Advanced Mentoring
Face-to-face mentoring sessions for those working towards a CSTL Infrastructure or Web App assessment
Available sessions (updated regularly):
3rd – 5th March – Advanced Infrastructure Hacking (Remote)
7th – 9th April – Advanced Web App Hacking (Remote)
These intensive mentoring sessions take place over three days either fully remotely or in our assessment centre in central Cheltenham (we alternate between remote and in-person dates).
Dates are available for both Web Application and Infrastructure pathways, however senior testers are welcome to choose either date as there is ample opportunity to engage with the trainer and fill individual knowledge gaps.
What is ‘Advanced Hacking’?
Advanced Hacking for INF and Web App: a series of mentoring sessions with a trainer experienced in all aspects of these exceptionally high standards of penetration testing. The aim of the sessions is to consolidate knowledge and skills, highlight any gaps that might affect subsequent assessment, and create a clear roadmap with the eventual aim of becoming an exceptional, top-tier practitioner.
Applicants should have a minimum of two years of experience as a practitioner before applying, as these sessions are more intensive than a training course; they enable candidates to understand how to fill any gaps in knowledge or practical skills. The aim isn’t to pass any particular accreditation; however, many may use the opportunity to work on any identified shortfalls while working towards their next assessment. In essence we offer candidates the support to move from practitioner level to advanced practitioner level, or to revisit areas of knowledge that may have been lost if the candidate has been an advanced practitioner for some time.
What is an advanced practitioner vs a practitioner?
An advanced practitioner will themselves be a mentor to the practitioners they work with, overseeing engagements and leading teams. They will be a source of knowledge which has been gained through experience. An advanced practitioner will be able to clearly communicate with the commissioning client and deal with issues around risk, unforeseen events, and complex IT systems. An advanced practitioner will set an example to the practitioners and uphold the ethics and principles around security testing.
Three days of Mentoring: Choose between Infrastructure and Application pathways
Each day will start with a series of group discussions around the skills and knowledge required by an advanced practitioner. This will be followed by a varied range of workshops around the issues discussed.
Content will vary from session to session, based on the skills and knowledge of who is attending and following the topics outlined below. Collaboration and interaction between attendees is encouraged.
Some example topics for the two specialisms are listed below, purely as a guide:
Infrastructure
- The basics revisited – low hanging fruit (protocols and enumeration)
- Pivoting and tunnelling
- Reporting and wash up meetings
- Scoping, risk, and the laws according to testers
- Managing a team
- Advanced exploitation
- Privilege escalation
- Enumerating compromised devices
- Remediation advice
- Tools and techniques
Web Application
- The methodology of an application test.
- How to get the most out the plethora of tools available.
- How to exploit the most common application vulnerabilities.
- Exploiting databases through application vulnerabilities.
- Session tokens and exploitation of session tokens.
- API (Application Programming Interface) enumeration.
- Decoding and encoding of data.
- Java serialisation vulnerability exploitation.
- Injection vulnerabilities such as XXE, SQL and no SQL.
- OWASP top ten exploitation and beyond.
- Practical applications to test your skills against.
Why choose The Cyber Scheme?
Our trainers and assessors have many years’ experience in creating, developing, and running comprehensive exams aimed at skilled pen testers. We are however concerned that candidates are failing these exams even at an advanced level of practice, and we understand the frustration caused by the need to resit exams. We have created these mentoring sessions in order for these advanced practitioners to reflect on the experience they have gained, and expand on that in order to progress their career to the highest level of pen testing as quickly as possible.
“A great move by The Cyber Scheme… If our industry is to advance correctly with education and technical quality at its core…. this needs to happen”
Andy Swift, Six Degrees