PENETRATION TESTING TRAINING COURSE DESCRIPTION
An advanced technical hands on course focusing on hacking and counter hacking.
The course revolves around a series of exercises based on "hacking" into a
network (pen testing the network) and then defending against the hacks.
WHAT WILL YOU LEARN
* Perform penetration tests.
* Explain the technical workings of various penetration tests.
* Produce reports on results of penetration tests.
* Defend against hackers.
PENETRATION TESTING TRAINING COURSE DETAILS
* Who will benefit:
Technical support staff, auditors and security professionals.
Staff who are responsible for network infrastructure integrity.
* Prerequisites:
IP Security
IP VPNs
* Duration
5 days
PENETRATION TESTING TRAINING COURSE CONTENTS
* Introduction
Hacking concepts, phases, types of attacks, 'White hacking', What is
penetration testing? Why use pen testing, black box vs. white box testing,
equipment and tools, security lifecycles, counter hacking, pen testing
reports, methodologies, legal issues.
* Physical security and social engineering
Testing access controls, perimeter reviews, location reviews, alarm response
testing. Request testing, guided suggestions, trust testing. Social
engineering concepts, techniques, counter measures, Identity theft,
Impersonation on social media, Footprints through social engineering
* Reconnaissance (discovery)
Footprinting methodologies, concepts, threats and countermeasures, WHOIS
footprinting, Gaining contacts and addresses, DNS queries, NIC queries, ICMP
ping sweeping, system and server trails from the target network, information
leaks, competitive intelligence. Scanning pen testing.
* Gaining access
Getting past passwords, password grinding, spoofed tokens, replays, remaining
anonymous.
* Scanning (enumeration)
Gaining OS info, platform info, open port info, application info. Routes
used, proxies, firewalking, Port scanning, stealth port scanning,
vulnerability scanning, FIN scanning, Xmas tree scanning, Null scanning,
spoofed scanning, Scanning beyond IDS. Enumeration concepts, counter measures
and enumeration pen testing.
* Hacking
Hacking webservers, web applications, Wireless networks and mobile platforms.
Concepts, threats, methodology, hacking tools and countermeasures.
* Trojan, Backdoors, Sniffers, Viruses and Worms
Detection, concepts, countermeasures, Pen testing Trojans, backdoors,
sniffers and viruses. MAC attacks, DHCP attacks, ARP poisoning, DNS poisoning
Anti-Trojan software, Malware analysis Sniffing tools.
* Exploiting (testing) vulnerabilities
Buffer overflows,, simple exploits, brute force methods, UNIX based, Windows
based, specific application vulnerabilities.
* DoS/DDoS
Concepts, techniques, attack tools, Botnet, countermeasures, protection
tools, DoS attack pen testing.
* SQL Injection
Types and testing, Blind SQL Injection, Injection tools, evasion and
countermeasures.
* Securing networks
'Hurdles', firewalls, DMZ, stopping port scans, IDS, Honeypots, Router
testing, firewall testing, IDS testing, Buffer Overflow.
* Cryptography
PKI, Encryption algorithms, tools, Email and Disk Encryption.
* Information security
Document grinding, privacy.