Security > CPTS with CEH Backtrack

CPTS with CEH Backtrack


Certified Penetration Testing Specialist (CPTS) with CEH Backtrack

PACKAGE INCLUDES

  • 14 CD Levels on 3 DVDs featuring live instructor-led classroom sessions with full audio, video and demonstration
  • Printable courseware
  • Step by Step Hands-on Labs


    • Single User CD Course
    £ 348
    Single User Online Course
    £ 278
    Multi User CD Course
    £ 696

    COURSE INTRODUCTION

    CPTS is built upon proven hands-on Penetration Testing methodologies as utilized by our international group of vulnerability consultants. Mile2 trainers keep abreast of their expertise by practicing what they teach because we believe that an equal emphasis on theoretical and real world experience is essential for effective knowledge transfer to you, the student. The CPTS presents information on the latest vulnerabilities and defenses. This class also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. We go far beyond simply teaching you to “Hack” -- the norm with the classes that have been available until now. Our course is developed based on principles and methods used by malicious hackers, but its focus is professional penetration testing and securing information assets.

    Upon completion, CPTS - Certified Penetration Testing Specialist students will be able to confidently undertake the Thompson Prometric CPTS examination (recommended) or the easier Certified Ethical Hacker (312-50) Self Study. Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing security environment. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world.

    Course Outline


    Module 1 - Business and Technical Logistics for Pen Testing

    Definition of a Penetration Test
    The Evolving Threat
    Security Vulnerability Life Cycle
    Exploit Timeline
    What You May Not Have Known…
    Zombie Statistics
    Demo: Zombie Statistics
    Zombie Definition
    Botnet Definition
    Defense in Depth
    Types of Penetration Testing
    Pen Test Methodology
    Hacker vs. Penetration Tester
    Methodology for Penetration Testing / Ethical Hacking
    Tools vs. Technique
    Penetration Testing Methodologies
    Demo: Resouces on Penetration Methodologies
    Demo: FFIEC
    OSSTMM - Open Source Security Testing Methodologies
    Website Review
    Demo: Cybercrime and Computer World Websites
    Website Review
    Demo: SC Magazine
    Module 1 - Lab
    Case Study and Lab
    Module 1 Review

    Module 2 - Reconnaissance: Information Gathering

    What Information is Gathered by the Hacker
    Methods of Obtaining Information
    Physical Access
    Demo: Bump Key Technique
    Social Access
    Demo: Social Engineering with Kevin Rose
    Digital Access
    Passive vs. Active Reconnaissance
    Footprinting Defined
    Footprinting Tool: Kartoo Website
    Footprinting tools
    Google and Query Operators
    Google (cont.)
    Johnny.Ihackstuff.com
    Site Digger 2.0
    Internet Archive: The WayBack Machine
    Domain Name Registration
    WHOIS
    WHOIS Output
    DNS Databases
    Using Nslookup
    Dig for Unix / Linux
    Traceroute Operation
    Traceroute (cont.)
    EDGAR For USA Company Info
    Company House For British Company Info
    People Search Tool
    Google Earth
    Intelius info and Background Check Tool
    Web Server Info Tool: Netcraft
    Countermeasure: Domainsbyproxy.com
    Footprinting Countermeasures
    Case Study and Lab
    Module 2 Review

    Module 3 - Linux Fundamentals

    Linux History – Linus + Minix = Linux
    The GNU Operating System
    Linux Introduction
    Linux GUI Desktops
    Linux Shell
    Linux Bash Shell
    Recommended Linux Book
    Password & Shadow File FormatsUser Account Management
    Instructor Demonstration
    Changing a user account password
    Demo: BackTrack
    Configuring Network Interfaces with Linux
    Demo: Setting up a Network Interface
    Mounting Drives with Linux
    Demo: Mounting a Drive
    Tarballs and Zips
    Compiling Programs in Linux
    Demo: Compile and Run an Application
    Typical Linux Operating System’s
    Gentoo = Simple Software Install Portal
    Demo: Operating System's
    Demo: VLOS
    Why Use Live Linux Boot CD’s
    Security Live Linux CD’s
    FrozenTech’s Complete Distro List
    Most Popular: BackTrack
    Demo: Troubleshooting BackTrack
    My Slax Creator
    Slax Modules (Software Packages)
    Module 3 - Lab
    Case Study and Lab
    Module 3 Review

    Module 4 - Reconnaissance: Detecting Live Systems

    Introduction to Port Scanning
    Port Scan Tips
    Ping
    Demo: Packetyzer
    The TCP/IP stack
    Which services use which ports?
    TCP 3-Way Handshake
    Demo: Creating Custom Packets
    TCP Flags
    Vanilla (TCP Connect Port Scan)
    NMAP TCP Connect Scan
    Demo: NMAP
    NMAP
    Half-open Scan
    Tool Practice : TCP half-open & Ping Scan
    Firewalled Ports
    NMAP Service Version Detection
    UDP Port Scan
    Popular Port Scanning Tools
    Tool: Superscan
    Tool: LookatLan
    Tool: Hping2 – BackTrack Distro
    Tool Practice: Hping2
    Demo: Look@Lan
    Demo: Hping2
    Tool: Auto Scan
    Demo: Auto Scan
    Advanced Port Scanning / Packet Crafting
    OS Fingerprinting
    OS Fingerprinting: Xprobe2 – Auditor Distro
    What Is Fuzzy Logic?
    Tool: P0f – Passive OS Finger Printing Utility
    Tool Practice: Amap
    Packet Crafting
    Demo: OS Finger Printing
    Tool Fragrouter: Fragmenting Probe Packets
    Countermeasures: Scanning
    Scanning Tools Summary
    Module 4 - Lab
    Case Study and Lab
    Module 4 Review

    		 

    Module 5 - Reconnaissance: Enumeration

    Web Server Banners
    Practice: Banner Grabbing with Telnet
    Web Server Banners (cont.)
    SMTP Server Banner
    Demo: Server Banners
    Demo: Sam Spade
    Demo: Netcat
    DNS Enumeration
    Zone Transfers from Windows 2000 DNS
    Demo: DNS Enumeration
    Countermeasure: DNS Zone Transfers
    SNMP Insecurity
    SNMP Enumeration
    SNMP Enumeration Countermeasures
    Demo: SNMP Techniques
    Active Directory Enumeration
    AD Enumeration countermeasures
    Null sessions
    Syntax for a Null Session
    Viewing Shares
    Demo: Null Session
    Tool: DumpSec
    Tool: USE42
    Tool: Enumeration with Cain and Abel
    Null Session Countermeasures
    Enumeration Tools Summary
    Module 5 - Lab
    Case Study and Lab
    Module 5 Review

    Module 6 - Cryptography: Decrypting the Cipher

    Introduction
    Demo: CrypTool
    Encryption
    Implementation
    Symmetric Encryption Symmetric Algorithms
    Crack Times
    Asymmetric Encryption
    Key Exchange
    Key Exchange Demo
    Hashing
    Demo: Hashing
    Hash Collisions
    Common Hash Algorithms
    Hybrid Encryption
    Digital Signatures
    SSL Hybrid Encryption
    IPSec
    Demo: IPSec IPSec
    Public Key Infrastructure
    PKI-Enabled Applications
    Attack Vectors
    Module 6 - Lab
    Case Study and Lab
    Module 6 Review

    Module 7 - Vulnerability Assessments

    Assessment Intro
    Technical Cyber Security Alerts
    Demo: Cert.org
    Open Source Assessments Tools
    Tool: Nessus Open Source
    Nessus Plugins
    Scanning the Network
    Demo: Whax Demo: Core Security
    Tool: X-Scan
    Commercial vulnerability Scanners
    Tool: Retina
    Tool: NewT
    Tool: LANguard
    Analyzing the Scan Results
    Demo: LANguard Tool: Core Impact
    Microsoft Baseline Analyzer
    Demo: Nessus 3 MBSA Scan Report
    Demo: Baseline Security Analyzer
    Patch Management
    Patching with LANguard Network Security Scanner
    Case Study and Lab
    Module 7 Review

    Module 8 - Windows Hacking: Staying Ahead of the Hacker

    Keystroke Loggers
    Password Cracking
    Demo: Password Cracking
    Rainbow Table
    Authentication Procedure
    Password Sniffing Privilege Escalation
    Password Hash Insertion
    Demo: PWRESET2
    Demo: Booting from BackTrack
    Countermeasures
    More Countermeasures
    Multi-Factor Authentication
    Smart Cards
    Evading The Event Logs
    Disable Auditing
    Clearing the Event Log
    Alternate Data Streams Demo: Alternate Data Streams Steganography – In Clear Sight
    Demo: Methods to hide Data
    RootKits
    Demo: Rootkits
    RootKit Detection
    Case Study and Lab
    Module 8 Review

    Module 9 - Advanced Exploit Techniques

    How Do Exploits Work?
    Memory Organization
    Buffer OverFlows
    Heap Overflows
    Stages Of Exploit Development Prevention
    Demo: Stack Function
    TCP/IP OSI Exploits
    The Metasploit Project
    The Alien Shore
    The Metasploit Project
    Demo: The Metasploit Project Core Impact Overview
    Core Impact
    Demo: Core Impact Case Study and Lab
    Module 9 Review

    Module 10 - Malware: Software Goes Undercover

    Defining Malware: Trojans and backdoors
    Defining Malware: Virus & Worms
    Defining Malware: Spyware
    Malware Distribution Methods
    Hacker Uses of Malware
    Malware Privilege Level
    Autostart Methods
    Countermeasure: Monitoring Autostart Methods
    Tool: Netcat
    Netcat Switches
    Demo: Netcat Remote Access Trojan Components
    Executable Wrappers
    Benign EXEs Historically Wrapped With Trojans
    Demo: Executable Wrappers
    Tool: Restorator
    Tool: Exe Icon
    The Infectious CD-ROM Technique
    Advanced Trojans: Beast
    Advanced Trojans: Avoiding Detection
    Overview of Malware Countermeasures
    CM Tool: Anti-Spyware Software
    CM Tool: Anti-Trojan Scanners
    Malware Reference: www.Glocksoft.com
    CM Tool: Port Monitoring Software
    CM Tool: File Protection Software
    CM Tool: Windows File Protection
    CM Tool: Windows Software Restriction Policies
    CM Tool: Hardware-based Malware Detectors
    Countermeasure: User Education
    Module 10 Review

    		 

    Module 11 - Attacking Wireless Networks: Securing the Air

    Wi-Fi Network Types Widely Deployed Standard’s
    A vs B vs G
    802.11n - MIMO
    SSID (Service Set Identity)
    MAC Filtering
    Wired Equivalent Privacy
    Weak IV Packets
    XOR - Basics
    WEP Weaknesses
    TKIP
    How WPA improves on WEP The WPA MIC Vulnerability
    802.11i - WPA2
    WPA and WPA2 Mode Types
    WPA-PSK Encryption
    Tool: NetStumbler
    Demo:NetStumbler
    Tool: Kismet
    Analysis Tool: AiroPeek
    Tool: Aircrack
    DOS: Deauth/disassociate attack
    DoS: VOID 11
    Tool: Aireplay
    ARP Injection (Failure)
    ARP Injection (Success)
    802.1X: EAP Types
    EAP Advantages/Disadvantages
    Typical Wired/Wireless Network
    Module 11 Review

    Module 12 - Networks, Sniffing and IDS: Intercept and Redirect!

    Packet Sniffers
    Example Packet Sniffers
    Tool: Pcap & WinPcap
    Tool: Wireshark (Ethereal)
    TCP Stream Re-assembling
    Tool: Packetyzer
    tcpdump & windump
    Tool: OmniPeek
    Demo: Wireshark Analyzer Sniffer Detection
    Passive Sniffing
    Demo: Passive Sniffing
    Active Sniffing
    Active Sniffing Methods
    Switch Table Flooding
    ARP Cache Poisoning
    ARP Normal Operation
    ARP Cache Poisoning
    Technique: ARP Cache Poisoning (Linux)
    Countermeasures
    Tool: Cain and Abel
    Demo: Cain and Abel
    Ettercap
    Linux Tool Set:Dsniff Suite
    Dsniff Operation
    MailSnarf, MsgSnarf, FileSnarf
    What is DNS spoofing?
    Demo: DNS spoofing
    Tools: DNS Spoofing
    Breaking SSL Traffic
    Tool: Breaking SSL Traffic
    Tool: Cain and Abel
    Demo:Cain and Abel
    Voice over IP (VoIP)
    Intercepting VoIP
    Intercepting RDP
    Cracking RDP Encryption
    Demo: Wireless Phone
    Routing Manipulation Methods
    Countermeasures for Sniffing Firewalls, IDS and IPS
    Firewall – First line of defense
    IDS – Second line of defense
    Evading The Firewall and IDS
    Evasive Techniques
    Firewall – Normal Operation
    Evasive Technique -Example
    Demo: Engage Packet Builder
    Evading With Encrypted Tunnels
    Demo: Tunnel Configuration
    ‘New Age’ Protection
    SpySnare - Spyware Prevention System (SPS)
    Intrusion ‘SecureHost’ Overview
    Intrusion Prevention Overview
    Secure Surfing or Hacking ????
    Case Study and Lab
    Module 12 Review

    Module 13 - Injecting the Database

    Injecting the Database
    Overview of Database Server
    Types of databases
    Overview of Database Server Relational Databases
    Overview of Database Server
    Vulnerabilities and Common Attacks
    SQL Injection
    Why SQL “Injection”? SQL Connection Properties
    SQL Injection: Enumeration SQL Extended Stored Procedures
    Demo: SQL Injection Shutting Down SQL Server
    Direct Attacks
    Attacking Database Servers
    Obtaining Sensitive Information
    Hacking Tool: SQL Ping2
    Hacking Tool: osql.exe
    Hacking Tool: Query Analyzers
    Hacking Tool: SQLExec
    Hacking Tool: Metasploit
    Hardening Databases
    Module 13 - Case Study and Lab
    Module 13 Review

    Module 14 - Attacking Web Technologies

    Common Security Threats
    The Need for Monitoring
    Seven Management Errors
    Progression of The Professional Hacker
    The Anatomy of a Web Application Attack
    Demo: The Anatomy of a Web Application Attack Attacks against IIS
    ISAPI DLL Source disclosures
    ISAPI.DLL Exploit
    IIS Directory Traversal
    Unicode
    IIS Logs
    Protection against Buffer Overflows
    Assessment Tool: Stealth HTTP Scanner
    Common Web Application Vulnerabilities
    Components of a generic web application system
    URL mappings to the web application system
    Web Application Penetration Methodologies
    Tool: Paros Proxy
    Tool: Burp Proxy
    Tool: Lynx
    Tools: Black Widow And WGET
    What is Cross Side Scripting (XSS)?
    XSS Countermeasures
    Authentication
    Tool: Brutus
    Dictionary Maker
    Query String
    Cookies
    OWASP Top Ten Web Vulnerabilities
    Module 14 - Lab Case Study and Lab
    Module 14 Review
    Page Execution time is 4.375 seconds.