Audience. Pre-Requisites



Similar documents
Vulnerability Assessment and Penetration Testing

Penetration Testing with Kali Linux

Learn Ethical Hacking, Become a Pentester

Professional Penetration Testing Techniques and Vulnerability Assessment ...

CYBERTRON NETWORK SOLUTIONS

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CRYPTUS DIPLOMA IN IT SECURITY


Certified Ethical Hacker Exam Version Comparison. Version Comparison

June 2014 WMLUG Meeting Kali Linux

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

CEH Version8 Course Outline

Certified Ethical Hacker (CEH)

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

McAfee Certified Assessment Specialist Network

Course Title: Course Description: Course Key Objective: Fee & Duration:

Penetration Testing Report Client: Business Solutions June 15 th 2015

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Information Security. Training

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

[CEH]: Ethical Hacking and Countermeasures

INFORMATION SECURITY TRAINING CATALOG (2016)

EC Council Certified Ethical Hacker V8

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

INFORMATION SECURITY TRAINING CATALOG (2015)

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

2016 TÜBİTAK BİLGEM Cyber Security Institute

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Certified Cyber Security Expert V Web Application Development

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Quick Start Guide to Ethical Hacking

RMAR Technologies Pvt. Ltd.

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Application Security Testing

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Client logo placeholder XXX REPORT. Page 1 of 37

(WAPT) Web Application Penetration Testing

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Build Your Own Security Lab

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

by Penetration Testing

Ethical Hacking Course Layout

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

InfoSec Academy Pen Testing & Hacking Track

SONDRA SCHNEIDER JOHN NUNES

Detailed Description about course module wise:

PowerShell for Penetration Testers

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Understanding Security Testing

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Security of IPv6 and DNSSEC for penetration testers

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Ethical Hacking v7 40 H.

FSP-201: Ethical Hacking & IT Security

Creation of Pentesting Labs

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

FORBIDDEN - Ethical Hacking Workshop Duration

Cyber Essentials. Test Specification

Web application testing

Course Content: Session 1. Ethics & Hacking

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

EC-Council Certified Security Analyst (ECSA)

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

Attack Frameworks and Tools

Penetration Testing Walkthrough

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

Kerem Kocaer 2010/04/14

Summer Training Program CCSE V3.0 Certified Cyber Security Expert Version 3.0

!!!!!!!!!!!!!!!!!!!!!!

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Vinny Hoxha Vinny Hoxha 12/08/2009

Ethical Hacking and Countermeasures 5.0 Course ECEH5.0 5 Days COURSE OVERVIEW AUDIENCE OBJECTIVES OUTLINE

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Ethical Hacking & Cyber Security Workshop

KEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop

Hackers are here. Where are you?

Evaluation of Penetration Testing Software. Research

Network Penetration Testing

Demystifying Penetration Testing

Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Transcription:

T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices in UK, USA, New Zealand and Pakistan. We are global provider of information security assessment, compliance, managed security and training services. Tranchulas helps protect enterprises and government organizations by providing customized information security services that meet their business needs. Addressing the Need The need to understand hacker and his methods are vital for better defending networks. This training course is designed for students who want to get acquainted with the world of hacking. In this industry standard training on penetration testing, students will learn step-by-step procedures for executing Internet, intranet, and host-level attacks. Tranchulas Hands-on Penetration Testing is the definitive training regimen for developing countermeasure strategies, such as performing attack and penetration assessments. The handson training provides real world security knowledge designed to show, through penetration testing techniques, how real attacks are planned and perpetrated. About the Trainer Zubair Khan is CEO at Tranchulas. He has been researching mainly on cyber warfare and on various other facets of information security for the past seven years. He has conducted large enterprise security assessments and given information security consultancy to top organizations of Pakistan. Zubair has conducted security trainings at various forums. He has previously presented at renowned security conferences including Hack.lu Luxembourg, Hack In The Box Malaysia and Infosek Slovenia. Chairman of Pakistan Engineering Development Board and Chairman of Pakistan Engineering Council recognize his research and work. Zubair holds a bachelor's degree in Business IT from Curtin University of Technology, Australia. He is CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) and also ISO27001 ISMS (Information Security Management System) Auditor. Audience Penetration Testers Information Security Managers Information System and Security Auditors IT Security specialists System and Network Administrators Anyone who may be interested in ethical hacking Pre-Requisites Basic knowledge of TCP/IP Participants must bring their own laptops Tranchulas Online Labs Tranchulas Online Labs are available 24x7 over VPN for practicing the techniques and tools demonstrated by our instructors during the training course. Online labs simulate corporate network with several subnets, each protected by firewall. All machines on the network can

be exploited and have different difficulty levels. Students are required to discover and exploit vulnerabilities in order to pass online labs and receive Tranchulas Certified Penetration Testing Professional (CPTP) Certification. CPTP Certification This course leads to Tranchulas Certified Penetration Testing Professional (CPTP) certification. CPTP is an exclusive certification awarded by Tranchulas UK Ltd, which will test your technical skills in a live network where you are expected to discover and exploit security vulnerabilities. Students are required to pass our online labs in order to receive CPTP. You can connect with Tranchulas Online labs for 90 days to practice your hacking kung-fu after the training course. During this time our technical team will provide you email/phone/skype support in order to ensure the skills acquired on the training course are being applied correctly. This will also assist you in resolving questions that have arisen in the workplace after applying newly acquired penetration testing skills. Course Outline Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits of penetration testing - Scoping and time estimation of penetration testing project - Defining rules of engagement - Pre and Post Engagement Checklist - Legal implications of penetration testing - Exercise: Attendees will find gaps in pre-engagement activities of a penetration testing project Module 2: Basic Usage of Linux and its services - Basics of Linux Bash Shell - Linux Services including DHCP, Apache, SSHD, VNC Server and TFTPD - Exercise: Attendees will start, stop and test services - Basic Bash Scripting - Exercise: Attendees will write a simple bash script Module 3: Information Gathering - Google Hacking - Netcraft - Whois Reconnaissance - DNS Reconnaissance - Forward/reverse lookup bruteforce - Email Harvesting - SNMP Reconnaissance

- Exercise: Attendees will identify and enumerate computers running SNMP service on Tranchulas Online Labs - SMTP reconnaissance - Netbios Information Gathering - Exercise: Attendees will identify and gather usernames of machines running SMB service on Tranchulas Online Labs - Maltego - Exercise: Attendees will gather information and build a organizational profile using discussed resources in this module Module 4: Port Scanning - Port Scanning Basics - Scanning Techniques - Nmap - Port Scanning, Network sweeping, OS fingerprinting, Service enumeration, Version scans - Exercise: Packet crafting with Hping3 - Nmap Scripting Engine - Exercise: Attendees will use Nmap Scripting Engine to find vulnerabilities - Firewall/IDS evasion techniques Fragmentation, Decoys, Timing, Using source ports - UnicornScan - Exercise: Attendees will identify live hosts, OS versions, open ports and services along with their version numbers of all machines on Tranchulas Online Labs Module 5: Sniffing & Man In The Middle Attacks - ARP Spoofing - DNS Spoofing - SSL Man In the Middle - Traffic Forgery - Exercise: Create custom Ettercap filter Module 6: Vulnerability Assessment - Configuring and Scanning with Open Vulnerability Assessment System (OpenVAS) - Assessing vulnerabilities using Nessus - Nexpose vulnerability scanner - Exercise: Comprehensive vulnerability scanner configuration Module 7: Buffer Overflow Exploitation - Fuzzing - Controlling EIP - Shellcoding - Shellcode encoding, Windows Command Execution Shellcode, Connectback Shellcode - Exercise: Create basic shellcode - Exercise: Exploiting Buffer Overflows Module 8: Exploitation - Connecting and listening on TCP/UDP port with Netcat - Exercise: Create Bind Shell, Reverse Shell and transfer files using Netcat - Compiling and Executing Linux and Windows exploits - Exercise: Attendees will attempt to exploit a target machine on Tranchulas Online Labs by fixing, compiling and executing given exploit code - Metasploit Framework Fundamentals - Using Metasploit Exploits - Types of Payloads - Metasploit Auxiliary Modules - Exercise: Attendees will use Metasploit to get remote shell of target servers on Tranchulas Online Labs

- Meterpreter Payload - Exercise: Advance usage of Meterpreter - Exercise: Writing Metasploit modules Module 9: Client Side Exploitation - Binary Payloads - Bypassing Antivirus - Exercise: Attendees will create a binary payload and prevent its detection by antivirus through various encoding techniques - VBScript Infection - Java Applet Infection - DLL Hijacking - PDF Exploits - Exercise: Compromise target machines by client side exploitation - Trojan and Rootkit Development - Exercise: Attendees will create a windows rootkit - Cisco Exploits - Armitage Exploitation - Browser Autopwn - Social Engineering Toolkit - Spear Phishing Attacks - Credential Harvesting Attack - Tabnabbing Attack - Web Jacking Attack - Infectious USB/DVD/CD attack - Fast Track - Exercise: Attendees will plan and execute attacks discussed in this module on Tranchulas Online labs Module 10: Post Exploitation - Privilege Escalation - Exercise: Attendees will attempt to gain SYSTEM level privileges on remote system. - Cleaning event logs - Persistent Backdoor - Enabling Remote Desktop - Exercise: Create backdoor by a script to enable remote desktop and create user account - Packet sniffing on compromised machines - Pivoting - Exercise: Attendees will route traffic from non-routable network Module 11: Password Attacks - Online Password Attack - Exercise: Attendees will write a username/password brute force script - Exercise: Attendees will crack various authentication based services in Tranchulas Online Labs through Hydra - Offline Password Attacks - Exercise: Attendees will exploit Windows server and Linux machines on Tranchulas Online Labs and dump local user password hashes. They will then crack those hashes using John the Ripper or Rainbow tables Module 12: Messing with Ports - Port Redirection - SSL Encapsulation - SSH Tunneling Module 13: Web Application Hacking - Introduction to Web Scripting

- Web Application Threats - Exercise: Web Vulnerability Assessment - Cross-Site Scripting - SQL Injections - Blind SQL Injections - Enumerating DBs - SQLPwnag - Exercise: Get a shell by exploiting Microsoft SQL based web application - Command Injection Flaws - Cookie and Session Poisoning/Hijacking - Parameter/Form Tampering - Directory Traversal/Forceful Browsing - Website Defacement through shell programming - Exercise: Attempt attacks discussed in this module on different web applications running on Tranchulas Online Labs Module 14: Wireless Hacking - WEP Cracking - WPA Cracking - Exercise: Attendees will crack WEP and WPA Wireless Networks - Exercise: Capture passwords and conduct browser based attacks against clients by faking access points Module 15: Writing a Penetration Testing Report Contact Tranchulas United Kingdom Tranchulas Ltd Suite 15091, 2nd Floor, 145-157 ST John Street London, England, EC1V 4PW Tel: +44 (20) 755-88924 United States Tranchulas LLC 1 Hallidie Plaza 2nd Floor San Francisco, CA 94102 Tel: +1 (415) 689-9588 New Zealand Tranchulas Ltd Suite 5111, 17B Farnham Street Parnell Auckland 1052 Tel: +64 (9) 889-0224 Pakistan Tranchulas Pvt Ltd 2nd Floor, Evacuee Trust Complex Sir Agha Khan Road, F-5/1 Islamabad, 44000 Tel: +92 (51) 287-1433 - Dradis Framework General Inquires: info [at] tranchulas [dot] com Training Services: training [at] tranchulas [dot] com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information