[EN]

This Site exists for all customers of the website ( https://www.hjfr-info.pt ) and it has the objective of providing our customers some know hows for their daily work with computers.

It has also has the objective of providing unofficial trainings and preparations for some of the certifications in the IT market.

It is used also as a platform for all trainings that I provide.

[/EN]

[PT]

Este site foi criado para dar aos nossos clientes ( https://www.hjfr-info.pt ) conhecimento de como realizar pequenas tarefas do dia a dia utilizando os seus computadores.

É utilizada também com o objetivo de fornecer preparação não oficial para algumas certificações no mercado de TI.

É usado como plataforma de suporte para todas as formações que eu dou.

[/PT]

Para entrar falem com o HJFR ele envia-vos o código de acesso.

    Disciplinas disponíveis

    Interesting Resources

    Resource List Related with Multiple Topics

    Mainly related with Security Events and good presentations Organized by topics. 


    Lab and CTF

    Jogo de Captura de Bandeira (CTF) 

    Vocês foram contratados como Black Hat hackers para dominar uma empresa concorrente. 

    A vossa missão é entrar na empresa usando os seus serviços web e tentar controlar o seu Domain Controler e assim ter o controlo total na empresa e acesso a todos os sistemas. 

    Com o cliente VPN podem atacar tudo o que aparecer nas redes 192.168.20.0/24, 192.168.30.0/24 e 192.168.40.0/24

    Espero que o a vossa contratação tenha sido um bom investimento. 

    Há varios servidores em cada camada para comprometer.

    FORA do ambito

    192.168.50.0/24

    192.168.200.0/24

    Boa sorte.




    Introdução ao Unix

    Introdução aos sistemas Unix / Linux

    Esta formação tem por objectivo a introdução ao sistema Unix, utilização da shell, utilização do sistema de ficheiros, criar e apagar ficheiros e directorias, usar o editor de texto verificar propriedades e características do sistema e automatizar tarefas


    Hack The Box Writeups

    [PT] Soluções Hack The Box [/PT]

    Aqui vão estar várias writeups relativas aos desafios hackthebox.
    Costumamos estar reunidos para os desafios em https://discord.gg/47jxBAyAyK aparece.

    [EN] Hack the Box Writeups [/EN]

    Here we will document several write ups related with hackthebox challenges.
    We are usually gather for the challenges in https://discord.gg/47jxBAyAyK join us.


    Kali How-to

    Kali Linux How Tos

    Most of us already have stunbled on some situations that we wish to change.
    This training shows multiple situations that can make our daily life easier in kali linux.
    It is not intended to show how the tools are used but more with the intent on how to show

    Enrollment Key = K-How-TO

    Introdução ao Powershell

    Introdução ao Powershell

    EC council Study notes

    ++++++++++ UNDER CONSTRUCTION +++++++++++++

    Collection of notes and important topics for EC council Exam. 

    ++++++++++ UNDER CONSTRUCTION +++++++++++++

    Enrollment Key = ECH-SN-20022

    Training for CISSP Certification (8 Domains of Knowledge)

    Training for CISSP Certification (8 Domains of Knowledge)


    This training has a special focus in the 8 security domains of knowledge that are critical for the CISSP exam.

    Each domain of knowledge is detailed on all components that are critical.
    Each one will be discussed and their relation betwen them and other knowledge domains will be flagged.

    The student will be able to do:
    • Knowledge of the 8 Security Domains
    • Ability to analyse the questions and be able  to select the correct answers. 
    • Apply the knowledge and testing skills learned in class to pass the CISSP® exam.
    • Understand and explain all of the concepts covered in the 8 domains of knowledge.
    • Apply the skills learned across the 8 domains to solve security problems when you return to work.

    Desenvolvimento Seguro

    Desenvolvimento Seguro.

    Quando se fala em segurança no desenvolvimento é fundamentar aplicar os conceitos de segurança o mais cedo possível.
    A utilização de código não seguro implica a criação de vulnerabilidades na empresa deixando a empresa exposta aos atacantes.

    Este treino tem como objetivo:
    • Criar visibilidade aos programadores para prevenir as vulnerabilidades e erros mais comuns no código.
    • Aumentar o conhecimento sobre código seguro e estimular o pensamento critico do programador.
    • Baixar os custos de remediação detetando as vulnerabilidades cedo no ciclo de vida do desenvolvimento. (Secure Software Development Life Cycle) 
    Treino orientado a desenvolvimento web onde será falado no OWASP top 10.



    Introduction to Pentesting

    Introduction to Pentesting


    Being a cybersecurity professional forces you to have the responsibility of find and understand your organization vulnerabilities.
    With that knowledge you will be able to work diligently to mitigate them before any malicious actor exploit.
    Classifying each vulnerability risk and impact for the landscape where she is inserted is critical to for optimizing resources in the places they are needed.

    In this training you will learn how to use multiple tools, techniques and methodologies for network penetration testing.
    The focus on the training will be identification of vulnerabilities, understanding their impact and how to mitigate them in order of importance.

    The course starts with planning, scoping, and reconnaissance, then dives deep into scanning, target exploitation, password attacks, Windows Domain attacks.

    You will learn:
    • how to perform detailed reconnaissance
      • mining publicly available information in search engines, social networking sites, and other internet and intranet infrastructure.
    • How to scan and identify vulnerable services
      • provides you with information on several ways to exploit the target systems to gain access and measure real business risk.
    • Exploit targets execute pivoting in different ways with a multi layered network.
    • Identify ways of detecting the malicious actors and how to mitigate the risk for the landscape.
     We discuss how the tools interrelate with each other in an overall testing process.
    Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the biggest bang out of the next tool.

    By the end of the training you will be able to:
    1. Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined, and conducted in a safe manner.
    2. Conduct detailed reconnaissance using document metadata, search engines, and other publicly available information sources to build a technical and organizational understanding of the target environment.
    3. Utilize the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to develop a map of target environments.
    4. Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
    5. Analyze the output of scanning tools to manually verify findings and perform false positive reduction
    6. Exploit Vulnerable Services
    7. Utilize the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise, and help determine business risks.
    8. Use Metasploit tool to scan, exploit and pivot through a target environment.