Network Penetration Testing and Ethical Hacking

Why should you attend?

This  course differs from other penetration testing and ethical hacking courses in several important ways:

It offers in-depth technical excellence along with industry-leading methodologies to conduct high-value penetration tests.

We get deep into the tools arsenal with numerous hands-on exercises that show subtle, less well-known and undocumented features that are useful for professional penetration testers and ethical hackers.

It discusses how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.

We focus on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for conducting projects.

The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.

We cover several time-saving tactics based on years of in-the-trenches experience of real penetration testers and ethical hacker – tasks that might take hours or days unless you know the little secrets we will cover that will let you surmount a problem in minutes.

The course stresses the mindset of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of thinking outside the box, methodically trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results and creating a high-quality final report that achieves management and technical buy-in.

We analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

Who should attend

• Security personnel whose job involves assessing networks and systems to find and remediate vulnerabilities
• Penetration testers
• Ethical hackers
• Defenders who want to better understand offensive methodologies, tools, and techniques
• Auditors who need to build deeper technical skills
• Red team members
• Blue team members
• Forensics specialists who want to better understand offensive tactics

Learning objectives

• Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined and conducted in a safe manner
• Conduct detailed reconnaissance using document metadata, search engines and other publicly available information sources to build a technical and organizational understanding of the target environment
• Utilize the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting and version scanning to develop a map of target environments
• Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
• Configure and launch the Nessus vulnerability scanner so that it discovers vulnerabilities through both authenticated and unauthenticated scans in a safe manner, and customize the output from such tools to represent the business risk to the organization
• Analyze the output of scanning tools to manually verify findings and perform false positive reduction using Netcat and the Scapy packet crafting tools
• Utilize the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise and help determine business risks
• Configure the Metasploit exploitation tool to scan, exploit and then pivot through a target environment in-depth
• Conduct comprehensive password attacks against an environment, including automated password guessing (while avoiding account lockout), traditional password cracking, rainbow table password cracking and pass-the-hash attacks
• Launch web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection and SQL injection attacks to determine the business risks faced by an organization.

Prerequisites

Attendees are expected to have a working knowledge of TCP/IP, understand the differences between cryptographic routines such as DES, AES, and MD5, and have a basic knowledge of the Windows and Linux command lines before they step into class. While 560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course.