Minimize human error in IT
Security training for administrators
2.000+ customers place their trust in us – from startups to large companies
Top threats under control
Reduce risks in your IT
The change of perspective (participants slip into the role of an attacker) and the practical LAB exercises generate a high level of personal involvement.
This creates an understanding of security measures, the basis for real behavioral change and compliance with your guidelines.
From professionals for professionals
Security especially for administrators
- Carefully compiled: The content comes from security specialists, pentesters and incident responders from HvS-Consulting (BSI APT service provider).
- Optimally prepared: The didactic preparation was carried out by the IS-FOX learning specialists. No marketing blah-blah, but concrete tips and assistance for more security in IT.
- For all skill levels: suitable from security beginners to security experts.
Results similar to a hands-on workshop
50% faster learning success
- The LABs save you 50% time compared to live events, with the same learning success. They are comparable to an 8-hour workshop. The only thing missing are the breaks and the waiting times until all participants have started the LABs and typed in the commands correctly.
- Variety guaranteed - thanks to two virtual trainers and a “capture the flag” approach.
- International & flexible: each participant can complete the LABs at “their” own speed
Administrators learn the security basics and recognize potential threats. Our content, developed by incident response experts, has been perfected over years of successful classroom training. They are based on real-life APT attack scenarios, which ensures their relevance and effectiveness.
Intro
Introduction and basics
- How does the training work?
- How do professional APT attackers proceed?
- Why are they so dangerous?
The Kill-Chain
The Kill-Chain
Reconnaissance
- Scouting the target area through research and scans
- LAB exercise: Scan the surroundings with nmap and build the infrastructure map of the LAB
Analysis
- Detection of vulnerabilities using the Nessus report and development of the attack strategy
Exploit Linux
- Penetrating Linux systems
- LAB exercise: SSH brute force with Hydra
Exploit Windows
- Intrusion into Windows systems
- LAB exercise: Eternalblue (NSA tool) with Metaspoit
Lateral Movement
- Takeover of further systems and extension of rights up to domain admin
- LAB exercise: “Pass the Hash” with Mimikatz and access to domain controllers with psexec
Resilience
Resilience
Patching & Hardening
LAB exercise Exploiting Shellshock with meterpreter on Linux system
- Patch your systems promptly
- Harden your systems
Secure-Administration
LAB exercise Using captured Linux passwords on other systems
- Use different passwords
- Stick to RBAC and the principle of minimal rights
- End RDP sessions properly (with explanation of RDP hopping)
- Use password managers, avoid hardcoded passwords
Detection & Response
Detection & Response
Detection / Vulnerability-Management: „Detection is a must these days“
Presentation of the various detection instruments (NIDS, SIEM, EDR)
Explanation SOC / CERT
- Close any vulnerabilities found promptly
- Be vigilant yourself and watch out for anomalies
In an emergency: correct behavior in an emergency with/without CERT
- Isolate the systems
- Do not change the system status
- Document cleanly what you do
Social Engineering
Phishing & Social Engineering
“You can be manipulated too, you just need a different bait”
- Do not click on unknown attachments
- Do not surf with administrative rights
- Avoid dubious sites
Test
Test
Final test with multiple-choice questions
If you pass, you will receive a certificate to download.
Internationally applicable
The security training course for administrators is available in German and English. It is Scorm-compatible and can therefore either be integrated into your own learning management system (LMS) or provided by us as a cloud service. In the English-language Security LAB for Administrators, participants put the knowledge they have learned into practice.
Policies can be integrated
In principle, no individual adjustments are required. However, we have provided places where you can optionally integrate relevant documents and guidelines (hardening guides, emergency processes, etc.). This makes the training course “yours”. Your logo and accent color are then included on top.
Fair pricing model
The modules are licensed per training participant. The price for a training participant (including e-learning course, LAB infrastructure, operation, licenses, etc.) is between EUR 80 and EUR 250 net plus VAT, depending on the number of participants, and thus costs a fraction of a comparable classroom training course, but delivers virtually the same learning success.
The second Admin LAB module “Cloud and AD Security” covers hot security topics such as Cloud Security, Defense in Depth and Active Directory Security and offers a unique learning experience with a real trainer and an AI avatar.
Intro
Introduction and basics
How does the training work?
Security concepts 1
Security concepts (Part 1)
Cloud security: The operating models in the cloud
Shared responsibility: the role of the admin and the cloud provider
Tips in the cloud
- Clean account separation.
- PIM/PAM solutions / Jump Server.
- Various multi-factor methods.
- Private networks and IP restrictions
- LAB exercise: Access to poorly configured cloud database through OSINT research
Defense in Depth
- Attack vectors of modern ransomware gangs.
- Defense in depth based on various layers such as user awareness, perimeter security, network security, IAM, secure administration, secure software development, detection & response
- LAB exercise: Linux SSH Bruteforce with and without MFA
Security concepts 2
Security concepts (Part 2)
Importance of EDR
- Differences to antivirus solutions. Use of EDR tools.
- Coexistence with antivirus software. Dealing with exclusions
- LAB exercise: Effects of antivirus exclusions
Backup
- Deadly sins in backup from a security point of view.
- The right backup strategy. Cloud exit and restore tests.
Logging in the cloud
Meaningful logs in the cloud
Patching & lifecycle management
- The importance of patching.
- Response time depending on criticality.
- Security tips for end-of-life systems.
AD Security
Active Directory Security
- LAB exercise: Evaluation of an Active Directory security scan
- The security of cloud AD versus on-premise AD
- Possible solution options for secure ADs
Security Tips
Further Security Tips
Authorizations on shares
- LAB exercise: Stealing privileged accounts through poorly set permissions
- Awareness for assigning authorizations
- Careless share permissions can create major security holes
NTFS und NFS
- Setting permissions correctly
- LAB exercise: Reading Linux shares
Test
Test
Final test with multiple-choice questions
If you pass, you will receive a certificate to download.
The Cyber LABs are aimed at internal and external people who design, develop or operate IT infrastructure, i.e. IT managers, IT architects, application owners, software developers, system managers, administrators and support staff.
They shouldn't, but they should understand who they are fighting. All “hacking scenarios” in the Cyber LAB are based on real APT attacks by current hacker groups and are therefore highly relevant. In the e-learning part of the Cyber LAB, we impart the knowledge of how professional attackers proceed - in the LAB environment, the participants are allowed to implement the knowledge they have learned in the LAB themselves. They slip into the role of the attacker and work through a typical “kill chain”. This change of perspective trains security awareness for potential vulnerabilities and promotes secure behavior.
IT administrators understand the approach of modern attackers and learn to see cyber security as a concept and not as a collection of security products. Numerous practical tips will enable them to significantly strengthen the security of their infrastructure through configuration, the use of on-board tools and security-conscious behavior.
After the training, IT decision-makers in small and medium-sized companies will understand how cyber security works as a concept, which measures have priority and why the mere use of individual security products does not lead to the desired protection. This enables them to make better and more efficient decisions about the use of security tools and to better classify the marketing promises of individual manufacturers.
Decentralized IT administrators understand the approach of modern attackers and learn why the cyber security guidelines of central IT make sense and are useful. They develop an understanding of the measures and no longer perceive them as annoying additional work from the head office. Security findings from audits and assessments are resolved faster and better, and the security level in the decentralized units increases considerably thanks to security-conscious behavior.
HvS-Consulting, the company behind the IS-FOX brand, combines the expertise of a cyber security specialist and a learning specialist in a unique and special way. The technical security consultants and incident responders at HvS-Consulting are among the best in their field and experience attacks on companies on a daily basis, how the attackers proceed and which technical and human vulnerabilities they exploit.
The IS-FOX Security Awareness Team takes this special knowledge, reduces complexity and prepares it in a didactic way so that the training courses set the right priorities, are understandable, contain practical and practicable tips and are fun to learn
Traditional, non-specialist learning specialists do not understand the complex content of cyber security and therefore cannot prepare the content optimally. Security specialists are too deep in the subject matter and are usually unable to convey this know-how in a simple way. The “magic” of the courses is created by this unique combination of security and learning specialists in one company.
In the LAB, participants can put the knowledge they have learned into practice. The LAB for administrators simulates a company network with several prepared Windows and Linux systems, a total of 8 server systems. It contains up-to-date attack tools and assistance.
Option “Shared LAB environment”
You get access to one of our shared LAB environments in Microsoft Azure. Your participants share the LAB with other customers. Each customer can access the shared LAB environment with a maximum of 2 simultaneous users. A shared LAB environment is ideal if you want to train a small number of participants over a longer period of time (e.g. 50 participants in 1 year). Typical scenarios are smaller companies with few IT employees and larger companies that want to offer training to new employees on a permanent basis.
Option “Own LAB environment”
You receive one (or more) exclusive LAB environments in Microsoft Azure for your participants. They access the LAB environment(s) together. You can choose between 2 LAB sizes: “Standard” with 5 or “Enterprise” with 25 simultaneous users in the LAB. A dedicated LAB environment is ideal if you want to train a large number of participants in a short space of time (e.g. 200 participants in 3 months). A typical scenario is the initial training of all IT colleagues.
As standard, the learning units (the courses) are offered fully synchronized in German and English. On request, the learning units can be subtitled in other languages for an additional charge. The LAB environment is always in English.
You can choose between a term of six and twelve months. An extension of a further six months is possible.
Yes, the learning units can be integrated into your own LMS via “SCORM Streaming”. Your training department will receive a learning package in SCORM format for your LMS. Although the content is retrieved (“streamed”) via the IS-FOX Cloud, the course behaves identically to an “internal course”, i.e. course administration, invitation management, booking of success, etc. takes place in your LMS.
The LABs and the associated administration (the “LAB Portal”) contain a lot of technology and logic and therefore cannot be operated in a customer's own Azure tenant. However, you can store the link to your internal LMS in the LAB Portal to establish a transparent connection.
Other courses that might interest you
IT security training for administrators: Minimize attack risks thanks to interactive e-learning with a hacking environment.
Modern IT security training protects you and your employees from attacks and their consequences for your company. Find out more and book a training course now!
Up-to-date and modern online data protection training courses make your employees fit for GDPR. Find out more and book training now!