This course is provided by Wintrac. Wintrac provides one stop shopping for all your IT
training needs. Wintrac’s course catalog of over two thousand courses includes courses on Security Training
Overview
CPTS is built upon proven hands-on Penetration Testing methodologies as utilized by our international group of vulnerability consultants. Mile2 trainers keep abreast of their expertise by practicing what they teach because we believe that an equal emphasis on theoretical and real world experience is essential for effective knowledge transfer to you, the student. The CPTS presents information on the latest vulnerabilities and defenses. This class also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. We go far beyond simply teaching you to “Hack” -- the norm with the classes that have been available until now. Our course is developed based on principles and methods used by malicious hackers, but its focus is professional penetration testing and securing information assets. Upon completion, CPTS students will be able to confidently undertake the Thompson Prometric CPTS examination (recommended) or the Certified Ethical Hacker examination (312-50) Self Study. Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing security environment. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world. Please note that the Certified Penetration Testing Specialist course labs were designed to use additional VM images that can only be distributed to Authorized Mile2 Partners (AMP) and/or Instructors (AMI) due to licensing requirements. See document link on the Security product page.
Audience:
Individuals interested in pursuing the Thompson Prometric CPTS examination or the Certified Ethical Hacker examination Self Study.
Prerequisites
A minimum of 12 months experience in networking technologies, a sound knowledge of TCP/IP, computer hardware knowledge, knowledge of Microsoft packages, Network+, Security+, and a knowledge of Linux would be beneficial but is not essential.
Course duration
5 days
Course outline
Business and Technical Logistics of Pen Testing
Definition of a Penetration Test
- Benefits of a Penetration Test
- ID Theft Statistics
- Recent Hacking News
- The Evolving Threat
- Vulnerability Life Cycle
- Exploit Time Line
- Zombie Statistics
- Zombie Definition
- Botnet Definition
- Types of Penetration Testing
- Pen Testing Methodology
- Hacker vs. Penetration Tester
- Tools vs. Technique
- Penetration Testing Methodologies
- OSSTMM - Open Source Security Testing Methodologies
- Website Review
- SecurityNOW! SX
Information Gathering
- What Information is Gathered by the Hacker
- Methods of Obtaining Information
- Physical Access
- Social Access
- Digital Access
- Passive vs. Active Reconnaissance
- Footprinting Defined
- Footprinting Tool: Kartoo Website.
- Footprinting Tools
- Google and Query Operators
- Johnny.Ihackstuff.com.
- Aura
- Wikto
- Websites used for Information Gathering
- Internet Archive: The WayBack Machine
- Domain Name Registration
- Whois
- Websites used to Gather Whois Information
- DNS Databases
- Using NSlookup
- Dig for Unix / Linux
- Traceroute Operation
- EDGAR for USA Company Info.
- Company House For British Company Info
- Intelius info and Background Check Tool
- Web Server Info Tool: Netcraft
- Countermeasure: Domainsbyproxy.com
- Footprinting Countermeasures
- Review White Papers/Templates
Linux Fundamentals
- History of Linux
- The GNU Operating System
- Linux Introduction
- Desktop Environment
- Linux Shell
- Linux Bash Shell
- Recommended Linux Book
- Password and Shadow File Formats
- User Account Management
- Changing a user account password
- Configuring the Network Interface
- Mounting Drives
- Tarballs and Zips
- Compiling Programs
- Typical Linux Operating Systems
- Gentoo = Simple Software Install Portal
- VLOS and Emerge
- Why Use Live Linux Boot CDs
- Security Live Linux CDs
- FrozenTech’s Complete Distro List
- Most Popular: BackTrack
- My Slax Creator
- Slax Modules (Software Packages)
Detecting Live Systems
Port Scanning Introduction
- Port Scan Tips
- What are the Expected Results
- How Do We Organize the Results
- Ping
- NMAP Introduction
- The TCP/IP Stack
- Ports and Services
- The TCP 3-way Handshake
- TCP Flags
- Vanilla Scan
- NMAP TCP Connect Scan
- Half-open Scan
- Tool Practice : TCP half-open and Ping Scan
- Fire-walled Ports
- NMAP Service Version Detection
- UDP Port Scanning
- Advanced Scanning Technique
- Popular Port Scanning Tools
- Tool: Superscan
- Tool: LookatLan
- Tool: Hping2
- Tool: Auto Scan
- Packet Crafting and Advanced Scanning Methods
- OS Fingerprinting
- OS Fingerprinting: Xprobe2 – Auditor Distro
- Xprobe Practice
- Fuzzy Logic
- Tool: P0f – Passive OS Finger Printing Utility
- Tool Practice: Amap
- Packet Crafting
- Tool Fragrouter: Fragmenting Probe Packets
- Countermeasures: Scanning
- Scanning Tools Summary
Reconnaissance – Enumeration
- Overview of Enumeration
- Web Server Banner
- Practice: Banner Grabbing with Telnet
- Sam Spade Tool: Banner Grabbing
- SuperScan 4 Tool: Banner Grabbing
- SMTP Banner
- DNS Enumeration Methods
- Zone Transfers
- Countermeasure: DNS Zone Transfser
- SNMP Insecurity
- SNMP Enumeration
- SNMP Enumeration Countermeasures
- Active Directory Enumeration
- AD Enumeration countermeasures
- Null Session
- Syntax for a Null Session
- Viewing Shares
- Tool: DumpSec
- Tool: USE42
- Tool: Enumeration with Cain and Abel
- NAT Dictionary Attack Tool
- Injecting the Able Service
- Null Session Countermeasures
- Enumeration Tools Summary
Cryptography
Cryptography Introduction
- Encryption
- Encryption Algorithm
- Implementation
- Symmetric Encryption
- Symmetric Algorithms
- Crack Times
- Asymmetric Encryption
- Key Exchange
- Hashing
- Hash Collisions
- Common Hash Algorithms
- Hybrid Encryption
- Digital Signatures
- SSL Hybrid Encryption
- IPSEC
- Transport Layer Security – SSH
- PKI ~ Public Key Infrastructure Models
- PKI-Enabled Applications
- Quantum Cryptography
- Hardware Encryption: DESlock
- Attack Vectors
Vulnerability Assessments
- Vulnerability Assessments Introduction
- Testing Overview
- Staying Abreast: Security Alerts
- Vulnerability Scanners
- Qualys Guard
- Nessus Open Source
- Nessus Interface
- Scanning the Network
- Nessus Report
- Retina
- Nessus for Windows
- LANguard
- Analyzing the Scan Results
- Microsoft Baseline Analyzer
- MBSA Scan Report
- Dealing with the Assessment Results
- Patch Management
- Patching with LANguard Network Security Scanner
Malware - Software Goes Undercover
- Defining Malware: Trojans and Backdoors
- Defining Malware: Virus & Worms
- Defining Malware: Spyware
- Company Surveillance Software
- Malware Distribution Methods
- Malware Capabilities
- Auto Start Methods
- Countermeasure: Monitoring Autostart Methods.
- Tool: Netcat
- Netcat Switches
- Executable Wrappers
- Benign EXEs Historically Wrapped with Trojans
- Tool: Restorator
- Tool: Exe Icon
- The Infectious CD-ROM Technique
- Backdoor.Zombam.B
- JPEG GDI+ All in One Remote Exploit
- Advanced Trojans: Avoiding Detection
- Malware Countermeasures
- Gargoyle Investigator
- Spy Sweeper Enterprise
- www.Glocksoft.com
- Port Monitoring Software
- File Protection Software
- Windows File Protection
- Windows Software Restriction Policies
- Hardware-based Malware Detectors
- Countermeasure: User Education
Hacking Windows
- Types of Password Attacks
- Keystroke Loggers
- Password Guessing
- Password Cracking LM/NTLM Hashes
- LanMan Password Encryption
- NT Password Generation
- SysKey Encryption
- Password Salting
- Password Extraction and Password Cracking
- Precomputation Detail
- Cain and Abel’s Cracking Methods
- Free LM Rainbow Tables
- NTPASSWD:Hash Insertion Attack
- Password Sniffing
- Windows Authentication Protocols
- Hacking Tool: Kerbsniff & KerbCrack
- Countermeasure: Monitoring Event Viewer Log
- Hard Disk Security
- Free HD Encryption Software
- Tokens & Smart Cards.
- Covering Tracks Overview
- Disabling Auditing
- Clearing the Event Log
- Hiding Files with NTFS Alternate Data Streams
- NTFS Streams Countermeasures
- Stream Explorer
- What is Steganography?
- Steganography Tools
- Shredding Files Left Behind
- Leaving No Local Trace
- SecurSURF
- StealthSurfer II Privacy Stick
- Tor: Anonymous Internet Access
- Encrypted Tunnel Notes
- Rootkits
- Rootkit Countermeasures
Advanced Vulnerability & Exploitation Techniques
- How Do Exploits Work?
- Memory Organization
- Buffer Overflows
- Stages of Exploit Development
- Prevention
- The Metasploit Project
- Defense in Depth
- Core Impact
Attacking Wireless Networks
- Wireless LAN Network Types
- Deployed Standards
- A vs. B vs. G
- 802.11n - MIMO
- SSID - Service Set Identifier
- MAC Filtering
- WEP – Wired Equivalent Privacy
- Weak IV Packets
- XOR Basics
- WEP Weaknesses
- TKIP
- How WPA improves on WEP
- The WPA MIC Vulnerability
- 802.11i - WPA2
- WPA and WPA2 Mode Types
- WPA-PSK Encryption
- Tool: NetStumbler
- Tool: KNSGEM
- Tool: Kismet
- Analysis Tool: OmniPeek Personal
- Tool: Aircrack
- DOS: Deauth/disassociate attack
- Tool: Aireplay
- ARP Injection (Failure)
- ARP Injection (Success)
- EAP Types
- EAP Advantages/Disadvantages
- Typical Wired/Wireless Network
- EAP/TLS Deployment
Networks, Firewalls, Sniffing and IDS
- Packet Sniffers
- WinPcap / Pcap
- Tool: Wireshark (Ethereal)
- Re-assembling TCP Session Packets
- Tool: Packetyzer
- tcpdump & windump
- Tool: OmniPeek
- Sniffer Detection
- Passive Sniffing Methods
- Active Sniffing Methods
- Flooding the Switch Forwarding Table
- ARP Cache Poisoning in Detail
- ARP Normal Operation
- ARP Cache Poisoning
- Technique: ARP Cache Poisoning (Linux)
- ARP Countermeasures
- Tool: Cain and Abel
- Ettercap
- Dsniff Suite
- MailSnarf, MsgSnarf, FileSnarf
- What is DNS Spoofing?
- DNS Spoofing Tools
- Intercepting and Cracking SSL
- Tool: Breaking SSL Traffic
- Tool: Cain and Abel
- VoIP Systems
- Intercepting VoIP
- Intercepting RDP
- Cracking RDP Encryption
- Routing Protocols Analysis
- Countermeasures for Sniffing
- Firewalls, IDS and IPS
- Firewall ~ 1st Line of Defense
- IDS ~ 2nd Line of Defense
- IPS ~ Last Line of Defense
- Evading The Firewall and IDS
- Evasive Techniques
- Firewall – Normal Operation
- Evasive Technique –Example
- Evading With Encrypted Tunnels
- ‘New Age’ Protection
- SpySnare - Spyware Prevention System (SPS)
- Intrusion ‘SecureHost’ Overview
- Intrusion Prevention Overview
- Secure Surfing or Hacking?
Injecting the Database
- Overview of Database Servers
- Types of Databases
- Tables, Records, Attributes, Domains
- Data Normalization, SQL , Object-Oriented Database Management
- Relational Database Systems
- Vulnerabilities and Common Attacks
- SQL Injection
- Why SQL “Injection
- SQL Connection Properties
- SQL Injection: Enumeration
- Extended Stored Procedures
- Shutting Down SQL Server
- Direct Attacks
- Attacking Database Servers
- Obtaining Sensitive Information
- Hacking Tool: SQL Ping2
- Hacking Tool: osql.exe
- Hacking Tool: Query Analyzers
- Hacking Tool: SQLExec
- Hacking Tool: Metasploit
- Hardening Databases
Attacking Web Technologies
- Common Security Threats
- The Need for Monitoring
- Seven Management Errors
- Progression of The Professional Hacker
- The Anatomy of a Web Application Attack
- Web Attack Techniques
- Components of a generic web application system
- URL mappings to the web application system
- Web Application Penetration Methodologies
- Assessment Tool: Stealth HTTP Scanner
- HTTrack Tool: Copying the website offline
- Httprint Tool: Web Server Software ID
- Wikto Web Assessment Tool
- Tool: Paros Proxy
- Tool: Burp Proxy
- Attacks against IIS
- IIS Directory Traversal
- Unicode
- IIS Logs
- What is Cross Side Scripting (XSS?
- XSS Countermeasures
- Tool: Brutus
- Dictionary Maker
- Query String
- Cookies
- Top Ten Web Vulnerabilities
- Putting all this to the Test
|