Professional Penetration Testing Techniques and Vulnerability Assessment ...



Similar documents
CEH Version8 Course Outline

CRYPTUS DIPLOMA IN IT SECURITY

CYBERTRON NETWORK SOLUTIONS

[CEH]: Ethical Hacking and Countermeasures

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Certified Ethical Hacker Exam Version Comparison. Version Comparison

EC Council Certified Ethical Hacker V8

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Certified Ethical Hacker (CEH)

Vulnerability Assessment and Penetration Testing

If you know the enemy and know yourself, you need not fear the result of a hundred battles.


Application Security Testing

Detailed Description about course module wise:

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Build Your Own Security Lab

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Ethical Hacking v7 40 H.

Audience. Pre-Requisites

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

SONDRA SCHNEIDER JOHN NUNES

McAfee Certified Assessment Specialist Network

FSP-201: Ethical Hacking & IT Security

Healthcare Information Security Governance and Public Safety II

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Course Title: Course Description: Course Key Objective: Fee & Duration:

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Certified Cyber Security Expert V Web Application Development

Ethical Hacking Course Layout

Penetration Testing //Vulnerability Assessment //Remedy

EC-Council. Certified Ethical Hacker. Program Brochure

Web App Security Audit Services

Penetration Testing with Kali Linux

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

INFORMATION SECURITY TRAINING

CH EHC EC-Council Ethical Hacking and Countermeasures [v.9]

Course Outline: Certified Ethical Hacker v8. Learning Method: Instructor-led Classroom Learning

Certified Penetration Testing Specialist

Information Security. Training

LINUX / INFORMATION SECURITY

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

FORBIDDEN - Ethical Hacking Workshop Duration

EC Council Security Analyst (ECSA)

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Learn Ethical Hacking, Become a Pentester

Kerem Kocaer 2010/04/14

Web application testing

How to hack VMware vcenter server in 60 seconds

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

Network Attacks and Defenses

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Ethical Hacking and Countermeasures 5.0 Course ECEH5.0 5 Days COURSE OVERVIEW AUDIENCE OBJECTIVES OUTLINE

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Information Security Services

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Passing PCI Compliance How to Address the Application Security Mandates

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Implementing Cisco IOS Network Security

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Networking: EC Council Network Security Administrator NSA

Assessing Network Security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Certified Penetration Testing Specialist

Enumerating and Breaking VoIP

Description: Objective: Attending students will learn:

Certified Penetration Testing Engineer

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Rational AppScan & Ounce Products

Penetration Testing Report Client: Business Solutions June 15 th 2015

Certified Cyber Security Analyst VS-1160

ETHICAL HACKING. By REAL TIME FACULTY

InfoSec Academy Pen Testing & Hacking Track

CIS 4204 Ethical Hacking Fall, 2014

SAST, DAST and Vulnerability Assessments, = 4

Loophole+ with Ethical Hacking and Penetration Testing

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Linux Network Security

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Course Title: Penetration Testing: Security Analysis

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Directory and File Transfer Services. Chapter 7

Vinny Hoxha Vinny Hoxha 12/08/2009

Hosts HARDENING WINDOWS NETWORKS TRAINING

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Transcription:

Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment and Penetration Testing Techniques" brings you a hands-on course focusing on hacking techniques and how to counterattack them. The course revolves around series of exercises based on "hacking" into a network (penetration testing the network) and then defending against the hacks. This hands-on course focusing on hacking techniques, exploit techniques, vulnerability assessment and penetrating testing techniques. Participants will gain hacking techniques to perform penetration testing for the organization and with the same basis participants can use for countermeasures. Course Objectives To understand how to examine vulnerabilities of your network and systems. To understand how to develop participants' skills and knowledge in performing vulnerability assessment (VA) and penetration testing (Pen-Testing). To provide a structured methodology for detailing the practices and techniques an advanced penetration testing professional uses in assessing the security of networks. To understand how to develop advanced participants' skills all aspects of a network security assessment. Learning Level Intermediate Course Duration 5 Days Course Prerequisite Basic knowledge Network architecture. Page 1

Basic knowledge Operating System. Target Group IT Auditors IT Security Officer Anyone interested in learning vulnerability assessment and penetration testing Course Outline Module 1: Information Security Testing Overview Information Security Testing Policy Information Security Testing Methodologies The Open Source Security Testing Methodology (OSSTMM) The Information Systems Security Assessment Framework (ISSAF) The NIST Guideline on Network Security Testing (SP 800-115) Information Security Testing Techniques Passive and Active DEMO: Passive and Active Gathering/Scanning White-Box and Black-Box Approach Blue Team and Red Team Phases in Information Security Testing Legal Perspective Module 2: Foot printing and Information Gathering How information about a target may be gathered discreetly Acquiring target information (Passive Reconnaissance) NICs DNS Anonymous Zone Transfer Web Archives/Statistics Social Networking Web Sites Scanning and enumerating resources (Active Reconnaissance) Network Mapping Page 2

LAB: Network Scanners Operating System and Services banner grabbing Operating System and Services Fingerprinting LAB: Service and OS Scanners NetBIOS Name Service Enumeration LAB: NetBIOS Enumeration LAB: RPC Enumeration Microsoft SMB Enumerating Users, Group, SID (Security Principals) Automated SMB Enumeration Tools LAB: SMB Enumeration (via Null Session) SNMP Protocol LAB: SNMP Enumeration LAB: Automated Windows Enumeration Tools Module 3: Vulnerability Assessments (VA) Concept Definition of Risk, Vulnerability and Threat Risk Assessment Vulnerability Assessment Methodology Common Vulnerabilities and Exposure (CVE) list NIST SCAP Project Vulnerability Assessment tools LAB: Vulnerability Scanner Module 4: System Hacking Introduction to Malware Page 3

What is Trojan LAB: Setup and Deploy Trojan Introduction to APT What is Password Cracking Type of Password Cracking Windows Password LM,NTLM Hashing SAM File How to steal windows password Password Cracking Tools LAB: Password Cracking in Linux LAB: Password Cracking in Windows LAB: Password Cracking for other hashing algorithm Linux Basics Linux File Structure Linux Vulnerabilities Linux Services Level Hacking Linux Exploitation LAB: Exploit Linux Operating System LAB: Password Cracking in Linux Memory Organization Buffer and Heap Overflows Attacking with Metasploit Framework Pilfering target information Metasploit Framework LAB: Metasploit Framework Page 4

Module 5: Sniffing Definition of Sniffing Protocols Vulnerable to Sniffing Types of Sniffing LAB: Packet Sniffing using Wireshark ARP - What is Address Resolution Protocol? ARP Spoofing Attack ARP Poisoning LAB: ARP Poisoning Mac Duplicating Attack DNS Poisoning Techniques LAB: DNS Poisoning Module 6: Firewall & IDS Evasion How attacks may traverse a firewall IDS Evasion Techniques The role of intrusion detection & how it may be evaded using advanced techniques LAB: Evasion Tools Module 7: Wireless LAN Hacking WEP, WPA, and WPA2 Steps for Hacking Wireless Networks LAB: Cracking WEP LAB: Cracking WPA Temporal Key Integrity Protocol (TKIP) LEAP: The Lightweight Extensible Authentication Protocol LAB: MAC Spoofing Scanning Tools LAB: Active and Passive Scanners Module 8: Denial of Services What is Denial of Services Page 5

Type of Denial of Services Denial of Services Techniques (DoS) Distributed Denial of Services Techniques (DDoS) What is Botnet Denial of Services Tools LAB: Denial of Services Techniques Module 9: Web Application Hacking How are Web Servers Compromised? Web Application Hacking Web Application Threats OWASP Top 10 LAB: Cross-Site Scripting/XSS Flaws LAB: SQL injection LAB: Command Injection Flaws LAB: Parameter/Form Tampering LAB: Directory Traversal/Forceful Browsing LAB: Cryptographic Interception LAB: Session Hijacking Google Hack Database (GHDB) LAB: Improper Error Handing LAB: Broken Access Control Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information