MAIN TOPICS

1.0 Methodology, Planning, and Threat Modeling

• Maximizing Value from Vulnerability Assessments and Programs
• Setting Up for Success at Scale: Enterprise Architecture and Strategy
• Developing Transformational Vulnerability Assessment Strategies
• Performing Enterprise Threat Modelling
• Generating Compounding Interest from Threat Intelligence and Avoiding Information Overload
• The Vulnerability Assessment Framework
• Overview of Comprehensive Network Scanning
• Compliance Standards and Information Security
• Team Operations and Collaboration

2.0 Discovery

• Active and Passive Reconnaissance
• Identification and Enumeration with DNS
• DNS Zone Speculation and Dictionary-Enabled Discovery
• Port Scanning
• Scanning Large-Scale Environments
• Commonplace Services
• Scanning the Network Perimeter and Engaging the DMZ
• Trade-offs: Speed, Efficiency, Accuracy, and Thoroughness
• Introduction to PowerShell

3.0 Enhanced Vulnerability Scanning and Automation

• Assigning a Confidence Value and Validating Exploitative Potential of Vulnerabilities
• Enhanced Vulnerability Scanning
• Risk Assessment Matrices and Rating Systems
• Quantitative Analysis Techniques Applied to Vulnerability Scoring
• Performing Tailored Risk Calculation to Drive Triage
• General Purpose vs. Application-Specific Vulnerability Scanning
• Tuning the Scanner to the Task, the Enterprise, and Tremendous Scale
• Scan Policies and Compliance Auditing
• Performing Vulnerability Discovery with Open-Source and Commercial Appliances
• Scanning with the Nmap Scripting Engine, Nexpose/InsightVM, and Acunetix
• The Windows Domain: Exchange, SharePoint, and Active Directory
• Testing for Insecure Cryptographic Implementations Including SSL
• Assessing VoIP Environments
• Discovering Vulnerabilities in the Enterprise Backbone: Active Directory, Exchange, and SharePoint
• Minimizing Supplemental Risk while Conducting Authenticated Scanning through Purposeful Application of Least Privilege
• Probing for Data Link Liability to Identify Hazards in Wireless Infrastructure, Switches, and VLANs
• Manual Vulnerability Discovery Automated to Attain Maximal Efficacy

4.0 Vulnerability Validation, Triage, and Data Management

• Recruiting Disparate Data Sources: Patches, Hotfixes, and Configurations
• Manual Vulnerability Validation Targeting Enterprise Infrastructure
• Converting Disparate Datasets into a Central, Normalized, and Relational Knowledge Base
• Managing Large Repositories of Vulnerability Data
• Querying the Vulnerability Knowledge Base
• Evaluating Vulnerability Risk in Custom and Unique Systems, including Web Applications
• Triage: Assessing the Relative Importance of Vulnerabilities Against Strategic Risk

5.0 Remediation and Reporting

• Domain Password Auditing
• Creating and Navigating Vulnerability Prioritization Schemes in Acheron
• Developing a Web of Network and Host Affiliations
• Modeling Account Relationships on Active Directory Forests
• Creating Effective Vulnerability Assessment Reports
• Transforming Triage Listing into the Vulnerability Remediation Plan