Certified Penetration Testing Consultant
Curso
En Miguel Hidalgo
*Precio estimado
Importe original en USD:
$ 3,500
¿Necesitas un coach de formación?
Te ayudará a comparar y elegir el mejor curso para ti y a financiarlo en cómodas cuotas mensuales.
Descripción
-
Tipología
Taller
-
Nivel
Nivel intermedio
-
Lugar
Miguel hidalgo
-
Horas lectivas
32h
-
Duración
4 Días
-
Inicio
Fechas disponibles
The vendor neutral Certified Penetration Testing Consultant course is designed for IT Security Professionals and IT
Network Administrators who are interested in conducting Penetration tests against large network infrastructures
similar to large corporate networks, Services Providers and Telecommunication Companies. Instead of focusing on
operating system level penetration testing, this course covers techniques on how to attack and prevent underlying
network infrastructure and protocols. The training starts from basic packet capturing and analyzing by using both
commercial and open source tools. From there, the student continues with Layer2 attack vectors, Layer3 based
attacks; including both IPv4 and IPv6 stacks, routing protocol attacks (OSPF, BGP, etc) and then hops over to
service provider level attacks related with very common used MPLS, how to use relays and pivots, VPN attacks
including IPSEC protocol suite, and SSL attacks. Finally, the class will cover NIDS/NIPS evasion and implementation
techniques.
This course uses in-depth lab exercises after each module. Students may spend 16 hours+ performing labs that
emulate a real world Pen Testing model. Students will make use of scores of traditional and cutting edge Pen Testing
tools (GUI and command line, Windows and Linux) as they make their way through mile2’s time-tested methodology.
Precisiones importantes
Documentos
- CPTC_Certified_Penetration_Testing_Consultant.pdf
Sedes y fechas disponibles
Ubicación
Inicio
Inicio
Acerca de este curso
Upon completion, Certified Penetration Testing Consultant students will be able to both establish an industry
acceptable pen testing process as well as be prepared to competently take the C) PTC exam.
Instructor-led
Live Online Training
C) PTE or equivalent knowledge
A minimum of 24 months experience in Networking Technologies
Sound knowledge of TCP/IP
Computer hardware knowledge
Opiniones
Materias
- Mile2
- Seguridad en red
- Seguridad en la nube
- Seguridad informática
- Informática aplicada
- Seguridad aplicada
- VPN
- PTE
- CPTE
- CPTC
Profesores
Alejandro Hernández
Instructor de Palo Alto
Programa académico
Course Outline
· Course Outline
Packet Capturing
Packet Capturing
Packet capturing using libpcap
Capturing using ncap
Packet Capturing Software
Windump / TCPDump
Usage
Windump & PS
Wireshark
General Settings
Preferences
Capture Settings
Interface Options
Column Settings
Name Resolution Settings
Panes
Capture Options
Menu Shortcuts
Follow TCP Stream
Expert Infos
Packet Reassembly
Capturing VOIP Calls
VOIP Call Filtering
Call Setup
Playing the call
Saving the call into a file
SMB Export
HTTP Export
Layer2 Attacks
Why Layer2?
FBI/CSI Risk Assessment
Ethernet Frame Formats
Different Types of attacks
Switch Learning Process
Excessive Flooding
Macof
Cisco Switches’ Bridging Table Capacities
Mac Flooding Alternative: Mac Spoofing Attacks
Spanning Tree Basics
Frame Formats
Dissectoring
Main BPDU Formats
yersinia
STP Attacks supported in yersinia
Becoming Root Bridge
VLANs
Basic Trunk Port Defined
Dynamic Trunking Protocol (Cisco)
VLAN Hopping Attack
Double Tagging
How DHCP operates?
DHCP Request/Reply Types
DHCP Fields
DHCP Starvation Attack
Rogue DHCP Server Attack
ARP Function Review
Risk Analysis of ARP
ARP Spoofing Attack Tools
ARP Cache Poisoning
How PoE works?
Risk Analysis for PoE
Layer3 Attacks on Cisco Based Infrastructures
Layer 3 protocols
Protocols: BGP
BGP MD5 crack
Protocols: BGP
BGP Route Injection
MP-BGP Route Injection
Protocols: OSPF
Protocols: ISIS
Protocols: HSRP/VRRP
DDoS detection
DDoS prevention
Ingress/egress filtering
Worm detection and protection
DDoS/worm research/future
MPLS
Bi-directional MPLS-VPN traffic redirection
Some More MPLS Attacks
MPLS
Router integrity checking
· Pivoting and Relays
Pivoting
Netcat
Backdoors with nc
Netcat – Basic Usage
Persistent Listeners
Shovel a shell
Shovel a file
Netcat port scanner
Relays
Simple Netcat Relay
Two-Way Netcat Relay – The Newbie Approach
Named Pipes
I/O Streams and Redirection
Relay Scenario 1
Two-Way NC Relay with Named Pipe
Relay Scenario 2
Relay Scenario 3
· IPv6 Attacks
IPv4
IPv6
IPv4 & IPv6 Headers
IPv6 Header Format
End-to-End Principle
Differences with End-to-End
End point filters
Merging IPSEC and Firewall functions
Scanning
ICMPv6
ICMPv6 Neighbor Discovery
IPv6 Attack Tools
DAD DoS Attack
DAD DoS Attack
Auto-Configuration Mechanisms
Autoconfiguration – SLAAC, DHCPv6
Auto-Configuration IPv4 & IPv6
ICMPv6 Types
Neighbor Discovery
ND spoofing
http://www.thc.org/thc-ipv6
Dos-new-ipv6 (THC)
Parasite6 (THC)
Redir6 (THC)
Fake_router6
IPv6 in Today’s Network
Extension Headers
Routing Header
Different Types of Routing Header
RH0 (Deprecated by RFC 5095) Format
Routing Header 0 Attack
Layer 3-4 Spoofing
Transition echanism Threats
IPv6 Firewall
Making existing tools work
Summary
· VPN Attacks
VPNs
VPN Comparison
IPSec
Detecting IPSec VPNs
AH versus ESP
Tunnel mode versus Transport mode
Main mode versus aggressive mode
IKE Main Mode
IKE Aggressive Mode
IPv4 Header
Authentication Header
AH Transport Mode
AH Tunnel Mode
Authentication Algorithms
AH and NAT
ESP with Authentication
ESP in Transport Mode
ESP in Tunnel Mode
IKE
IKE-Scan
IKE-SCAN
Aggressive Mode
Main Mode
Aggressive Mode ID
Aggressive Mode PSK Attacks
Aggressive PSK Cracking
Aggressive Mode ID Enumeration
Main Mode PSK Attacks
Main Mode PSK Cracking
Main Mode Policy Enumeration
IKECrack
IKEProbe
IKE-PROBE
Other VPN Flaws
Insecure Storage of Credentials on VPN Clients
Username Enumeration
· Defeating SSL
Outline
How SSL Works
Certificate Types
Certificate Chaining
Chain of trust
Verifying a Certificate Chain
Certificate Chain That Cannot be Verified
What if…
Basic Constraints
Then the story started
SSLSNIFF
Running SSLSNIFF
Setting up IPTABLES
Running Arpspoof
SSLSTRIP
How SSL connection is initiated:
SSLSTRIP
How does it look like?
With SSLSTRIP
Running SSLSTRIP
Combining this technique with homograph attack
Certificates
Certificate Enrollment Request PKCS#10
Certificate (Subjects)
CN Encoding
PKCS #10 SUBJECT
PKCS #10 Certificate Signing Request
Disadvantages
Universal Wildcard
More Weird Stuff
What do we have to worry about?
Certificate Revocation
Defeating OCSP
OCSP-Aware SSLSNIFF
Updates
Update-Aware SSLSNIFF
Snort
What is Snort?
Snort Architecture
Packet Sniffing
Preprocessors
Detection Engine
Alerting Components
Three major modes
Using Snort as Packet Sniffer
Packet Sniffing
Snort as Packet Logger
Snort as NIDS
Snort Rule Tree
Decoding Ethernet Packet
Preprocessor Layout
Parts of a Rule
Outputs
· IDS/IPS Evasion
Evasion
Networking Standards
Evasion Principles
Evasion Layers
Layer 2
Layer 3-4
Fragmentation
Fragmentation Attacks – Ping O' Death
More Malicious Fragments
Fragmentation-Based Techniques
Sending Overlapping Fragments
Different Reassembly Timeout
Sending Fragment with Different TTLs
Insertion Attacks
Protocol Violation
Layer 5-7
Layer 5-7
SMB Evasions
SMB based vulnerabilities
How can IDS control SMB sessions?
DCERPC Evasions
How DCERPC works:
DCERPC Bind Evasions
DCERPC Call Evasions
DCERPC Transport Evasions
Obfuscation
Client Side Attack Evasions
Unicode
UTF-8 Overlong Strings
Javascript Evasions
Base64 your HTML
Encryption
DoS Attacks
Failure Points
Alert Management
Hardware Limitations
Session Tracking
Pattern Matching
Signature Matching
Lab Outline
· Working with Captured Files
Sniffing with Wireshark
HTTP Protocol Analysi
SMB Protocol Analysis
SIP/RTR Protocol Analysis
DNS Protocol Analysis
· Layer 2 Attacks
MAC SPoofing
ARP Wireshark Network Sniffing
Analyzing the capture of Macof
Manipulating STP algorithm
· Layer 3 Attacks
Exploring Layer 3 with Loki tool on Kali
Cracking the BGP authentication key with Loki dictionary attack
OSPF Authentication
Attacking the default gateway redundancy protocol
· Pivoting and Relays
Pivoting with Metasploit
Pivoting with SSH
· IPv6 Attacks
Man-in-the-Middle attacks using THC-IPv6 Parasite6
Flooding the Network
IPv6 SLACC Attacks
· VPN Attacks
Cracking IKE PSK
Enumerate VPN IPsec with iker.py
· Defeating SSL
Decrypting SSL
Use SSLSTRIP for SSL MITM
· IDS/IPS Evasion
· Use Snort as Packet Sniffer
· Use Snort as Packet Logger
· Check Snort's IDS abilities with pre-captured attack pattern files
¿Necesitas un coach de formación?
Te ayudará a comparar y elegir el mejor curso para ti y a financiarlo en cómodas cuotas mensuales.
Certified Penetration Testing Consultant
*Precio estimado
Importe original en USD:
$ 3,500