KEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop



Similar documents
SONDRA SCHNEIDER JOHN NUNES

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

CYBERTRON NETWORK SOLUTIONS

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Certified Ethical Hacker Exam Version Comparison. Version Comparison

CRYPTUS DIPLOMA IN IT SECURITY

STEPHEN FEW SHOW ME THE NUMBERS

CEH Version8 Course Outline

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

MAX DOLGICER THE INTERNET OF THINGS NAVIGATING THE FUTURE OF INFORMATION TECHNOLOGY

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Penetration Testing with Kali Linux

EC Council Certified Ethical Hacker V8

[CEH]: Ethical Hacking and Countermeasures

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Certified Ethical Hacker (CEH)

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Course Title: Penetration Testing: Security Analysis

Learn Ethical Hacking, Become a Pentester

Web App Security Audit Services

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Footprinting and Reconnaissance Tools

Hackers are here. Where are you?

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER THE NEW INTEGRATION MANIFESTO APPLICATIONS, DATA, CLOUD, MOBILE, AND THE INTERNET OF THINGS

EC-Council Certified Security Analyst (ECSA)

Vulnerability Assessment and Penetration Testing

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Network and Host-based Vulnerability Assessment

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Build Your Own Security Lab

Audience. Pre-Requisites


Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Understanding Security Testing

Hackers are here. Where are you?

Course Title: Course Description: Course Key Objective: Fee & Duration:

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

InfoSec Academy Pen Testing & Hacking Track

Kevin Cardwell. Toolkits: All-in-One Approach to Security

Penetration Testing Workshop

Hosts HARDENING WINDOWS NETWORKS TRAINING

CIS 4204 Ethical Hacking Fall, 2014

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Running a Default Vulnerability Scan

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Information Security. Training

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

INFORMATION SECURITY TRAINING CATALOG (2015)

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES

INFORMATION SECURITY TRAINING CATALOG (2016)

locuz.com Professional Services Security Audit Services

Penetration Testing. Presented by

TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON NEXT GENERATION DATA MANAGEMENT BUILDING AN ENTERPRISE DATA RESERVOIR AND DATA REFINERY

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Cyber Exercises, Small and Large

Tactical Exploitation the other way to pen-test. hdm / valsmith

TECHNOLOGY TRANSFER PRESENTS MITCHELL WEISBERG. Strategic Management of the IT Organization

The Trivial Cisco IP Phones Compromise

2016 TÜBİTAK BİLGEM Cyber Security Institute

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Running a Default Vulnerability Scan SAINTcorporation.com

Detailed Description about course module wise:

Codes of Connection for Devices Connected to Newcastle University ICT Network

Certified Cyber Security Expert V Web Application Development

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT

Application Security Testing

Demystifying Penetration Testing

Security Considerations White Paper for Cisco Smart Storage 1

Penetration Testing in Romania

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Penetration Testing Report Client: Business Solutions June 15 th 2015

Ethical Hacking Course Layout

An Introduction to Network Vulnerability Testing

EC-Council. Certified Ethical Hacker. Program Brochure

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Workshop Designed & Powered by TCIL IT, Chandigarh

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Analyze. Secure. Defend. Do you hold ECSA credential?

Network Attacks and Defenses

Client logo placeholder XXX REPORT. Page 1 of 37

Transcription:

TECHNOLOGY TRANSFER PRESENTS KEVIN CARDWELL Q/SA (Qualified Security Analyst) Penetration Tester & Optional Q/PTL (Qualified Penetration Licence) Workshop MAY 18-22, 2009 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it

Q/SA Penetration Tester & opzional Q/PTL ABOUT THIS SEMINAR The Q/SA Qualified/ Security Analyst Penetration Tester class is security analysis, Penetration Testing, Vulnerability Testing, with tactical security skills certification labs. Over 40 Penetration Testing, shredding Web apps, & privilege escalation labs. No where will you get a more intense hands-on class in Penetration Testing and security analysis! You earn a Security University Q/SA Certification and (Optional) Q/PTL Penetration Tester License that validates your skills. The Q/SA class has been considered the best Penetration Testing skills certification that validates you to be a Qualified Security Analyst Penetration Tester. Daily you learn how to test & how to report network vulnerabilities and exploit bad code. Daily live labs where you practice shredding applications & exploiting vulnerabilities. The only way to get a Q/PTL Qualified Penetration License is to EARN one, not buy one. The Optional Q/PTL is 3 hours after Q/SA class ends each day (Tuesday Thursday from 5.30 p.m until 8.30 p.m). You ll practice how to gain access to unauthorized information with current exploitation tools and processes. Not just learn the tactical business skills necessary to perform valid vuln security testing regardless of the target. The Q/PTL workshop validates your Penetration Testing and security analysis tactical skills you learned in the Q/SA class. To achieve your Q/PTL Qualified/ Penetration Tester License you must perform a Penetration Test with a fully detailed management report to earn your Q/PTL License from Security University (due 7 days after class). Compliance requirements aside, penetration testing is an absolutely critical aspect of any security program. Attackers test every company s defenses every day. An organization either knows what the bad guys are going to find, or it doesn t. If you don t, it s not a matter of if, it s a matter of when. Great pen-testers think like hackers. They use the same tools and techniques, only they tend to be much more comprehensive in their testing of attack scenarios. WHO SHOULD ATTEND System and Network Administrators Security Personnel Auditors Consultants concerned with network security Threat Management Team Software Programmers Forensic Experts Class Completion Q/SA Qualified/ Security Analyst Penetration Tester class will provide you with valuable skills and information, including: Latest exploit goals and methodologies Understanding the mind set needed to perform Penetration Testing Advanced information-gathering techniques Expert network discovery tools and techniques Identifying & exploiting network weaknesses with Core Impact and more tools Advanced enumeration of network devices, platforms and protocols Cracking contemporary authentication and authorization Advanced router, firewall and IDS testing\exploiting IPS Vulnerability research and automated scanning in the Enterprise Scanning for root kits, trojans, malware and viruses Tools for Web application testing - Watchfire and freeware tools Exploiting complex protocols, such as SSH, SSL, and IPSEC Using payload generators Advanced wireless testing tools and techniques Penetration Testing of Wetware Penetration Testing and the law You ll learn how to gather viable data on your network s vulnerabilities using leading edge tools like Nessus, NeWT and NeVO vulnerability detection tools, MetaSploit, SaintScanner and Exploit, SOLARWINDS, NMAP, App Detective for Web attacks and the latest in exploit tools, CORE IMPACT from Core Security.

Penetration concepts you will master during this hands on class Attacking network infrastructure devices Hacking by brute forcing remotely Security testing methodologies Security exploit testing with IMPACT from Core Security Stealthy network recon Remote root vulnerability exploitation Multi-OS banner grabbing Privilege escalation hacking Unauthorized data extraction Breaking IP-based ACLs via spoofing Evidence removal and anti-forensics Hacking Web Applications Breaking into databases with SQL Injection Cross Site Scripting hacking Remote access trojan hacking Offensive sniffing Justifying a Penetration Test to management and customers Defensive techniques Instructor-led hands-on lab exercises Capture the Flag hacking exercises Abusing DNS for host identification Leaking system information from Unix and Windows Stealthy Recon Unix, Windows and Cisco password cracking Remote buffer overflow exploit lab I - Stack mashing Remote heap overflow exploit lab - Beyond the Stack Desktop exploitation Remote keylogging Data mining authentication information from clear-text protocols Remote sniffing Malicious event log editing Transferring files through firewalls Hacking into Cisco routers Harvesting Web application data Data retrieval with SQL Injection Hacking

OUTLINE Phase I Gather the Data A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt. Phase II Penetrate the Network How hackers get past the security and into the data Non-intrusive target search Intrusive target search Data analysis Network Discovery Tools and Techniques: Hands-On Exercises Discovery/profiling objectives Locating Internet connections Host-locating techniques: manual and automated Operating system footprinting Evaluating Windows and Unixbased network discovery software tools Evaluating Windows and Unixbased application scanning software tools Review Step-by-step process of each scanning and profiling tool Directory services: DNS, DHCP, BOOTP, NIS Look-up services: finger, whois, search engines Remote sessions: telnet, r commands, X-Windows File sharing and messaging: FTP, TFTP, World Wide Web Windows Server Message Block (SMB), Network File Systems (NFS), and e-mail Sample exploits using common TCP/IP and NetBIOS utility software The Q/SA & Q/PTL materials address common pitfalls in Penetration Testing and ethical hacking projects, with real-world targets and to maximize the quality of test results. Daily capture the flag exercises increase your tactical skills. Learn timesaving tactics based on years of tactical security experiences from real penetration testers and ethical hackers defeating a problem in minutes We stress the mind-set of successful Penetration Testers and ethical hackers and balance skills with outside-the-box thinking, a Penetration methodology that stands the test of time and carefully weighing risks, and creating a quality final report for management You analyze how Penetration Testing and ethical hacking fits into a comprehensive information security & assurance program Phase III Analyze the Results Tips and techniques for effective, actionable penetration test analysis Identifying network services Pinpointing vulnerabilities Demonstrating risks and escalating permissions Reviewing reports and screens from prominent discovery/profiling tools Analyzing current configuration Real-World Scenarios Abusive e-mail Embezzlement Pornography Denial-of-service Web defacement Trojan Horse Phase IV Write the Report How to combine methodology, results, and analysis into a report that generates management attention and buy-in and provides clear, workable action items. In-Class Exercises for your Q/PTL Validation Qualification Building and maintaining a target list Conducting multiple non-intrusive and intrusive target searches Tools and techniques for testing for Web site vulnerabilities Probing and attacking network firewalls Performing multiple remote target assessment Performing multiple host assessment Writing up the final report The Q/PTL is the Most Prestigious Qualification for Security Analyst Penetration Testing Professionals We wrote the book on Penetration Testing. 9 years ago Security University started training security Professionals with the very best penetration step by step methodology class, 9 years later we still are and have the leading Pen Testing Certification in the industry. Over 40 + labs and Security University Q/SA class is only CNSS-approved Security Analyst Penetration Tester class. Now you can take the same Penetration Testing Methodology class that the US Air Force, Army, Navy and Marines trained to defend military networks. Your class is taught by SSME (Security Subject Matter Experts) who know the Art of Penetration Testing & Hacking. You ll gain serious tactical security skills that will set you apart from your peers.

INFORMATION PARTICIPATION FEE Q/SA Penetration Tester 2500 Q/PTL 1200 Both Classes 3500 The fee includes all seminar documentation, luncheon and coffee breaks. VENUE Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy) SEMINAR TIMETABLE 9.30 am - 1.00 pm 2.00 pm - 5.00 pm HOW TO REGISTER You must send the registration form with the receipt of the payment to: TECHNOLOGY TRANSFER S.r.l. Piazza Cavour, 3-00193 Rome (Italy) Fax +39-06-6871102 within May 4, 2009 PAYMENT Wire transfer to: Technology Transfer S.r.l. Banca Intesa Sanpaolo S.p.A. Agenzia 6787 di Roma Iban Code: IT 34 Y 03069 05039 048890270110 GENERAL CONDITIONS GROUP DISCOUNT If a company registers 5 participants to the same seminar, it will pay only for 4. Those who benefit of this discount are not entitled to other discounts for the same seminar. EARLY REGISTRATION The participants who will register 30 days before the seminar are entitled to a 5% discount. CANCELLATION POLICY A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event date will be liable for the full fee. CANCELLATION LIABILITY In the case of cancellation of an event for any reason, Technology Transfer s liability is limited to the return of the registration fee only. KEVIN CARDWELL Q/SA Rome May 18-22, 2009 Visconti Palace Hotel - Via Federico Cesi, 37 Registration fee: 2500 Q/PTL Rome May 19-21, 2009 Visconti Palace Hotel - Via Federico Cesi, 37 Registration fee: 1200 first name... surname... job title... organisation... address... Stamp and signature BOTH CLASSES 3500 postcode... city... country... If registered participants are unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable. telephone... fax... e-mail... Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, 3-00193 Rome (Italy) Tel. +39-06-6832227 - Fax +39-06-6871102 info@technologytransfer.it www.technologytransfer.it

SPEAKER Kevin Cardwell, spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and was selected to head the team that built a Network Operations Center (NOC) that provided services to the command ashore and ships at sea in the Norwegian Sea and Atlantic Ocean. Mr. Cardwell served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. He currently works as a free-lance consultant and provides consulting services for companies throughout the US, UK and Europe.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information