CERTIFIED PENETRATION TESTING SPECIALIST

This course is provided by Wintrac. Wintrac provides one stop shopping for all your IT training needs. Wintrac’s course catalog of over two thousand courses includes courses on Security Training

Overview

CPTS is built upon proven hands-on Penetration Testing methodologies as utilized by our international group of vulnerability consultants. Mile2 trainers keep abreast of their expertise by practicing what they teach because we believe that an equal emphasis on theoretical and real world experience is essential for effective knowledge transfer to you, the student. The CPTS presents information on the latest vulnerabilities and defenses. This class also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. We go far beyond simply teaching you to “Hack” -- the norm with the classes that have been available until now. Our course is developed based on principles and methods used by malicious hackers, but its focus is professional penetration testing and securing information assets. Upon completion, CPTS students will be able to confidently undertake the Thompson Prometric CPTS examination (recommended) or the Certified Ethical Hacker examination (312-50) Self Study. Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing security environment. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world. Please note that the Certified Penetration Testing Specialist course labs were designed to use additional VM images that can only be distributed to Authorized Mile2 Partners (AMP) and/or Instructors (AMI) due to licensing requirements. See document link on the Security product page.

Audience:

Individuals interested in pursuing the Thompson Prometric CPTS examination or the Certified Ethical Hacker examination Self Study.

Prerequisites

A minimum of 12 months experience in networking technologies, a sound knowledge of TCP/IP, computer hardware knowledge, knowledge of Microsoft packages, Network+, Security+, and a knowledge of Linux would be beneficial but is not essential.

Course duration

5 days

Course outline

Business and Technical Logistics of Pen Testing Definition of a Penetration Test

Benefits of a Penetration Test

ID Theft Statistics

Recent Hacking News

The Evolving Threat

Vulnerability Life Cycle

Exploit Time Line

Zombie Statistics

Zombie Definition

Botnet Definition

Types of Penetration Testing

Pen Testing Methodology

Hacker vs. Penetration Tester

Tools vs. Technique

Penetration Testing Methodologies

OSSTMM - Open Source Security Testing Methodologies

Website Review

SecurityNOW! SX

Information Gathering

What Information is Gathered by the Hacker
Methods of Obtaining Information
Physical Access
Social Access
Digital Access
Passive vs. Active Reconnaissance
Footprinting Defined
Footprinting Tool: Kartoo Website.
Footprinting Tools
Google and Query Operators
Johnny.Ihackstuff.com.
Aura
Wikto
Websites used for Information Gathering
Internet Archive: The WayBack Machine
Domain Name Registration
Whois
Websites used to Gather Whois Information
DNS Databases
Using NSlookup
Dig for Unix / Linux
Traceroute Operation
EDGAR for USA Company Info.
Company House For British Company Info
Intelius info and Background Check Tool
Web Server Info Tool: Netcraft
Countermeasure: Domainsbyproxy.com
Footprinting Countermeasures
Review White Papers/Templates

Linux Fundamentals

History of Linux
The GNU Operating System
Linux Introduction
Desktop Environment
Linux Shell
Linux Bash Shell
Recommended Linux Book
Password and Shadow File Formats
User Account Management
Changing a user account password
Configuring the Network Interface
Mounting Drives
Tarballs and Zips
Compiling Programs
Typical Linux Operating Systems
Gentoo = Simple Software Install Portal
VLOS and Emerge
Why Use Live Linux Boot CDs
Security Live Linux CDs
FrozenTech’s Complete Distro List
Most Popular: BackTrack
My Slax Creator
Slax Modules (Software Packages)

Detecting Live Systems Port Scanning Introduction

Port Scan Tips
What are the Expected Results
How Do We Organize the Results
Ping
NMAP Introduction
The TCP/IP Stack
Ports and Services
The TCP 3-way Handshake
TCP Flags
Vanilla Scan
NMAP TCP Connect Scan
Half-open Scan
Tool Practice : TCP half-open and Ping Scan
Fire-walled Ports
NMAP Service Version Detection
UDP Port Scanning
Advanced Scanning Technique
Popular Port Scanning Tools
Tool: Superscan
Tool: LookatLan
Tool: Hping2
Tool: Auto Scan
Packet Crafting and Advanced Scanning Methods
OS Fingerprinting
OS Fingerprinting: Xprobe2 – Auditor Distro
Xprobe Practice
Fuzzy Logic
Tool: P0f – Passive OS Finger Printing Utility
Tool Practice: Amap
Packet Crafting
Tool Fragrouter: Fragmenting Probe Packets
Countermeasures: Scanning
Scanning Tools Summary

Reconnaissance – Enumeration

Overview of Enumeration
Web Server Banner
Practice: Banner Grabbing with Telnet
Sam Spade Tool: Banner Grabbing
SuperScan 4 Tool: Banner Grabbing
SMTP Banner
DNS Enumeration Methods
Zone Transfers
Countermeasure: DNS Zone Transfser
SNMP Insecurity
SNMP Enumeration
SNMP Enumeration Countermeasures
Active Directory Enumeration
AD Enumeration countermeasures
Null Session
Syntax for a Null Session
Viewing Shares
Tool: DumpSec
Tool: USE42
Tool: Enumeration with Cain and Abel
NAT Dictionary Attack Tool
Injecting the Able Service
Null Session Countermeasures
Enumeration Tools Summary

Cryptography Cryptography Introduction

Encryption
Encryption Algorithm
Implementation
Symmetric Encryption
Symmetric Algorithms
Crack Times
Asymmetric Encryption
Key Exchange
Hashing
Hash Collisions
Common Hash Algorithms
Hybrid Encryption
Digital Signatures
SSL Hybrid Encryption
IPSEC
Transport Layer Security – SSH
PKI ~ Public Key Infrastructure Models
PKI-Enabled Applications
Quantum Cryptography
Hardware Encryption: DESlock
Attack Vectors

Vulnerability Assessments

Vulnerability Assessments Introduction
Testing Overview
Staying Abreast: Security Alerts
Vulnerability Scanners
Qualys Guard
Nessus Open Source
Nessus Interface
Scanning the Network
Nessus Report
Retina
Nessus for Windows
LANguard
Analyzing the Scan Results
Microsoft Baseline Analyzer
MBSA Scan Report
Dealing with the Assessment Results
Patch Management
Patching with LANguard Network Security Scanner

Malware - Software Goes Undercover

Defining Malware: Trojans and Backdoors
Defining Malware: Virus & Worms
Defining Malware: Spyware
Company Surveillance Software
Malware Distribution Methods
Malware Capabilities
Auto Start Methods
Countermeasure: Monitoring Autostart Methods.
Tool: Netcat
Netcat Switches
Executable Wrappers
Benign EXEs Historically Wrapped with Trojans
Tool: Restorator
Tool: Exe Icon
The Infectious CD-ROM Technique
Backdoor.Zombam.B
JPEG GDI+ All in One Remote Exploit
Advanced Trojans: Avoiding Detection
Malware Countermeasures
Gargoyle Investigator
Spy Sweeper Enterprise
www.Glocksoft.com
Port Monitoring Software
File Protection Software
Windows File Protection
Windows Software Restriction Policies
Hardware-based Malware Detectors
Countermeasure: User Education

Hacking Windows

Types of Password Attacks
Keystroke Loggers
Password Guessing
Password Cracking LM/NTLM Hashes
LanMan Password Encryption
NT Password Generation
SysKey Encryption
Password Salting
Password Extraction and Password Cracking
Precomputation Detail
Cain and Abel’s Cracking Methods
Free LM Rainbow Tables
NTPASSWD:Hash Insertion Attack
Password Sniffing
Windows Authentication Protocols
Hacking Tool: Kerbsniff & KerbCrack
Countermeasure: Monitoring Event Viewer Log
Hard Disk Security
Free HD Encryption Software
Tokens & Smart Cards.
Covering Tracks Overview
Disabling Auditing
Clearing the Event Log
Hiding Files with NTFS Alternate Data Streams
NTFS Streams Countermeasures
Stream Explorer
What is Steganography?
Steganography Tools
Shredding Files Left Behind
Leaving No Local Trace
SecurSURF
StealthSurfer II Privacy Stick
Tor: Anonymous Internet Access
Encrypted Tunnel Notes
Rootkits
Rootkit Countermeasures

Advanced Vulnerability & Exploitation Techniques

How Do Exploits Work?
Memory Organization
Buffer Overflows
Stages of Exploit Development
Prevention
The Metasploit Project
Defense in Depth
Core Impact

Attacking Wireless Networks

Wireless LAN Network Types
Deployed Standards
A vs. B vs. G
802.11n - MIMO
SSID - Service Set Identifier
MAC Filtering
WEP – Wired Equivalent Privacy
Weak IV Packets
XOR Basics
WEP Weaknesses
TKIP
How WPA improves on WEP
The WPA MIC Vulnerability
802.11i - WPA2
WPA and WPA2 Mode Types
WPA-PSK Encryption
Tool: NetStumbler
Tool: KNSGEM
Tool: Kismet
Analysis Tool: OmniPeek Personal
Tool: Aircrack
DOS: Deauth/disassociate attack
Tool: Aireplay
ARP Injection (Failure)
ARP Injection (Success)
EAP Types
EAP Advantages/Disadvantages
Typical Wired/Wireless Network
EAP/TLS Deployment

Networks, Firewalls, Sniffing and IDS

Packet Sniffers
WinPcap / Pcap
Tool: Wireshark (Ethereal)
Re-assembling TCP Session Packets
Tool: Packetyzer
tcpdump & windump
Tool: OmniPeek
Sniffer Detection
Passive Sniffing Methods
Active Sniffing Methods
Flooding the Switch Forwarding Table
ARP Cache Poisoning in Detail
ARP Normal Operation
ARP Cache Poisoning
Technique: ARP Cache Poisoning (Linux)
ARP Countermeasures
Tool: Cain and Abel
Ettercap
Dsniff Suite
MailSnarf, MsgSnarf, FileSnarf
What is DNS Spoofing?
DNS Spoofing Tools
Intercepting and Cracking SSL
Tool: Breaking SSL Traffic
Tool: Cain and Abel
VoIP Systems
Intercepting VoIP
Intercepting RDP
Cracking RDP Encryption
Routing Protocols Analysis
Countermeasures for Sniffing
Firewalls, IDS and IPS
Firewall ~ 1st Line of Defense
IDS ~ 2nd Line of Defense
IPS ~ Last Line of Defense
Evading The Firewall and IDS
Evasive Techniques
Firewall – Normal Operation
Evasive Technique –Example
Evading With Encrypted Tunnels
‘New Age’ Protection
SpySnare - Spyware Prevention System (SPS)
Intrusion ‘SecureHost’ Overview
Intrusion Prevention Overview
Secure Surfing or Hacking?

Injecting the Database

Overview of Database Servers
Types of Databases
Tables, Records, Attributes, Domains
Data Normalization, SQL , Object-Oriented Database Management
Relational Database Systems
Vulnerabilities and Common Attacks
SQL Injection
Why SQL “Injection
SQL Connection Properties
SQL Injection: Enumeration
Extended Stored Procedures
Shutting Down SQL Server
Direct Attacks
Attacking Database Servers
Obtaining Sensitive Information
Hacking Tool: SQL Ping2
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
Hacking Tool: Metasploit
Hardening Databases

Attacking Web Technologies

Common Security Threats
The Need for Monitoring
Seven Management Errors
Progression of The Professional Hacker
The Anatomy of a Web Application Attack
Web Attack Techniques
Components of a generic web application system
URL mappings to the web application system
Web Application Penetration Methodologies
Assessment Tool: Stealth HTTP Scanner
HTTrack Tool: Copying the website offline
Httprint Tool: Web Server Software ID
Wikto Web Assessment Tool
Tool: Paros Proxy
Tool: Burp Proxy
Attacks against IIS
IIS Directory Traversal
Unicode
IIS Logs
What is Cross Side Scripting (XSS?
XSS Countermeasures
Tool: Brutus
Dictionary Maker
Query String
Cookies
Top Ten Web Vulnerabilities
Putting all this to the Test

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved