Security certificates

Intrustry recognized certificates

By Offensive Security

Offensive Security Web Expert (OSWE) [2021-]

OSCE is an advanced penetration testing certification focusing on white box web application pentesting. The OSWE exam has a 48-hour time limit and requires student to audit the code on various languages, find security issues and craft custom exploit in order to compromise the applications.

 

Offensive Security Certified Expert (OSCE) [2019-]

OSCE is an advanced penetration testing certification focusing on exploit development, anti-virus evasion and web attacks. The OSCE exam has a 48-hour time limit and consists of a hands-on penetration test in isolated network.

 

Offensive Security Certified Professional (OSCP) [2018-]

OSCP is an entry level penetration testing certification focusing on information gathering, enumeration of services, conducting remote and local privilege escalations and clint side attacks. It teaches how to properly test computer networks, how to move lateraly and how to look for weak spots within systems.

 

Offensive Security Wireless Professional (OSWP) [2019-]

OSWP is granted to experts able to audit and secure wireless networks and devices. It requires ability to identify vulnerabilities in 802.11 networks and execute organized attacks.

By Pentester Academy

Certified Red Team Expert (CRTE) [2020-2023]

A certificate holder has demonstrated the capability of enumerating and understanding an unknown Windows network and can identify misconfigurations, functionality abuse and trusts abuse. She can use, write and modify PowerShell scripts and can abuse other built-in tools to perform enumeration, local privileges escalation, impersonation, pivoting, whitelisting bypasses, and antivirus evasion as well as identify sensitive data with minimal chances of detection.

Trainings

By Jeremy Blackthorne and Ringzer0

Reverse Engineering With Ghidra [2021]

7 days of reverse engineering using Ghidra. Covered Linux, Windows, and embedded systems. Dedicated lessons focused on finding vulnerabilities and patch diffing.

By x33fcon

From zero to first 0-day [2020]

Hands-on training on modern fuzzing techniques.

By SensePost

Black Ops Hacking for Pentesters - Master Level [2017]

Master course designed to emulate attackers in gaining access to all areas of the OSI layer, including 8 (the human). From initial footprinting of a target environment, to building up an attack pattern based on architecture choices, to targeting humans and gaining an initial foothold into the network using targeted phishing campaigns and techniques used by APT actors during the last few years.

By Mandiant

Enterprise Incident Response [2017]

Course designed to teach the fundamental investigative techniques needed to respond to today’s cyber threats. Examples of skills taught include how to conduct rapid triage on a system to determine whether it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms and investigate an incident throughout an enterprise. The course includes detailed discussions of common forms of endpoint, network and file-based forensic evidence collection and their limitations as well as how attackers move around in a compromised Windows environment.

By Quarkslab

Android Security - Reverse Engineering & App Pentesting [2015]

Course designed to teach how to understand what Android application are doing by static and dynamic analysis, and ARM reverse engineering. The covered topics included Android security model, the classical components used in Android applications (and the misuses of them), and real Android malware.

By Leviathan Security Group

Hands-On Secure Code Development [2012]

Course designed to teach secure developing techniques while developing modern C++ applications, using modern CI pipeline and devops solutions.

Notable CVEs

CVE-2021-26415

Windows Installer Elevation of Privilege Vulnerability

Arbitrary write with partial content control issue. Affected were all Microsoft Windows versions.