Certified Penetration Testing Engineer

Course Outline

· Introduction

· Business and Technical Logistics of Penetration Testing

· Linux Fundamentals

· Information Gathering

· Detecting Live System

· Enumeration

· Vulnerability Assessments

· Malware Goes Undercover

· Windows Hacking

· Hacking UNIX/Linux

· Pen Testing Wireless Networks

· Networks, Sniffing, IDS

§ Overview

· Injecting the Database

· Attacking Web Technologies

· Project Documentation

Lab Outline

· Getting Set Up

§ Naming and subnet assignments

§ Discovering your class share

§ VM Image Preparation

§ Discovering the Student Materials

§ PDF Penetration Testing Methodology’s review

· Linux Fundamentals

§ ifconfig

§ Mounting a USB Thumb Drive

§ Mount a Windows partition

§ VNC Server

§ Preinstalled tools in BackTrack 5

· Information Gathering

§ Google Queries

§ Footprinting Tools

§ Getting everything you need with Maltego

§ Using Firefox for Pen Testing

§ Documentation of the assigned tasks

· Detecting Live Systems

§ Look@LAN

§ Zenmap

§ Zenmap in BackTrack 5

§ NMAP Command Line

§ Hping2

§ Unicornscan

§ Documentation of the assigned tasks

· Reconnaissance

§ Banner Grabbing

§ Zone Transfers

§ SNMP Enumeration

§ LDAP Enumeration

§ Null Sessions

§ SMB Enumeration

§ SMTP Enumeration

§ Documentation of the assigned tasks

· Vulnerability Assessment

§ Run Nessus for Windows

§ Run Saint

§ Documentation of the assigned tasks

· Malware

§ Netcat (Basics of Backdoor Tools)

§ Exploiting and Pivoting our Attack

§ Creating a Trojan

§ Documentation of the assigned tasks

· Windows Hacking

§ Cracking a Windows Password with Linux

§ Cracking a Windows Password with Cain

§ Covering your tracks via Audit Logs

§ Alternate Data Streams

§ Stegonagraphy

§ Understanding Rootkits

§ Windows 7 Client Side Exploit (Browser)

§ Windows 2008 SMBv2 Exploit

§ Documentation of the assigned tasks

· Hacking UNIX/Linux

§ Setup and Recon – Do you remember how?

§ Making use of a poorly configured service

§ Cracking a Linux password

§ Creating a backdoor and covering our tracks

§ Documentation of the assigned tasks

· Advanced Vulnerability and Exploitation Techniques

§ Metasploit Command Line

§ Metasploit Web Interface

§ Exploit-DB.com

§ Saint

§ Documentation

· Attacking Wireless Networks

§ War Driving Lab

§ WEP Cracking Lab (classroom only)

§ Documentation

· Networks, Sniffing and IDS

§ Capture FTP Traffic

§ ARP Cache Poisoning Basics

§ ARP Cache Poisoning – RDP

§ Documentation

· Database Hacking

§ Hacme Bank – Login Bypass

§ Hacme Bank – Verbose Table Modification

§ Hacme Books – Denial of Service

§ Hacme Books – Data Tampering

§ Documentation of the assigned tasks

· Hacking Web Applications

§ Input Manipulation

§ Shoveling a Shell

§ Hacme Bank – Horizontal Privilege Escalation

§ Hacme Bank – Vertical Privilege Escalation

§ Hacme Bank – Cross Site Scripting

§ Documentation of the assigned tasks

· Cryptography

§ Caesar Encryption

§ RC4 Encryption

§ IPSec Deployment

· Post-Class Lab – CORE IMPACT

· CORE IMPACT