Advanced Mentoring - INF & APP
Build a roadmap to success as a senior practitioner with our face to face mentoring sessions. Available to book now.
July 12-14 2023
September 13-15 2023
This intensive series of mentoring sessions takes place over three days in our brand new assessment centre in central Cheltenham.
We provide two mentoring sessions per month, one infrastructure and one web application. See our latest available dates above, and please apply or request further information via the buttons on this page.
What is ‘The Advanced Practitioner’?
‘The Advanced Practitioner’ is a series of mentoring sessions with a trainer experienced in all aspects of this exceptionally high standard of penetration testing. The aim of the sessions is to consolidate knowledge and skills, highlight any gaps that might affect subsequent assessment, and create a clear roadmap with the eventual aim of becoming an exceptional, top-tier practitioner.
Applicants should have a minimum of two years of experience as a practitioner before applying, as these sessions are not a training course as such, they are more an exercise in understanding the road to success and understanding how to fill any gaps in knowledge or practical skills. The aim isn’t to pass any particular accreditation; however, many may use the opportunity to work on any identified shortfalls while working towards their next assessment. In essence we offer candidates the support to move from practitioner level to advanced practitioner level, or to revisit areas of knowledge that may have been lost if the candidate has been an advanced practitioner for some time.
What is an advanced practitioner vs a practitioner?
An advanced practitioner will themselves be a mentor to the practitioners they work with, overseeing engagements and leading teams. They will be a source of knowledge which has been gained through experience. An advanced practitioner will be able to clearly communicate with the commissioning client and deal with issues around risk, unforeseen events, and complex IT systems. An advanced practitioner will set an example to the practitioners and uphold the ethics and principles around security testing.
Three days of Mentoring: Choose between Infrastructure and Application pathways
Each day will start with a series of group discussions around the skills and knowledge required by an advanced practitioner. This will be followed by a varied range of workshops around the issues discussed.
The topics included will vary from session to session, based on the skills and knowledge of who is attending ‘The Advanced Practitioner’.
Some example topics for the two courses are listed below, purely as a guide:
Advanced Practitioner - INF
- The basics revisited – low hanging fruit (protocols and enumeration)
- Pivoting and tunnelling
- Reporting and wash up meetings
- Scoping, risk, and the laws according to testers
- Managing a team
- Advanced exploitation
- Privilege escalation
- Enumerating compromised devices
- Remediation advice
- Tools and techniques
Advanced Practitioner - APP
- The methodology of an application test.
- How to get the most out the plethora of tools available.
- How to exploit the most common application vulnerabilities.
- Exploiting databases through application vulnerabilities.
- Session tokens and exploitation of session tokens.
- API (Application Programming Interface) enumeration.
- Decoding and encoding of data.
- Java serialisation vulnerability exploitation.
- Injection vulnerabilities such as XXE, SQL and no SQL.
- OWASP top ten exploitation and beyond.
- Practical applications to test your skills against.
Why choose The Cyber Scheme?
Our trainers and assessors have many years’ experience in creating, developing, and running comprehensive exams aimed at skilled pen testers. We are however concerned that candidates are failing these exams even at an advanced level of practice, and we understand the frustration caused by the need to resit exams. We have created these mentoring sessions in order for these advanced practitioners to reflect on the experience they have gained, and expand on that in order to progress their career to the highest level of pen testing as quickly as possible.