Trainings

This training course is offered by OffSec, the company famous for developing Kali Linux (a Linux distribution specifically designed for penetration testing). EXP-401 (AWE) is OffSec's most challenging course for experienced penetration testers, and it provides hands-on exploration of advanced exploit development, including security bypasses, complex heap manipulation, and 64-bit kernel exploits, in large-scale enterprise applications.

This training course, offered by OffSec, is an advanced red team exercise course specializing in AI environments such as generative AI and LLM. Participants will learn practical techniques to identify AI-specific vulnerabilities hidden within real-world systems and demonstrate the impact by exploiting AI workflows and control aspects from an attacker's perspective. Furthermore, they will acquire the thinking and methodologies to transform these discoveries into defensible security improvements.

Learn how to detect attacks on Windows and Active Directory through Windows event log analysis. The course covers everything from basic to advanced attacks, providing foundational knowledge in attack investigation and analysis, as well as methods for independent research. Analysis primarily utilizes open-source tools from Daiwa Security. You will also learn about Sigma's detection rules and AI-driven investigations, providing essential skills for forensic investigators, incident responders, SOC analysts, threat hunters, and more.

Learn how security teams can use LLM and threat intelligence to accelerate detection engineering while maintaining human oversight. Practice realistic blue team workflows, including translating threat intelligence into detection ideas, MITRE ATT&CK mapping, and Sigma rule refinement. Avoid blind faith in automation and emphasize human decision-making and validation to master AI integration that improves the speed and consistency of SOC and incident response.

This course provides practical training in treating browsers as the primary source of evidence against attacks targeting SaaS and authentication credentials. In addition to analyzing and decrypting major browsers, participants will utilize AI as an "investigation accelerator" to build automated workflows for timeline creation and analysis. Through a breach investigation exercise on the final day, participants will aim to acquire advanced investigative capabilities that go beyond conventional methods and AI-assisted forensic skills that can be immediately applied in real-world situations.

This course provides security teams, often overwhelmed by repetitive tasks, with methods for building AI agents that significantly enhance existing workflows. Participants will leverage OpenAI and Claude SDKs to create practical tools covering the entire security lifecycle, including threat model generation, automated SAST/DAST scanning, and cloud infrastructure auditing. Through hands-on labs, participants will learn to build agents that adapt, infer, and scale.

This course is a practical training program designed to hone your cyberattack response capabilities from a blue team perspective. It covers a wide range of topics, from detection techniques such as OSINT utilization, endpoint detection with Wazuh, and network analysis, to Windows/Linux forensics and malware analysis using IDA Pro. Through theory and hands-on exercises, you will acquire the specialized skills necessary to respond immediately to SOC operations and incident response.

To address the challenge of AppSec not keeping pace with the accelerating pace of DevOps, this course provides practical DevSecOps and AppSec automation implementation methods for security engineers, developers, and DevOps professionals. Participants will learn how to integrate security testing, supply chain control, secret management, and policy enforcement into CI/CD, and practice automated SAST, SCA, and SBOM generation using the latest tools. The course also explores AI-assisted DevSecOps, aiming to build a pipeline that integrates security throughout the entire process.