Certified Penetration Testing Consultant



Similar documents
C)PTC Certified Penetration Testing Consultant

InfoSec Academy Pen Testing & Hacking Track

How To Learn Cisco Cisco Ios And Cisco Vlan

"Charting the Course...

IINS Implementing Cisco Network Security 3.0 (IINS)

IP(v6) security. Matěj Grégr. Brno University of Technology, Faculty of Information Technology. Slides adapted from Ing.

Linux Network Security

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

Interconnecting Cisco Networking Devices Part 2

Securing Cisco Network Devices (SND)

Security of IPv6 and DNSSEC for penetration testers

NETWORK SECURITY (W/LAB) Course Syllabus

Implementing Cisco IOS Network Security

Interconnecting Cisco Network Devices 1 Course, Class Outline

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Course Title: Penetration Testing: Security Analysis

Network Access Security. Lesson 10

: Interconnecting Cisco Networking Devices Part 2 v1.1

Implementing Cisco IOS Network Security v2.0 (IINS)

IPv6 Fundamentals, Design, and Deployment

INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)

Securing end devices

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

CYBERTRON NETWORK SOLUTIONS

Vulnerabili3es and A7acks


Cisco Certified Network Expert (CCNE)

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

CS5008: Internet Computing

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

Cisco Certified Security Professional (CCSP)

IPv6 Security Analysis

CCIE Security Written Exam ( ) version 4.0

Network Security and Firewall 1

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

TABLE OF CONTENTS NETWORK SECURITY 2...1

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

SSVVP SIP School VVoIP Professional Certification

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

CCNA Security 1.1 Instructional Resource

(d-5273) CCIE Security v3.0 Written Exam Topics

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Network Security Fundamentals

CCNP: Implementing Secure Converged Wide-area Networks

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Table of Contents. Introduction

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Course Contents CCNP (CISco certified network professional)

Firewalls, Tunnels, and Network Intrusion Detection

BUY ONLINE AT:

CCNA Security v1.0 Scope and Sequence

Description: Objective: Attending students will learn:

Lab VI Capturing and monitoring the network traffic

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Raritan Valley Community College Academic Course Outline. CISY Advanced Computer Networking

information security and its Describe what drives the need for information security.

CERTIFIED PENETRATION TESTING CONSULTANT

Network Security. Network Packet Analysis

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Networking 4 Voice and Video over IP (VVoIP)

Cisco Which VPN Solution is Right for You?

Configuring the Transparent or Routed Firewall

ASM Educational Center (ASM) Est. 1992

Network Security and Penetration Testing

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

13 Courses Quick Guide

CTS2134 Introduction to Networking. Module Network Security

Packet Sniffing with Wireshark and Tcpdump

Lecture 17 - Network Security

CEH Version8 Course Outline

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

Case Study for Layer 3 Authentication and Encryption

Tools for Attacking Layer 2 Network Infrastructure

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network/Internet Forensic and Intrusion Log Analysis

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Chapter 8 Phase3: Gaining Access Using Network Attacks

EC Council Certified Ethical Hacker V8

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Information Security. Training

Transcription:

Certified Penetration Testing Consultant Course Name: CPTC V3 Duration: 4 days Language: English Format: Instructor-led Course (Lecture and Labs) Prerequisites: CPTE, GIAC, or equivalent knowledge A minimum of 24 months experience in Networking Technologies Sound knowledge of TCP/IP Computer hardware knowledge Experience as a Support Professional or Consultant Student Materials: 1. Student Workbook 2. Student Reference Manual 3. Software/Tools 2x DVDs Certification Exam: CPTC Practical Exam Certification Track: CPTE Certified Pen Testing Engineer CPTC - Certified Pen Testing Consultant CSWAE Certified Secure Web Application Engineer CPTC COURSE OBJECTIVES The Certified Penetration Testing Consultant course is designed for IT Security Professionals and IT Network Administrators who are interested in conducting Penetration tests against large network infrastructures similar to large corporate networks, Services Providers and Telecommunication Companies. Instead of focusing on Operating System level penetration testing, this course covers techniques on how to attack and prevent underlying network infrastructure and protocols. The training starts from basic packet capturing and analyzing by using common tools and continues with Layer2 attack vectors, Layer3 based attacks; including both IPv4 and IPv6 stacks, routing protocol attacks (OSPF, BGP, etc) and then jumps over to Service Provider level attacks related with very common used MPLS, how to use relays and pivots, VPN attacks including IPSEC protocol suite, SSL attacks, and finally covers NIDS/NIPS evasion and implementation techniques. At the completion of each module, students are going to be able to practice their knowledge with the lab exercises that are specifically prepared for the covered materials during the theory. UPON COMPLETION A Certified Penetration Testing Consultant is a security professional with the ability to plan, manage and perform a penetration test. The Also available as: LIVE REMOTE TRAINING Attend live class from anywhere in the world! Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-touse toolbar. Application, file, and desktop sharing enable you to view live demonstrations. Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom. Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect. Public and private text chat allows for increased interactivity between students and instructor designation Consultant is related to the depth and breadth of understanding required to manage a project involving multiple team members, manage the client s expectations and deliver an audit of security controls that is thorough, well documented and ethically sound.

2 COURSE DETAILS Modules Module 0: CPTC Intro Module 1: Packet Capturing Module 2: Layer 2 Attacks Module 3: Layer 3 Attacks on Cisco Based Infrastructures Module 4: Pivoting and Relays Module 5: IPv6 Attacks Module 6: VPN Attacks Module 7: Defeating SSL Module 8: IDS/IPS Evasion LABORATORY EXERCISES Lab 1: Lab 2: Lab 3: Lab 4: Lab 5: Lab 6: Lab 7: Lab 8: Working with Captured Files Layer 2 Attacks Attacking Routing Protocols Using Pivot Machines IPv6 Attacks VPN attack Defeating SSL Decrypting Traffic and Man-in-the-middle attacks NIDS/NIPS OBJECTIVE OF HANDS-ON LABORATORY SCENARIOS This is an intensive hands-on class. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take. Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2 s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the security world; our labs are updated to reflect them. CERTIFIED PENETRATION TESTING CONSULTANT EXAM The Certified Penetration Testing Consultant exam is a 6 hour practical in which you will be conducting both a Vulnerability Assessment and a Full Penetration Test on two IP's. You will then be given 60 days to turn in a written Penetration Test report that will be analyzed by our team of experts. You are required to find at least 80% of the vulnerabilities and then manually test to see if they are legitimate. The report will need to be professionally written, grammatically correct and accurate. This exam is a Pass or Fail.

DETAILED MODULE DESCRIPTION Module 1: Packet Capturing Packet Capturing Packet capturing using libpcap Capturing using ncap Packet Capturing Software Windump / TCPDump Usage Usage Windump & PS Wireshark General Settings Preferences Capture Settings Interface Options Column Settings Name Resolution Settings Panes Capture Options Menu Shortcuts Follow TCP Stream Expert Infos Packet Reassembly Capturing VOIP Calls VOIP Call Filtering Call Setup Playing the call Saving the call into a file SMB Export HTTP Export Module 2: Layer2 Attacks Why Layer2? FBI/CSI Risk Assessment Ethernet Frame Formats Different Types of attacks Switch Learning Process Excessive Flooding Macof Cisco Switches Bridging Table Capacities Mac Flooding Alternative: Mac Spoofing Attacks Spanning Tree Basics Frame Formats Dissectoring Main BPDU Formats yersinia STP Attacks supported in yersinia Becoming Root Bridge VLANs Basic Trunk Port Defined Dynamic Trunking Protocol (Cisco) VLAN Hopping Attack Double Tagging How DHCP operates? DHCP Request/Reply Types DHCP Fields DHCP Starvation Attack Rogue DHCP Server Attack ARP Function Review Risk Analysis of ARP ARP Spoofing Attack Tools ARP Cache Poisoning How PoE works? Risk Analysis for PoE Module 3: Layer3 Attacks on Cisco Based Infrastructures Layer 3 protocols Protocols: BGP BGP MD5 crack Protocols: BGP BGP Route Injection MP-BGP Route Injection Protocols: OSPF Protocols: ISIS Protocols: HSRP/VRRP DDoS detection DDoS prevention Ingress/egress filtering Worm detection and protection DDoS/worm research/future MPLS Bi-directional MPLS-VPN traffic redirection Some More MPLS Attacks MPLS Router integrity checking Module 4: Pivoting and Relays Pivoting Netcat Backdoors with nc Netcat Basic Usage Persistent Listeners Shovel a shell

Shovel a file netcat port scanner Relays Simple Netcat Relay Two-Way Netcat Relay The Newbie Approach Named Pipes I/O Streams and Redirection Relay Scenario 1 Two-Way NC Relay with Named Pipe Relay Scenario 2 Relay Scenario 3 Module 5: IPv6 Attacks IPv4 IPv6 IPv4 & IPv6 Headers IPv6 Header Format End-to-End Principle Differences with End-to-End End point filters Merging IPSEC and Firewall functions Scanning ICMPv6 ICMPv6 Neighbor Discovery IPv6 Attack Tools DAD DoS Attack DAD DoS Attack Auto-Configuration Mechanisms Autoconfiguration SLAAC, DHCPv6 Auto-Configuration IPv4 & IPv6 ICMPv6 Types Neighbor Discovery ND spoofing http://www.thc.org/thc-ipv6 Dos-new-ipv6 (THC) Parasite6 (THC) Redir6 (THC) Fake_router6 IPv6 in Today s Network Extension Headers Routing Header Different Types of Routing Header RH0 (Deprecated by RFC 5095) Format Routing Header 0 Attack Layer 3-4 Spoofing Transition Mechanism Threats IPv6 Firewalls Making existing tools work Summary Module 6: VPN Attacks VPNs VPN Comparison IPSec Detecting IPSec VPNs AH versus ESP Tunnel mode versus Transport mode Main mode versus aggressive mode IKE Main Mode IKE Aggressive Mode IPv4 Header Authentication Header AH Transport Mode AH Tunnel Mode Authentication Algorithms AH and NAT ESP with Authentication ESP in Transport Mode ESP in Tunnel Mode IKE IKE-Scan IKE-SCAN Aggressive Mode Main Mode Aggressive Mode ID Aggressive Mode PSK Attacks Aggressive PSK Cracking Aggressive Mode ID Enumeration Main Mode PSK Attacks Main Mode PSK Cracking Main Mode Policy Enumeration IKECrack IKEProbe IKE-PROBE Other VPN Flaws Insecure Storage of Credentials on VPN Clients Username Enumeration Module 7: Defeating SSL Outline How SSL Works Certificate Types Certificate Chaining Chain of trust Verifying a Certificate Chain Certificate Chain That Cannot be Verified What if

Basic Constraints Then the story started SSLSNIFF Running SSLSNIFF Setting up IPTABLES Running Arpspoof SSLSTRIP How SSL connection is initiated: SSLSTRIP How does it look like? With SSLSTRIP Running SSLSTRIP Combining this technique with homograph attack Certificates Certificate Enrollment Request PKCS#10 Certificate (Subjects) CN Encoding PKCS #10 SUBJECT PKCS #10 Certificate Signing Request Disadvantages Universal Wildcard More Weird Stuff What do we have to worry about? Certificate Revocation Defeating OCSP OCSP-Aware SSLSNIFF Updates Update-Aware SSLSNIFF Snort What is Snort? Snort Architecture Packet Sniffing Preprocessors Detection Engine Alerting Components Three major modes Using Snort as Packet Sniffer Packet Sniffing Snort as Packet Logger Snort as NIDS Snort Rule Tree Decoding Ethernet Packet Preprocessor Layout Parts of a Rule Outputs Module 8: IDS/IPS Evasion Evasion Networking Standards Evasion Principles Evasion Layers Layer 2 Layer 3-4 Fragmentation Fragmentation Attacks Ping O' Death More Malicious Fragments Fragmentation-Based Techniques Sending Overlapping Fragments Different Reassembly Timeout Sending Fragment with Different TTLs Insertion Attacks Protocol Violation Layer 5-7 Layer 5-7 SMB Evasions SMB based vulnerabilities How can IDS control SMB sessions? DCERPC Evasions How DCERPC works: DCERPC Bind Evasions DCERPC Call Evasions DCERPC Transport Evasions Obfuscation Client Side Attack Evasions Unicode UTF-8 Overlong Strings Javascript Evasions Base64 your HTML Encryption DoS Attacks Failure Points Alert Management Hardware Limitations Session Tracking Pattern Matching Signature Matching Contact: Progreso Training Pte Ltd Tel: +65 6509 9600 Fax: +65 6509 9667 Email: enquiry@progreso.com.sg Website: www.progreso.com.sg/training

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information