Live Online Training in 2021

We are again offering Live Online Training until it is safe to return to venues and offer on-site training courses. Check what we have on offer for you in 2021 for now.

Should you be interested in training and it’s not covered here get in touch and we’ll see what we can arrange.

Steven WierckxAdvanced Whiteboard Hacking

Toreon’s whiteboard hacking course teaches a practical methodology to perform threat modeling. The course combines pragmatic approach to threat model theory with techniques for each threat model step. This enables attendees to handle any threat model in real life. In this course we answer 4 questions:

  • What are we building?
  • What could possibly go wrong?
  • What are we going to do about it?
  • Did we do a good enough job?

Before attending this course, students should be familiar with basic knowledge of web and mobile Applications, databases & Single sign-on (SSO) principles.

£1,300.00Add to basket


Threat Hunting and Incident Handling with OSSEC

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features that, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. Its agent-based architecture allows automation of many tasks performed during incident investigations.

£1,200.00Add to basket


Cloud Security Masterclass

This hands-on CTF-style training focuses on elevating your security knowledge into the cloud. Learn to defend your public cloud infrastructure by building automated detection, alerting and response pipelines for your public cloud workloads by using native cloud services. This training focuses on building security knowledge on the cloud and for the cloud.

£1,200.00Read more


Applied Source Code Fuzzing

This course teaches you the foundations of fuzzing and how to apply it on real-world complex software. The course provides a deep and comprehensive view of modern fuzzing, and there is a lot of material to cover. We do not just show how to run a few commands – we go deep into the code of targets and fuzzers, with the goal of finding bugs in real-world projects and more. This course will teach you in-depth and pragmatically how to fuzz, and following completion of the course you will be able to apply your skills professionally at a high level.

The course is heavily focused on real-world problems, and because of this you will be fuzzing many real-world software packages in the course. You will learn how to surgically target your analysis towards specific parts of the application you are analysing, and do so against some of the most complex applications in the world such as Chromium.

£2,000.00Select options


A7SecurityHacking Android, iOS and IoT apps by Example

This course is a 100% hands-on deep dive into the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten.

Learn about Android, iOS and IoT app security by improving your mobile security testing kung-fu. Ideal for Penetration Testers, Mobile Developers and everybody interested in mobile app security.

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

£1,000.00Select options


A7SecurityHacking Modern Desktop apps: Master the Future of Attack Vectors

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long gone are the days since desktop apps were written in Delphi. What is common between Microsoft Teams, Skype, Bitwarden, Slack and Discord? All of them are written in Electron: JavaScript on the client.

Modern Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other desktop app platform. Ideal for Penetration Testers, Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security.

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

£1,000.00Add to basket


A7SecurityHacking Modern Web apps: Master the Future of Attack Vectors

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long gone are the days since web servers were run by perl scripts apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.

Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web app platform. Ideal for Penetration Testers, Web app Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

£1,000.00Add to basket


Dawid CzaganBlack Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation

HackerOne bug hunters have earned over $100 million in bug bounties so far. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximise your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

£1,200.00Add to basket

Important Info

Training will take place online on the 14-17th June and 13-16th September 2021. One course will run over two full days and the others over 4 half days. Check the individual courses for their dates.