Training

Red5 helps businesses improve the security of the systems they develop. We can educate your developers, and members of your SOC, CIRT, or other security teams to strengthen security during the design, implementation, testing, and release of software. We can even help while it’s active and running.

Increasingly, enterprises are moving their operations to the cloud, such as AWS, Azure, or Google Cloud Platform. How can you ensure your cloud environment is secure?

This course is designed for security consultants and cloud architects who want to understand the principal elements of their cloud-based environment. Learn the techniques and tools necessary to perform a thorough security review, while increasing your understanding of the major risks and security best practices.

You should take this course if:
Red5’s cloud security training is for security consultants and cloud architects interested in learning how to assess the main elements of a cloud environment.

Cloud security awareness is improving, but its application to real-life scenarios is trailing. The goal of this course is to bridge this gap by integrating the latest technologies with Cloud solutions. The course describes these attacks and explains how to detect and miligate against future attacks. Attendees will learn how security vectors in these ecosystems present opportunities for abuse through applied exercises.

You should take this course if
Red5’s ’s Offensive Cloud Security training is for pentesters who have some experience with the Cloud and want to improve their ability to assess and improve the security of cloud hosted applications and infrastructures.

Containers and orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they work and how can they be secured?
This course takes a deep dive into the world of Linux-based containers, covering fundamental technologies and practical approaches to attacking and defending Docker and Kubernetes container-based systems.

This course focuses on Kubernetes as it emerges as the dominant core of cloud-native systems while examining the wider ecosystem.

You should take this course if:
Red5’s Mastering Container Security training is well suited for offensive or defensive security professionals seeking hands-on experience with setting up, defending, and attacking containerised environments.

Do you develop bespoke or off-the-shelf software? Does it put your customers at risk of a security breach? Do you choose components for your enterprise architecture while fully considering the security implications?

This course will help you in planning and developing a secure software development lifecycle.

You should take this course if:
Red5’s Security in Software Development Lifecycle training is for software developers, QA engineers, software architects, technical, project, and programme managers, business analysts, and team leaders seeking information on how to satisfy expectations around security and privacy for software and hardware they are responsible or liable for.

Secure coding is fundamental to the development of secure web applications. Secure Coding for Web Developers provides developers with practical guidance for developing secure web applications using JavaScript and other popular web technologies.
Participants will learn how to secure web applications and avoid, prevent, and mitigate the OWASP top ten most critical web application security risks.

You should take this course if:
Red5’s Secure Coding for Web Developers training is for Web developers who would like to build websites free from the OWASP top ten most critical web application and related security risks.

This course teaches methods to understand native code including static analysis using disassemblers and a dynamic analysis using debuggers. It also covers some common classes of security vulnerability and methods to detect them.

You should take this course if:
Red5’s Processor, OS and Computer Foundations training is suitable for consultants, code reviewers, reverse engineers and exploit developers who want to understand how native programs work and assess their security without access to source code.

This course teaches exploitation methods from simple stack overflows to type confusion bugs in C++ code using various techniques including return-oriented programming and engineering read/write primitives.
This course is led by experienced instructors from Red5’s ‘R5 Development Group’ (R5DG), who develop bespoke exploits and tools for use on client engagements.

The EDG has developed exploits against popular software such as Internet Explorer, Firefox, Flash, Adobe Reader, Windows Kernel, Xen, and Java. They provide extensive knowledge and experience in reverse engineering and low-level debugging.

You should take this course if:
Red5’s Exploit Development is training for consultants, code reviewers, reverse engineers, and exploit developers who want to understand how to exploit vulnerabilities in native code.

This course shows how to attack the Windows kernel. The course will teach you about the Windows kernel internals with labs that will provide you real-world experience in how to exploit kernel vulnerabilities.

This class focuses on exploiting CVE-2018- 8611 on Windows 10 x64 1809 (RS5), a fairly complex race condition that leads to a use-after-free on the non-paged kernel pool. The vulnerability is in the Kernel Transaction Manager (KTM) driver (tm. sys), a kernel component that has not received much public scrutiny.

You should take this course if
Red5’s Windows Kernel Exploitation training is for reverse engineers, exploit developers, and bug hunters who wish to learn a structured and reusable approach to attacking an unknown component in the Windows kernel.