storage vulnerabilities
Server side and client side vulnerabilities
Insecure logging
Exported Application components
Client side injection
Android application testing Advance
Introduction to frida
Root detection bypass using Objection
Insecure local data storage
Traffic analysis
Introduction to frida CLI
Introduction to SSL pinning
Bypassing SSL pinning using Frida
Introduction of SOC
What is Enterprise network
what is Defense in Depth
What is Log Parsing
Deep Dive into SOC Environment
What are SIEM deployment options
SIEM Architecture
Splunk Introduction
How to upload data to splunk
what is Splunk Field
Understanding web logs
How to Create Splunk Reports and Dashboard
How to install Splunk Forwarder in windows
Which are impotent Windows Event Codes
Scenarios for SMTP Profiling
DNS Profiling
HTTP traffic profiling
Roles and Responsibilities as a SOC analyst
XXE (XML External Entities)
Exploiting XXE using external entities to retrieve files
Exploiting XXE to perform SSRF attacks
Blind XXE with out-of-band interaction
Blind XXE with out-of-band interaction via XML parameter entities
Exploiting blind XXE to exfiltrate data using a malicious external DTD
Exploiting blind XXE to retrieve data via error messages
Exploiting XInclude to retrieve files
Exploiting XXE via image file upload
Exploiting XXE to retrieve data by repurposing a local DTD
Basic server-side template injection
Basic server-side template injection (code context)
Server-side template injection using documentation
Server-side template injection in an unknown language with a documented exploit
Server-side template injection with information disclosure via user-supplied objects
Server-side template injection in a sandboxed environment
Server-side template injection with a custom exploit
Manipulating Web Socket messages to exploit vulnerabilities
Manipulating the Web Socket handshake to exploit vulnerabilities
Cross-site Web Socket hijacking
Web cache poisoning with an unkeyed header
Web cache poisoning with an unkeyed cookie
Web cache poisoning with multiple headers
Targeted web cache poisoning using an unknown header
Web cache poisoning via an unkeyed query parameter
Parameter cloaking
Web cache poisoning via a fat GET request
URL normalization
Combining web cache poisoning vulnerabilities
Cache key injection
Internal cache poisoning
Modifying serialized objects
Modifying serialized data types
Using application functionality to exploit insecure deserialization
Arbitrary object injection in PHP
Exploiting Java deserialization with Apache Commons
Exploiting PHP deserialization with a pre-built gadget chain
Exploiting Ruby deserialization using a documented gadget chain
Developing a custom gadget chain for Java deserialization
Developing a custom gadget chain for PHP deserialization
Using PHAR deserialization to deploy a custom gadget chain
JWT authentication bypass via unverified signature
JWT authentication bypass via flawed signature verification
JWT authentication bypass via weak signing key
JWT authentication bypass via jwk header injection
JWT authentication bypass via jku header injection
JWT authentication bypass via kid header path traversal
JWT authentication bypass via algorithm confusion
JWT authentication bypass via algorithm confusion with no exposed key
Introduction to red team concepts and methodologies
Cyber kill chain
Initial vectors of compromise(Mitre ATT&CK framework)
C2 framework(Covenant and empire)
Cobalt Strike
Relevant Red team tools(Bloodhound,Mimikatz,Impacket,Powersploit)
Intermediate windows and linux commands
Process Injection
Lateral Movement
Port Forwarding
Adversary Emulation(APT3)
How web API works
Threat Modeling an API Test
THE ANATOMY OF WEB APIS
REST API Specifications
API Authentication
Information Disclosure
Broken Object Level Authorization
Broken User AuthenticationBroken User Authentication
Excessive Data Exposure
Lack of Resources and Rate Limiting
Broken Function Level Authorization
Mass Assignment
Security Misconfigurations
Injections
Improper Assets Management
Business Logic Vulnerabilities
Passive Recon
Active Recon
Endpoint Analysis
FUZZING
Automating Mass Assignment Attacks with Arjun and Burp Suite Intruder
Attacking GraphQL
Architecture, Discovery, and Recon at Scale
Attacking Identity Systems
Attacking and Abusing Cloud Services
Vulnerabilities in Cloud-Native Applications
Infrastructure Attacks and Red Teaming
Get one on one demo class with our industry expert trainers.
Book A Demo Class
Incident Responder, Cloud Security Engineer, Desktop Security Analyst, Security Consultant Security Auditor Firewall Engineer, Ethical Hacker, Storage Security Engineer, Security Test Engineer, Cyber Security Engineer, Cloud Security Engineer.
DataSpace Academy’s courses are the best deal that you can find in the market. Our Course Fees are structured keeping in mind all kinds of feasibilities for students and professionals.
+18% GST
Training & Mentorship
Flexible Schedule
Online Live Interactive Session
Recorded Session After the class
World Recognised Certificate
3 Months Internship Program after the course
Enroll your desired course and join DataSpace Academy in just few clicks!
Select your
desired course
from
our website
Enter your
details and
complete
the payment process
Select a batch for your first class
Soumya Jas is a Web Application Penetration Tester, Bug Bounty Hunter, Blockchain and Python Enthusiast. Additionally, he has an experience in playing CTF games on platforms like Portswigger and HackTheBox. While auditing and securing websites like eBluesoft (https://ebluesoft.com/) he discovered critical vulnerabilities and mitigated those vulnerabilities.
868 Students Taught
An AWS and CISCO certified IT expert with experience designing, deploying, and managing complex IT systems and infrastructure for clients of all sizes. He is specialize in AWS cloud solutions, CISCO network management, security, virtualization, and project management. With a degree in computer science and a passion for driving success, He deliver end-to-end solutions that meet my clients' unique needs.
2986 Students Taught
CEH Certified, Qualys Guard VM Certification 2019, DevSecOps Trained, DAST & SAST Handling client end to end from taking requirements till providing end report post-false-positive analysis of over 200 applications. Advance Knowledge of professional tools for Network, Source Code Analysis and Web Application Testing. Providing remediations to the clients for the vulnerable issues found during the auditing of the website & Coordinating with the development team for issues closure
209 Students Taught
Akshay comes with 11+ years of experience in security operations with multiple multinational enterprises associated with the cybersecurity domain. A seasoned cybersecurity expert, he holds hands-on experience in major security management platforms, including SIEM, EDR, SOAR, and LOG ANALYSIS platforms. His profound know-how in Incident Response, Use case creation, Investigation and Forensic, as well as Reporting and Documentation skills makes him a valuable trainer for DataSpace Academy. Akshay is well-versed in all crucial cybersecurity and ethical hacking tools, such as Splunk, Qradar, Microsoft sentinel, Crowd strike, Carbon Black, SentinelOne, Siemlify, Google Chronicle etc.
209 Students Taught
CEH certified, CCNA essentials, having knowledge in various areas of cybersecurity including Web application penetration testing and network penetration testing. Bug bounty hunter having reported several vulnerabilities in platforms such as Bugcrowd, HackerOne, Integriti and recognized by several organizations. Passionate about information security and cybersecurity in general and looking forward to learn and experience new security aspects in this field.
2986 Students Taught
Learn from Industry Experts with Years of Expertise in the related field.
Practice on Real Time Projects which can be showcased to future recruiters
Placement Support for successful completion of courses and certification
100% practical and lab-based classes (available online & offline)
Specially tailored Certification Course equipped with in-demand industry skills
The course comes with round-the-clock support for doubt-clearing session
The Advance Pentesting Course at Dataspace Academy is a game-changer! It takes you deep into the world of unethical hacking and gives you hands-on experience with real-world scenarios
I was blown away by the depth and complexity of the Advance pentesting course at Dataspace Academy. The instructors are experts in their field and the course content is top-notch. I learned so much and feel confident in my ability to tackle even the toughest security challenges
The Advance Pentesting course at Dataspace Academy is not for the faint of heart. It's a rigorous and challenging program that will push you to your limits. But if you're up for the challenge, you'll come out the other side with a whole new set of skills and a newfound respect for the world of cybersecurity
Have a 5-minute call with our experts to get your questions answered.
Prior knowledge about penetration testing is compulsory to signup for this course. We recommend our Penetration For Security Engineers course for beginners aspiring to take up the Advance course.
Yes, the course requires basic technical knowledge in penetration testing.
Yes, the program includes live project practice for hands-on training.
For details on seasonal discounts and special offers, please consult with our academic counselling team.
DataSpace Academy provides Internship opportunities and placement assistance based on the merit of the student on successful completion of the course.
This course will enrich learners with Advance knowledge of penetration testing. After completing the course, students can take up our Job Guarantee Program for a 100% placement guarantee.