* All fees are exclusive of vat ** PREMIUM - Customize your learning experience
Every organization needs skilled information security personnel who can find vulnerabilities and mitigate their effects, and this entire course is specially designed to get you ready for that role. The course starts with proper planning, scoping and recon, then dives deep into scanning, target exploitation, password attacks, and web app manipulation, with over 30 detailed hands-on labs throughout. The course is chock full of practical, real-world tips from some of the world’s best penetration testers to help you do your job safely, efficiently…and masterfully.
What Do Participants Learn?
• Offering in-depth technical excellence along with industry-leading methodologies to conduct high-value penetration tests. • Getting deep into the tools arsenal with numerous hands-on exercises that show subtle, less well-known and undocumented features that are useful for professional penetration testers and ethical hackers. • Discussing how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool. • Focusing on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for conducting projects. • Covering several timesaving tactics based on years of in-the-trenches experience of real penetration testers and ethical hacker – tasks that might take hours or days unless you know the little secrets we will cover that will let you surmount a problem in minutes. • The course stresses the mindset of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of thinking outside the box, methodically trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results and creating a high-quality final report that achieves management and technical buy-in. • Analyzing how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.
Who Should Attend?
• Security personnel whose job involves assessing networks and systems to find and remediate vulnerabilities • Penetration testers • Ethical hackers • Defenders who want to better understand offensive methodologies, tools, and techniques • Auditors who need to build deeper technical skills • Red team members • Blue team members • Forensics specialists who want to better understand offensive tactics
What Will the Learning Experience Include?
Comprehensive pre-program activities include:
Web-based information forms & surveys completed by attendee.
Direct consultation with the attendee about the expectations.
During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
Participants learn from expert trainers who have both academic and business experiences.
Highly applicable training content & instructive activities for adding depth to training topics.
**A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Explore & Practice
Apply & sustain the learning experience by using this ongoing support:
To ensure participant has new skills or behavior progress.
Optional, fee-based mentoring & coaching with the trainer.
Training materials & additional documents (e-books, pdf files, presentations and articles)
Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
Section One: Comprehensive Pen Test Planning, Scoping, and Recon
• The Mindset of the Professional Pen Tester • Building a World-Class Pen Test Infrastructure • Creating Effective Pen Test Scopes and Rules of Engagement • Detailed Recon Using the Latest Tools • Effective Pen Test Reporting to Maximize Impact • Mining Search Engine Results • Document Metadata Extraction and Analysis
Section Two: In-Depth Scanning
• Tips for Awesome Scanning • Tcpdump for the Pen Tester • Nmap In-Depth: The Nmap Scripting Engine • Version Scanning with Nmap • Vulnerability Scanning with Nessus • False-Positive Reduction • Packet Manipulation with Scapy • Enumerating Users • Netcat for the Pen Tester • Monitoring Services during a Scan
Section Three: Exploitation
• Comprehensive Metasploit Coverage with Exploits/Stagers/Stages • Strategies and Tactics for Anti-Virus Evasion • In-Depth Meterpreter Analysis, Hands-On • Implementing Port Forwarding Relays for Merciless Pivots • How to Leverage Shell Access to a Target Environment
Section Four: Post-Exploitation and Merciless Pivoting
• Windows Command Line Kung Fu for Penetration Testers • PowerShell’s Amazing Post-Exploitation Capabilities • Password Attack Tips • Account Lockout and Strategies for Avoiding It • Automated Password Guessing with THC-Hydra • Retrieving and Manipulating Hashes from Windows, Linux, and Other Systems • Pivoting through Target Environments • Extracting Hashes and Passwords from Memory with Mimikatz Kiwi
Section Five: In-Depth Password Attacks and Web App Pen Testing
• Password Cracking with John the Ripper • Sniffing and Cracking Windows Authentication Exchanges Using Cain • Using Rainbow Tables to Maximum Effectiveness • Pass-the-Hash Attacks with Metasploit and More • Finding and Exploiting Cross-Site Scripting • Cross-Site Request Forgery • SQL Injection • Leveraging SQL Injection to Perform Command Injection • Maximizing Effectiveness of Command Injection Testing
Section six: Penetration Test & Capture the Flag Workshop