Professional Documents
Culture Documents
COURSE OVERVIEW
KEY DATA
Course Title: Certified Penetration
Pen Testing Hacking
Testing Engineer The vendor neutral Certified Penetration Career
Testing Engineer certification course is built
Duration: firmly upon proven, hands-on, Penetration
• Normal Track: 1 Year Testing methodologies utilized by our
• Fast Track: 1 Month international group of Penetration Testing
• Ultra Fast Track: 5 Days consultants.
Language: English The C)PTE presents information based on the
Class Format Options: 5 Key Elements of Pen Testing; Information
Gathering, Scanning, Enumeration,
• Instructor-led classroom Exploitation and Reporting. The latest
• Live Online Training vulnerabilities will be discovered using these
• CBT - Pre-recorded Videos tried and true techniques.
Prerequisites:
• A minimum of 12 months’ This course also enhances the business skills
experience in networking needed to identify protection opportunities,
technologies. (Must for Ultra justify testing activities and optimize security
Fast Track)
• Sound knowledge of TCP/IP
• Knowledge of Microsoft
controls to reduce risk associated to working
with the internet. The student will be using the
latest tools, such as Saint, Metasploit through
*
packages. (Must for Fast Kali Linux and Microsoft PowerShell.
Track)
• Network+, Microsoft, Security+ Mile2 goes far beyond simply teaching you to
(Must for Ultra Fast Track) “Hack”. The C)PTE was developed around
• Basic Knowledge of Linux is principles and behaviors used to combat
essential (For Fast Track) malicious hackers and focuses on professional
Student Materials: penetration testing rather than “ethical
hacking”.
• Student Workbook
• Student Lab Guide Besides utilizing ethical hacking
• Prep Guide methodologies, the student should be prepared All Combos Include:
Certification Exam: to learn penetration testing methodologies • Online Video
using advanced persistent threat techniques. In • Electronic Book
CPTE – Certified Pen Testing
this course, you will go through a complete (Workbook/Lab guide)
Engineer™ (taken through mile2’s
MACS online testing system) penetration test from A-Z! You’ll learn to
create your own assessment report and • Exam Prep Guide
CPEs: 40 apply your knowledge immediately in the • Exam Voucher
Who Should Attend: work force. • Cyber Range Lab
• Pen Testers With this in mind, the CPTE certification course • Exam Simulator
• Ethical Hackers is a complete up-grade to the EC-Council CEH!
•
Network Auditors The C)PTE exam is taken any time/anywhere
• Cyber Security Professionals on-line through mile2’s MACS system, making
• Vulnerability Assessors the exam experience easy and mobile. Student
• Cyber Security Managers does not need to take the C)PTE course to
• IS Managers attempt the C)PTE exam.
1
ACCREDITATIONS
The Certified Penetration Testing Engineer course is accredited by the NSA CNSSI-4013: National
Information Assurance Training.
UPON COMPLETION
Upon completion, Certified Penetration Testing Engineer students will be able to establish industry
acceptable auditing standards with current best practices and policies. Students will also be prepared to
competently take the C)PTE exam.
EXAM INFORMATION
The Certified Penetration Testing Engineer exam is taken
online through Mile2’s Assessment and Certification System
(“MACS”), which is accessible on your mile2.com account. The
exam will take 2 hours and consist of 100 multiple choice
questions. The cost is $400 USD and must be purchased from
Mile2.com.
COURSE DETAILS
Module 0: Course Overview Module 10: Advanced Exploitation
Module 1: Business & Technical Logistics of Techniques
Pen Testing Module 11: Pen Testing Wireless Networks
Module 2: Linux Fundamentals Module 12: Networks, Sniffing and IDS
Module 3: Information Gathering Module 13: Injecting the Database
Module 4: Detecting Live Systems Module 14: Attacking Web Technologies
Module 5: Enumeration Module 15: Project Documentation
Module 6: Vulnerability Assessments Module 16: Securing Windows w/ Powershell
Module 7: Malware Goes Undercover Module 17: Pen Testing with Powershell
Module 8: Windows Hacking
Module 9: Hacking UNIX/Linux
2
DETAILED HANDS-ON LABORATORY OUTLINE
3
DETAILED COURSE OUTLINE
Module 0: Course Introduction
Courseware Materials Learning Aids
Course Overview Labs
Course Objectives Class Prerequisites
CPTE Exam Information Student Facilities
4
Traceroute (cont.)
Internet Archive: The WayBack Machine 3D Traceroute
Domain Name Registration Opus online traceroute
WHOIS People Search Engines
WHOIS Output Intelius info and Background Check Tool
DNS Databases EDGAR For USA Company Info
Using Nslookup Company House For British Company Info
Dig for Unix / Linux Client Email Reputation
Traceroute Operation Web Server Info Tool: Netcraft
Footprinting Countermeasures
DOMAINSBYPROXY.COM
Review
Module 5: Enumeration
Enumeration Overview Active Directory Enumeration
Web Server Banners LDAPMiner
Practice: Banner Grabbing with Telnet AD Enumeration countermeasures
SuperScan 4 Tool: Banner Grabbing Null sessions
Sc HTTPrint Syntax for a Null Session
SMTP Server Banner Viewing Shares
DNS Enumeration Tool: DumpSec
Zone Transfers from Windows 2000 DNS Tool: Enumeration with Cain and Abel
Backtrack DNS Enumeration NAT Dictionary Attack Tool
Countermeasure: DNS Zone Transfers THC-Hydra
SNMP Insecurity Injecting Abel Service
SNMP Enumeration Tools Null Session Countermeasures
SNMP Enumeration Countermeasures Review
5
Module 6: Vulnerability Assessments
Overview SAINT – Sample Report
Vulnerabilities in Network Services Tool: Retina
Vulnerabilities in Networks Qualys Guard
Vulnerability Assessment Def http://www.qualys.com/products/overview/
Vulnerability Assessment Intro Tool: LANguard
Testing Overview Microsoft Baseline Analyzer
Staying Abreast: Security Alerts MBSA Scan Report
Vulnerability Research Sites Dealing with Assessment Results
Vulnerability Scanners Patch Management
Nessus Other Patch Management Options
Nessus Report
6
Shedding Files Left Behind TOR + OpenVPN= Janus VM
Leaving No Local Trace Encrypted Tunnel Notes:
Tor: Anonymous Internet Access Hacking Tool: RootKit
How Tor Works Windows RootKit Countermeasures
7
How WPA improves on WEP Attacking WPA
TKIP coWPAtty
The WPA MIC Vulnerability Exploiting Cisco LEAP
802.11i - WPA2 asleap
WPA and WPA2 Mode Types WiFiZoo
WPA-PSK Encryption Wesside-ng
LEAP Typical Wired/Wireless Network
LEAP Weaknesses 802.1X: EAP Types
NetStumbler EAP Advantages/Disadvantages
Tool: Kismet EAP/TLS Deployment
Tool: Aircrack-ng Suite New Age Protection
Tool: Airodump-ng Aruba – Wireless Intrusion Detection and
Tool: Aireplay Prevention
DOS: Deauth/disassociate attack RAPIDS Rogue AP Detection Module
Tool: Aircrack-ng Review
Attacking WEP
8
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
www.petefinnegan.com
Hacking Tool: Metasploit
Finding & Fixing SQL Injection
9
Contact Details:
IT KART
Head Quarter : IT KART, Office Number- 7,
NEAR JAGAT FARM GOL CHAKKAR, GAMMA – 1,
GREATER NOIDA, DELHI - NCR
http://www.facebook.com/itkart
10