Upon Completion:

Certified Penetration Testing Specialist graduates would have obtained real world security knowledge that will help them recognize vulnerabilities, expose system weaknesses and help safeguard against threats. Graduates would have learnt the art of Ethical Hacking, but with a professional edge (Penetration Testing).

Course Benefits

Upon completion, CPTS students will be able to confidently undertake the Thompson Prometric CPTS examination or the Certified Ethical Hacker examination (312-50) Self Study. Students will enjoy a more in-depth course that is continuously updated to maintain and incorporate the ever changing security environment. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world.

Certified Professional Exams:

• CPTS - Certified Pen Testing Specialist (Thomson Prometric - Globally)

• CEH – Certified Ethical Hacker 312-50 (Prometric Prime – Limited Availability)

Prerequisites:

• A minimum of 12 months experience in networking technologies

• Solid knowledge of TCP/IP

• Computer hardware Knowledge

• Knowledge of Microsoft packages

• Network+, Microsoft Security+ certifications or equivalent knowledge

• Knowledge of Linux would be beneficial but not a necessity Do I really need Linux?

  • We also deliver Linux+ Training Outline

• VMware Workstation 5 is used extensively in class. It would be helpful to and familiarize

Follow-on Classes:

• CPTE (Certified Pen Testing Expert) - 5 Days

• CFED - Computer Forensics & Electronic Discovery - 3 Days

• ACFT - Advanced Computer Forensics Techniques - 3 Days

• CFED/ACFT Bootcamp - 5 Days

• OSIDS - Open Source Intrusion Detection Systems (Snort 2.0) - 5 Days

• CWNA - Wireless Network Administration - 3 Days

• DR&BCP - Disaster Recovery and Business Continuity Planning - 3 Days

Objective of Lab Scenarios:

This is an intensive hands-on class, rather than spending valuable time installing 300+ tools, our focus will be on the Pen Testing model, as such the latest Pen Testing Tools and methods will be taught. Labs change weekly as new methods are developed. We will be using many different tools from GUI to command line. As we work through structured attacks we will cover tools for both Windows and Linux systems.

Module 1: Introduction to Pen Testing

• Definition of a Penetration Test

• Hacking: The Threat

• Hacker vs. Penetration Tester

• Defining the Security Perimeter

• Additional Security Concerns

• The Players in Network Security

• Methodology of Network Hardening

• Types of Penetration Testing

• Pen Test Methodology

• Tools vs. Technique

• Penetration Tester’s Code of Ethics

• Before the Penetration Test

• Risks of a Penetration Test

• First Rule of Engagement

• Lab Scenario

Module 2: Information Gathering

• What Information is Gathered by the Hacker

• Methods of Obtaining Information

• Passive vs. Active Reconnaissance

• Footprinting Defined

• Footprinting Tools

• Google and Query Operators

• Johnny.Ihackstuff.com

• Site Digger

• Domain Name Registration

• Whois, ARIN

• Web Site tools and references.

• DNS Databases

• Using NSlookup and Dig

• Traceroute Operation

• Tools and usages

• Firewalking

• Footprinting Countermeasures.

• Lab Scenario

Module 3: Detecting Live Systems

• Port Scanning Intro

• Ping

• The TCP/IP Stack

• Ports and Services

• The TCP 3 way handshake

• TCP Flags Vanilla Scan

• Half Open Scan

• Fire-walled Ports

• UDP Port scanning

• Inverse TCP Scan

• Port Scanning Tools

• Packet Crafting and Advanced Scanning Methods

• OS Fingerprinting

• Fragmentation Probing

• Countermeasures

• Lab Scenario

Module 4: Getting Rich from Enumeration

• Overview of enumeration

• Web server Banner

• SMTP Banner

• DNS Enumeration methods

• Zone transfers

• Enumeration Tools

• SNMP Enumeration and Countermeasures

• Active Directory Enumeration and Countermeasures

• Null Session and Countermeasures

• Lab Scenario

Module 5: Cryptography Decrypted

• Cryptography Decrypted

• Hard Disk Security

• Privilege Escalation

• Monitoring Event Viewer Logs

• Cryptography Decrypted

• Encryption Algorithms and Keys

• Assessing Encryption Strength

• Symmetric Encryption Practicality

• Algorithms for Symmetric Keys

• Strengths and Weaknesses of Symmetric Encryption

• HASH functions detailed

• Public Key Encryption Detailed

• Digital Signatures

• IPSEC | SHA | SSL | SSH | PGP

• Quantum cryptography

• PKI – Public Key Infrastructure models.

• RSA Challenge

• Rainbow Crack

• Lab Scenario

Module 6: Vulnerability Assessments

• Vulnerability Assessments Introduction

• Technical Cyber Security Alerts

• Open Source Vulnerability Assessments Tools

• Commercial Vulnerability Scanners

• Patch Management

• Lab Scenario

Module 7: Hacking Windows

• Windows Network Security

• Windows Secure Communication

• Types of Password Attacks

• Keystroke Loggers

• Automated password guessing

• Windows NT and LAN Manager Passwords

• Windows LanManPassword

• Password extraction and password cracking

• Various Tools:

• Password Sniffing

• Windows Authentication Protocols

• GPO LAN Manager Authentication Level

• SAM database insecurities

• NTPASSWD Utility

• Strong Password Recommendations for Users

• Recommended Password Policies

• Additional Password Cracking Countermeasures

• Covering Tracks Overview:

• Disabling Auditing

• Clearing the Event log

• Hiding Files with NTFS Alternate Data Streams

• NTFS Streams countermeasures

• What is Steganography?

• Stenography Tools

• Shredding Files Left Behind

• RootKit’s

• Windows Rootkit Countermeasures

• RootKitShark Detector

• Lab Scenario

Module 8: Advanced Vulnerability and Exploit Techniques

• How Do Exploit’s Work?

• Memory Organization

• Buffer Overflows

• Heap Overflows

• Stages Of Exploit Development

• PREVENTION

• TCP/IP OSI Exploits

• The Metasploit Project

• Lab Scenario

Module 9: Malware – Software Goes Undercover

• Defining Malware: Trojans and backdoors

• Defining Malware: Virus & Worms

• Defining Malware: Spyware

• How Trojans and backdoors operate

• Malware Distribution Methods

• Hacker Uses of Malware

• Malware Privilege Level

• Auto start Methods

• Monitoring Auto start Methods

• Netcat

• Netcat Switches

• Netcat Class Practice

• Remote Access Trojan Components

• Executable Wrappers

• Benign EXEs Historically Wrapped With Trojans

• The Infectious CD-ROM Technique

• Backdoor.Zombam.B

• JPEG GDI+ All in One Remote Exploit

• Advanced Trojans: Process Injection

• Advanced Trojans: Beast

• Advanced Trojans: Avoiding Detection

• Overview of Malware Anti-Virus/Personal IDS & Firewall Software Countermeasures

• Anti-Spyware Software

• Anti-Trojan Scanners

• www.Glocksoft.com

• Port Monitoring Software

• Process Monitoring Software

• File Protection Software

• Windows Software Restriction Policies

• Hardware-based Malware Detectors

• Countermeasure: User Education

• Malware Countermeasures

• Lab Scenario

Module 10: Packet Sniffing – Session Hijacking

Part 1: Packet Sniffers

• Example Packet Sniffers

• Network Monitoring

• Re-assembling TCP Session Packets

• WinPcap

• Genre of Packing Capturing Tools

• Sniffer Detection

• Active / Passive Sniffing

• Active Sniffing Methods

• Flooding the Switch Forwarding Table

• ARP Cache Poisoning and Countermeasures

• Using ARP Poisoning Tools

• Dsniff Tools

• What is DNS spoofing?

• DNS Spoofing Tools

• Sniffing and intercepting SSL

• Fake Certificate Injection

• MAC Address Changing Utilities

• More Routing Manipulation Methods To Help Sniff

• Countermeasures for Sniffing

Part 2: Session Hijacking

• Session Hijacking Scenarios

• Initial Sequence Number (ISN)

• TCP Sessions

• Session Hijacking Steps

• Desynchronizing the Session

• Injecting the Spoofed Packet

• Sequence Number Prediction and tools

• Tools to Assist Session Hijacking

• Countermeasures for Session Hijacking

• Lab Scenario

Module 11: Attacking Networks – Routers, Firewalls and IDS

• Introduction to Firewall’s & IPS Systems

• Overview of Firewall’s

• IDS line of defence

• IDS Architecture

• Overview of IDS Architecture

• CIDF model of a network IDS Design

• Evasive Techniques

• Paketto Keiretsu

• Observed Results

• Packet Integrity

• Lab Scenario

Module 12 – Attacking Linux

• Linux Introduction

• Linux Concepts

• Linux-File System Details

• Linux-The Kernel

• Linux Shell

• Linux Configuration Files Linux-File Permissions and Access

• Linux Vulnerabilities

• Gaining Access-Physical Access

• Linux-Kernel root kits

• Rootkit Countermeasures

• Compiling Programs in Linux

• IPTables

• Encryption

• Log and Traffic Monitors

• Lab Scenario

Module 13 – Attacking Databases

• Overview of Database Server

• Types of databases

• Tables, Tuples(records), Attributes, Domain.

• Data Normalization, SQL (Structured Query Language), Object-Oriented Database Management

• Vulnerabilities and Common Attacks

• SQL Injection

• SQL Connection Properties

• Extended Stored Procedures

• Login Guessing & Insertion

• Shutting Down SQL Server

• Vulnerabilities and Common Attacks

• Hardening Databases

• Tools used to assess SQL servers

• Lab Scenario

Module 14: Pen Testing and the ROI

• Why a Pen Test

• General Points

• Definitions

• Security Insurance

• Regulatory Requirements

• Risk Management

• Risk Types

• What Are Security Policies?

• Establishing Security Policies and Procedures

• Educating Users About Security Policies

• Applying Security Policies to Operational Management

• Resolving Ethical Dilemmas When Securing Assets

• Lab Scenario

Module 15: Vulnerability Assessment’s and the Business Logistics

• Rules of Engagement

• Obtaining and Using Personal Information

• Copying, Storing, Retention and Destruction of Information

• Disclosure of Information

• Unauthorized Interference with Information Systems

• Damage and Modification of Information or Information Systems

• Unauthorized Use of Information or Information Systems

• Notification of Intention and Actions

• Notification of Responsibilities

• Authorization

• Suspension of the Security Test

• Contract Formation, Terms and Conditions

• Liability

• Contents

• Lab Scenario

Module 16: Attacking Web Technologies

Section 1: Attacking Web Technologies

• Enterprise Web Server Technologies

• Web Server Market Share

• Common Security Threats

• Web Assessment Tools

• Apache Web Servers

• Attacks against IIS

• IIS Architecture

• ISAPI DLL Buffer Overflows

• Web Hacking Tools and Methods

• Protection against Buffer Overflows

• Source disclosures

• Directory Traversal

• Unicode

• IIS Logs

• IIS Countermeasures

Section 2: Web Application Vulnerabilities

• Common Web Application Vulnerabilities

• Web Application Penetration Methodologies

• Web Application hacking tools

• Input Manipulation

• What is Cross Side Scripting (XSS)?

• XSS Countermeasures

Section 3: Web Based Password Cracking Techniques

• Authentication

• NTLM Authentication

• Certificate Based Authentication

• Microsoft Passport Authentication

• Forms-Based Authentication

• Password Cracking tools and methods

• Password Lists

• Query String

• Cookies

• Top Ten Web Vulnerabilities

• Putting All This To The Test

• Lab Scenario

Module 17: Attacking Wireless Networks

• Wireless LAN network types

• Deployed Standards A vs B vs G

• WEP

• WPA vs WEP

• New Standards

• WPA2

• MIMO

• MAC Spoofing

• EAP Types

• Wi-Fi Networks Security Mechanisms in Wireless LAN

• Vulnerabilities

• Attacks

• Attack Tools

• Defence strategies

• Lab Scenario

Lab Information:

1. Most lessons have hands on labs.

2. Labs will change continuously adapting to changes in the security industry.

3. Mile2 consultants working in the security field will be dynamically implementing new scenarios that are over and above the base labs used in student workbooks.

4. Please note that this is not a class that will explain the very intricacies of each and every tool. The software is mostly open source and underground software which leaves us with no guarantee of compatibility.

5. Mile2 consultants constantly test most of the tools used in this class, however we may use a tool that is not tested in the environment we have at our partner’s site.

6. We will be using a large array of Operating Systems that are set-up to be used in different ways, perhaps to attack or to use as a hacker box.

Important Intellectual Property Acknowledgments:
© Copyright – 2005, Mile2 UK, Ltd. – CPTS, CPTE & Mile2 are trademarks of Mile2 mki, Inc. All Rights Reserved.
Certified Pen Tester, Certified Penetration Tester, Certified Pen Testing Specialist, Certified Pen Testing Expert, Mile2, CPT and CPTE are trademarks of Mile2 mki, Inc. All rights reserved

Some links on this site redirect you to the vendor site for informational purposes.
We do not currently support On-Line course enrollment, please call 702-320-8885.

For our current class offerings click one of the links here:
Certification Training Schedule       Application Training Schedule
Note: You must have Acrobat Reader to view the schedules. 
Click here to download ( file size: 9 mb)