PRACTICAL PENETRATION TESTING – TOOLS AND TECHNIQUES COURSE
Course Description
THE RATIONALE
As network breaches become increasingly sophisticated, proactive defences are essential to counter malicious attacks. In this course, you discover weaknesses in your network using the same mindset and methods as hackers. You acquire the knowledge to test and exploit internal and external defences. You learn countermeasures to reduce risk to your enterprise.
It studies the fundamentals of penetration testing and will illustrate how to think like an attacker and use industry standard tools to perform penetration testing. The course is aligned with the CREST CRT technical syllabus.
The delegates will practice using Kali Linux and its tools to perform information gathering, target discovery and enumeration, Vulnerability mapping, social engineering, system exploitation, privilege escalation, and maintaining access to compromised systems. The delegates will also learn to report the results of their assessments.
COURSE OBJECTIVES
At the end of this course the delegates would be able to:
- Identify and analyze organization exposure to cyber security threats
- Improve your basic cyber security audit skills
- Learn the techniques, tools and hacking methods used by penetration testers
- Effectively manage time and resources
- Gain international industry recognition as a legal and ethical cyber security professional
COURSE CONTENT
MODULE 1: INTRODUCTION TO PENETRATION TESTING
- The need for Pen Testing
- Methodology of Pen Testing
- Ethics and Compliance to Legal Systems
MODULE 2: PEN TESTING ENGAGEMENT LIFECYCLE
- Pen Testing Scope and Boundaries
MODULE 3: THE BASICS NETWORKING CONCEPTS
- Operating System Security
- Application Layer Protocols
- Cryptography Concepts Review
- Wireless and Database Concepts Review
MODULE 4: INFORMATION GATHERING & SOCIAL ENGINEERING
- Creating USB Payloads for Social Engineering Attacks
- Gathering DNS Registration Information
- Gathering Router, Firewall and IPS Information
- Gathering Email Addresses from Public and Social Websites
- Reading Metadata of Files Revealing Target Information
- Hiding Attacks Using Onion Routing Network
MODULE 5: TARGET DISCOVERY FINGERPRINTING & ENUMERATION
- Discovering the Operating System Details
- Port and Services Discovery using NMAP
MODULE 6: VULNERABILITY MAPPING
- Understanding Vulnerability Taxonomy
- Vulnerability Scanners
- Discovering and Analysing Weaknesses
MODULE 7: TARGET EXPLOITATION & PRIVILEGE ESCALATION
- Escalation for Windows and Linux
- Choosing Attack Vectors
- Performing Local and Remote Attacks
- Gathering and Cracking Password Hashes using Mimikatz and John the Ripper
- Attacking a Target through a Compromised Target (Pivoting)
- Creating Man In The Middle Attacks through Spoofing
- Sniffing Authentication Packets Revealing Passwords
- Cracking Default Passwords with Password Lists and Rainbow Tables
MODULE 8: MAINTAINING ACCESS & COVERING TRACKS
- Creating Metasploit Backdoor Payloads
- Antivirus, Firewall, and IPS Evasion Techniques
MODULE 9: WEB PEN TESTING & DATABASE INJECTION
- Bypassing Authentication using Cross Site Scripting
- Revealing User Accounts and Passwords through Database Injection
MODULE 10: DOCUMENTATION, REPORTING & PRESENTATION
- Writing Pen Testing Reports
TARGET AUDIENCE:
Those responsible for securing enterprise systems from unwanted intrusion, and those involved in cyber security measures and implementation.
DELIVERY METHOD: Multiple training delivery methods are employed including Lectures, Demonstrations, Practical, Self Practice and workshop in order to reinforce these training and learning methods.
Venue:
Fee:
Duration: 1 Week
Course Date: April 3rd -7th 2023
Course Info
- Duration: 1 WEEK
- Language: English
- Prerequisites: No
- Course Capacity: 50
- Start Course: 04/04/2022
- Certificate: Yes
About Instructor
-
admin
There are no reviews yet.