Certified Penetration Testing Engineer

Key Data
 Certified Penetration Testing Engineer Course Description

Course Title: CPTEngineer

Duration: 5 days

Language: English

Class Format Options:
Instructor-led classroom
Live Online Training
CBT - Pre-recorded Videos


Recommended Prerequisites:

  • A minimum of 12 months experience in networking technologies
  • Sound knowledge of TCP/IP
  • Knowledge of Microsoft packages
  • Network+, Microsoft, Security+
  • Basic Knowledge of Linux is essential


Student Materials Provided:

  • Student Workbook
  • Student Lab Guide
  • Software/Tools (2 DVDs)

Certification Exam:

  • CPTE – Certified Pen Testing Engineer™ (Thompson Prometric – Globally)
  • OSCP – Offensive Security Certified Professional

Certification Track:

  • CPTE - Certified Pen Testing Engineer™
  • CPTC - Certified Pen Testing Consultant™
  • CDFE - Certified Digital Forensics Examiner™

Certified Penetration Testing Engineer graduates obtain real world security knowledge that will enable them to recognize vulnerabilities, exploit system weaknesses, and help safeguard threats. Graduates will learn the art of Ethical Hacking with a professional edge (Penetration Testing).

Course Overview:

CPTE’s foundation is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of vulnerability consultants. Mile2 trainers keep abreast of their field by practicing what they teach; we believe that an equal emphasis on theoretical and real world experience is essential for effective knowledge transfer to you, the student.
The CPTE presents information based on the 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques.

This course also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk.
Mile2 goes far beyond simply teaching you to “Hack” - be prepared to learn penetration testing using advanced persistent threat techniques along with the highest level ethical hacking methodologies.
Our course was developed around principles and behaviors used by malicious hackers. The course is taught with this in mind while keeping the focus on professional penetration testing and ensuring the security of information assets.
Learn to ‘hack’...live to protect.

Objective of Labs:

This is an intensive hands-on class. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take.  Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2’s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the security world, our labs are updated to reflect them.

Upon Completion:

Upon proper completion of the course, CPTE students will be able to confidently sit for the CPTE certification exam (recommended). Students will enjoy an in-depth course that is continuously updated to maintain and incorporate changes in the security environment. This course offers up-to-date proprietary labs that have been researched and developed by leading security professionals from around the world.

NOTE: The course material reflects Backtrack 5 and advanced penetration testing and hacking labs.

The CPTE 2012 will have more new labs that cover both Windows 7  Windows Server 2008.

Certified Penetration Testing Engineer Module Topics:

Module 0: Course Overview
Module 1: Business and Technical Logistics of Pen Testing
Module 2: Linux Fundamentals
Module 3: Information Gathering
Module 4: Detecting Live Systems
Module 5: Enumeration
Module 6: Vulnerability Assessments
Module 7: Malware Goes Undercover
Module 8: Windows Hacking
Module 9: Hacking UNIX/Linux
Module 10: Advanced Exploitation Techniques
Module 11: Pen Testing Wireless Networks
Module 12: Networks, Sniffing and IDS
Module 13: Injecting the Database
Module 14: Attacking Web Technologies
Module 15: Project Documentation
Appendix 1: The Basics
Appendix 2: Financial Sector Regulations
Appendix 3: Access Controls
Appendix 4: Protocols
Appendix 5: Cryptography
Appendix 6: Economics and Law


DETAILED COURSE OUTLINE


Module 0: Course Introduction
Courseware Materials
Course Overview
Course Objectives
CPTE Exam Information
Learning Aids
Labs
Class Prerequisites
Student Facilities


Module 1: Business and Technical Logistics of Penetration Testing
Overview
What is a Penetration Test?
Benefits of a Penetration Test
Data Breach Insurance
CSI Computer Crime Survey
Recent Attacks & Security Breaches
What does a Hack cost you?
Internet Crime Complaint Center
The Evolving Threat
Security Vulnerability Life Cycle
Exploit Timeline
Zombie Definition
What is a Botnet?
How is a Botnet Formed?
Botnet Statistics
How are Botnet’s Growing?
Types of Penetration Testing
Hacking Methodology
Methodology for Penetration Testing
Penetration Testing Methodologies
Hacker vs. Penetration Tester
Not Just Tools
Website Review
Tool: SecurityNOW! SX
Seven Management Errors
Review


Module 2: Linux Fundamentals
Overview
Linux History: Linus + Minix = Linux
The GNU Operating System
Linux Introduction
Linux GUI Desktops
Linux Shell
Linux Bash Shell
Recommended Linux Book
Password & Shadow File Formats
User Account Management
Instructor Demonstration
Changing a user account password
Configuring Network Interfaces with Linux
Mounting Drives with Linux
Tarballs and Zips
Compiling Programs in Linux
Why Use Live Linux Boot CDs
Typical Linux Operating Systems
Most Popular: BackTrack
Review

Module 3: Information Gathering
Overview
What Information is gathered by the Hacker?
Organizing Collected Information
Leo meta-text editor
Free Mind: Mind mapping
IHMC CmapTools
Methods of Obtaining Information
Physical Access
Social Access
Social Engineering Techniques
Social Networks
Instant Messengers and Chats
Digital Access
Passive vs. Active Reconnaissance
Footprinting defined
Maltego
Maltego GUI
FireCAT
Footprinting tools
Google Hacking
Google and Query Operators
SiteDigger
Job Postings
Blogs & Forums
Google Groups / USENET
Internet Archive: The WayBack Machine
Domain Name Registration
WHOIS
WHOIS Output
DNS Databases
Using Nslookup
Dig for Unix / Linux
Traceroute Operation
Traceroute (cont.)
3D Traceroute
Opus online traceroute
People Search Engines
Intelius info and Background Check Tool
EDGAR For USA Company Info
Company House For British Company Info
Client Email Reputation
Web Server Info Tool: Netcraft
Footprinting Countermeasures
DOMAINSBYPROXY.COM
Review

Module 4: Detecting Live System
Overview
Introduction to Port Scanning
Port Scan Tips
Expected Results
Popular Port Scanning Tools
Stealth Online Ping
NMAP: Is the Host online
ICMP Disabled?
NMAP TCP Connect Scan
TCP Connect Port Scan
Tool Practice : TCP half-open & Ping Scan
Half-open Scan
Firewalled Ports
NMAP Service Version Detection
Additional NMAP Scans
Saving NMAP results
NMAP UDP Scans
UDP Port Scan
Advanced Technique
Tool: Superscan
Tool: Look@LAN
Tool: Hping2
Tool: Hping2
More Hping2
Tool: Auto Scan
OS Fingerprinting: Xprobe2
Xprobe2 Options
Xprobe2 –v –T21-500 192.168.XXX.XXX
Tool: P0f
Tool Practice: Amap
Tool: Fragrouter: Fragmenting Probe Packets
Countermeasures: Scanning
Review

Module 5: Enumeration
Enumeration Overview
Web Server Banners
Practice: Banner Grabbing with Telnet
SuperScan 4 Tool: Banner Grabbing
Sc
HTTPrint
SMTP Server Banner
DNS Enumeration
Zone Transfers from Windows 2000 DNS
Backtrack DNS Enumeration
Countermeasure: DNS Zone Transfers
SNMP Insecurity
SNMP Enumeration Tools
SNMP Enumeration Countermeasures
Active Directory Enumeration
LDAPMiner
AD Enumeration countermeasures
Null sessions
Syntax for a Null Session
Viewing Shares
Tool: DumpSec
Tool: Enumeration with Cain and Abel
NAT Dictionary Attack Tool
THC-Hydra
Injecting Abel Service
Null Session Countermeasures
Review

Module 6: Vulnerability Assessments
Overview
Vulnerabilities in Network Services
Vulnerabilities in Networks
Vulnerability Assessment Def
Vulnerability Assessment Intro
Testing Overview
Staying Abreast: Security Alerts
Vulnerability Research Sites
Vulnerability Scanners
Nessus
Nessus Report
SAINT – Sample Report
Tool: Retina
Qualys Guard
http://www.qualys.com/products/overview/
Tool: LANguard
Microsoft Baseline Analyzer
MBSA Scan Report
Dealing with Assessment Results
Patch Management
Other Patch Management Options

Module 7: Malware Goes Undercover
Overview
Distributing Malware
Malware Capabilities
Countermeasure: Monitoring Autostart Methods
Tool: Netcat
Netcat Switches
Netcat as a Listener
Executable Wrappers
Benign EXE’s Historically Wrapped with Trojans
Tool: Restorator
Tool: Exe Icon
The Infectious CD-Rom Technique
Trojan: Backdoor.Zombam.B
Trojan: JPEG GDI+
All in One Remote Exploit
Advanced Trojans: Avoiding Detection
BPMTK
Malware Countermeasures
Gargoyle Investigator
Spy Sweeper Enterprise
CM Tool: Port Monitoring Software
CM Tools: File Protection Software
CM Tool: Windows File Protection
CM Tool: Windows Software
Restriction Policies
CM Tool: Hardware Malware Detectors
Countermeasure: User Education

Module 8: Windows Hacking
Overview
Password Guessing
Password Cracking LM/NTLM Hashes
LM Hash Encryption
NT Hash Generation
Syskey Encryption
Cracking Techniques
Precomputation Detail
Creating Rainbow Tables
Free Rainbow Tables
NTPASSWD:Hash Insertion Attack
Password Sniffing
Windows Authentication Protocols
Hacking Tool: Kerbsniff & KerbCrack
Countermeasure: Monitoring Logs
Hard Disk Security
Breaking HD Encryption
Tokens & Smart Cards
USB Tokens
Covering Tracks Overview
Disabling Auditing
Clearing and Event log
Hiding Files with NTFS Alternate Data Stream
NTFS Streams countermeasures
What is Steganography?
Steganography Tools
Shedding Files Left Behind
Leaving No Local Trace
Tor: Anonymous Internet Access
How Tor Works
TOR + OpenVPN= Janus VM
Encrypted Tunnel Notes:
Hacking Tool: RootKit
Windows RootKit Countermeasures

Module 9: Hacking UNIX/Linux
Overview
Introduction
File System Structure
Kernel
Processes
Starting and Stopping Processes
Interacting with Processes
Command Assistance
Interacting with Processes
Accounts and Groups
Password & Shadow File Formats
Accounts and Groups
Linux and UNIX Permissions
Set UID Programs
Trust Relationships
Logs and Auditing
Common Network Services
Remote Access Attacks
Brute-Force Attacks
Brute-Force Countermeasures
X Window System
X Insecurities Countermeasures
Network File System (NFS)
NFS Countermeasures
Passwords and Encryption
Password Cracking Tools
Salting
Symbolic Link
Symlink Countermeasure
Core File Manipulation
Shared Libraries
Kernel Flaws
File and Directory Permissions
SUID Files Countermeasure
File and Directory Permissions
World-Writable Files Countermeasure
Clearing the Log Files
Rootkits
Rootkit Countermeasures
Review

Module 10: Advanced Exploitation Techniques
Overview
How Do Exploits Work?
Format String
Race Conditions
Memory Organization
Buffer OverFlows
Buffer Overflow Definition
Overflow Illustration
How Buffers and Stacks Are
Supposed to Work
Stack Function
How a Buffer Overflow Works
Buffer Overflows
Heap Overflows
Heap Spraying
Prevention
Security Code Reviews
Stages of Exploit Development
Shellcode Development
The Metasploit Project
The Metasploit Framework
Meterpreter
Fuzzers
SaintExploit at a Glance
SaintExploit Interface
Core Impact Overview
Review

Module 11: Pen Testing Wireless Networks
Overview
Standards Comparison
SSID (Service Set Identity)
MAC Filtering
Wired Equivalent Privacy
Weak IV Packets
WEP Weaknesses
XOR – Encryption Basics
How WPA improves on WEP
TKIP
The WPA MIC Vulnerability
802.11i - WPA2
WPA and WPA2 Mode Types
WPA-PSK Encryption
LEAP
LEAP Weaknesses
NetStumbler
Tool: Kismet
Tool: Aircrack-ng Suite
Tool: Airodump-ng
Tool: Aireplay
DOS: Deauth/disassociate attack
Tool: Aircrack-ng
Attacking WEP
Attacking WPA
coWPAtty
Exploiting Cisco LEAP
asleap
WiFiZoo
Wesside-ng
Typical Wired/Wireless Network
802.1X: EAP Types
EAP Advantages/Disadvantages
EAP/TLS Deployment
New Age Protection
Aruba – Wireless Intrusion Detection and Prevention
RAPIDS Rogue AP Detection Module
Review

Module 12: Networks, Sniffing, IDS
Overview
Example Packet Sniffers
Tool: Pcap & WinPcap
Tool: Wireshark
TCP Stream Re-assembling
Tool: Packetyzer
tcpdump & windump
Tool: OmniPeek
Sniffer Detection Using Cain & Abel
Active Sniffing Methods
Switch Table Flooding
ARP Cache Poisoning
ARP Normal Operation
ARP Cache Poisoning Tool
Countermeasures
Tool: Cain and Abel
Ettercap
Linux Tool Set: Dsniff Suite
Dsniff Operation
MailSnarf, MsgSnarf, FileSnarf
What is DNS spoofing?
Tools: DNS Spoofing
Session Hijacking
Breaking SSL Traffic
Tool: Breaking SSL Traffic
Tool: Cain and Abel
Voice over IP (VoIP)
Intercepting VoIP
Intercepting RDP
Cracking RDP Encryption
Routing Protocols Analysis
Countermeasures for Sniffing
Countermeasures for Sniffing
Evading The Firewall and IDS
Evasive Techniques
Firewall – Normal Operation
Evasive Technique -Example
Evading With Encrypted Tunnels
Newer Firewall Capabilities
‘New Age’ Protection
Networking Device – Bastion Host
Spyware Prevention System (SPS)
Intrusion ‘SecureHost’ Overview
Intrusion Prevention Overview
Review

Module 13: Injecting the Database
Overview
Vulnerabilities & Common Attacks
SQL Injection
Impacts of SQL Injection
Why SQL “Injection”?
SQL Injection: Enumeration
SQL Extended Stored Procedures
Direct Attacks
SQL Connection Properties
Attacking Database Servers
Obtaining Sensitive Information
Hacking Tool: SQLScan
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
www.petefinnegan.com
Hacking Tool: Metasploit
Finding & Fixing SQL Injection
Hardening Databases
Review

Module 14: Attacking Web Technologies
Overview
Web Server Market Share
Common Web Application Threats
Progression of a Professional Hacker
Anatomy of a Web Application Attack
Web Applications Components
Web Application Penetration Methodologies
URL Mappings to Web Applications
Query String
Changing URL Login Parameters
Cross-Site Scripting (XSS)
Injection Flaws
Unvalidated Input
Unvalidated Input Illustrated
Impacts of Unvalidated Input
Finding & Fixing Un-validated Input
Attacks Against IIS
Unicode
IIS Directory Traversal
IIS Logs
Other Unicode Exploitations
N-Stalker Scanner 2009
NTOSpider
HTTrack Website Copier
Wikto Web Assessment Tool
SiteDigger v3.0
Paros Proxy
Burp Proxy
Brutus
Dictionary Maker
Cookies
Acunetix Web Scanner
Samurai Web Testing Framework

Module 15: Project Documentation
Overview
Additional Items
The Report
Report Criteria:
Supporting Documentation
Analyzing Risk
Report Results Matrix
Findings Matrix
Delivering the Report
Stating Fact
Recommendations
Executive Summary
Technical Report
Report Table Of Contents
Summary Of Security Weaknesses Identified
Scope of Testing
Summary Recommendations
Summary Observations
Detailed Findings
Strategic and Tactical Directives
Statement of Responsibility / Appendices
Review

Appendix

Appendix 1: The Basics
Overview
The Growth of Environments and Security
Our motivation…
The Goal: Protecting Information!
CIA Triad in Detail
Approach Security Holistically
Security Definitions
Definitions Relationships
Method: Ping
The TCP/IP stack
Recommended Video: It’s Showtime
Which services use which ports?
TCP 3-Way Handshake
TCP Flags
Malware
Types of Malware
Types of Malware Cont...
Types of Viruses
More Malware: Spyware
Trojan Horses
Back Doors
DDoS Issues
DDoS
Packet Sniffers
Passive Sniffing
Active Sniffing
Firewalls, IDS and IPS
Firewall – First line of defense
IDS – Second line of defense
IPS – Last line of defense?
Firewalls
Firewall Types: (1) Packet Filtering
Firewall Types: (2) Proxy Firewalls
Firewall Types – Circuit-Level Proxy Firewall
Type of Circuit-Level Proxy – SOCKS
Firewall Types – Application-Layer Proxy
Firewall Types: (3) Stateful
Firewall Types: (4) Dynamic Packet-Filtering
Firewall Types: (5) Kernel Proxies
Firewall Placement
Firewall Architecture Types – Screened Host
Multi- or Dual-Homed
Screened Subnet
Wi-Fi Network Types
Widely Deployed Standards
Standards Comparison
802.11n - MIMO
Overview of Database Server
Types of databases
Overview of Database Server
Review

Appendix 2: Financial Sector Regulations Pertaining to Pen Testing
Overview
IT Governance Best Practice
IT Risk Management
Types of Risks
Information Security Risk Evaluation
Improving Security Posture
Risk Evaluation Activities
Risk Assessment
Information Gathering
Data Classification
Threats and Vulnerabilities
Analytical Methods
Evaluate Controls
Evaluate Controls
Risk Ratings
Important Risk Assessment Practices
Compliance
Many Regulations
Basel II
Gramm-Leach-Bliley-Act 1999 Title V
Federal Financial Examination Institution Council - FFIEC
Sarbanes-Oxley Act (SOX 404) 2002
IT Applications and Security
Internal Control: SOX
SOX: Business or IT Issue?
IT Issue for SOX
ISO 27002
ISO 27002: Control Components
Background on PCI
Dirty Dozen
Change Control and Auditing
Total Cost of Compliance
What does this mean to the tech?
Review

Appendix 3: Access Controls
Overview
Role of Access Control
Definitions
Categories of Access Controls
Physical Controls
Logical Controls
“Soft” Controls
Security Roles
Steps to Granting Access
Access Criteria
Physical Access Control Mechanisms
Biometric System Types
Synchronous Token
Asynchronous Token Device
Memory Cards
Smart Card
Cryptographic Keys
Logical Access Controls
OS Access Controls
Review

Appendix 4: Protocols
Protocols Overview
OSI – Application Layer
OSI – Presentation Layer
OSI – Session Layer
Transport Layer
OSI – Network Layer
OSI – Data Link
OSI – Physical Layer
Protocols at Each OSI Model Layer
TCP/IP Suite
Port and Protocol Relationship
Conceptual Use of Ports
UDP versus TCP
Protocols – ARP
Protocols – ICMP
Network Service – DNS
SSH Security Protocol
SSH
Protocols – SNMP
Protocols – SMTP
Review

Appendix 5: Cryptography
Overview
Introduction
Encryption
Cryptographic Definitions
Encryption Algorithm
Implementation
Symmetric Encryption
Symmetric Downfalls
Symmetric Algorithms
Crack Times
Asymmetric Encryption
Public Key Cryptography Advantages
Asymmetric Algorithm Disadvantages
Asymmetric Algorithm Examples
Key Exchange
Symmetric versus Asymmetric
Using the Algorithm Types Together
Instructor Demonstration
Hashing
Common Hash Algorithms
Birthday Attack
Example of a Birthday Attack
Generic Hash Demo
Instructor Demonstration
Security Issues in Hashing
Hash Collisions
MD5 Collision Creates Rogue Certificate Authority
Hybrid Encryption
Digital Signatures
SSL/TLS
SSL Connection Setup
SSL Hybrid Encryption
SSH
IPSec - Network Layer Protection
Public Key Infrastructure
Quantum Cryptography
Attack Vectors
Network Attacks
More Attacks (Cryptanalysis)

Appendix 6: Economics and Law
Security Incentives & Motivations
What motivates us to promote security?
Security Incentives & Motivations
What motivates others to attack security?
What is Your Weakest Link?
What Is the Value of an Asset?
Examples of Some Vulnerabilities that Are
Not Always Obvious
Categorizing Risks
Some Examples of Types of Losses
Different Approaches to Analyzing Risks
Who Uses What Analysis Type?
Qualitative Analysis Steps
Quantitative Analysis
Can a Purely Quantitative Analysis Be Accomplished?
Comparing Cost and Benefit
Cost of a Countermeasure
Cyber Crime!
Not Just Fun and Games
Examples of Computer Crimes
Who Perpetrates These Crimes?
A Few Attack Types
Telephone Fraud
Identification Protection & Prosecution
Privacy of Sensitive Data
Privacy Issues – U.S. Laws as Examples
European Union Principles on Privacy
Routing Data Through Different Countries
Employee Privacy Issues
U.S. LAW
Common Laws – Civil
Common Laws – Criminal
Common Laws – Administrative
U.S. Federal Laws
Intellectual Property Laws
More Intellectual Property Laws
Software Licensing
Digital Millennium Copyright Act
Investigating
Computer Crime and Its Barriers
Countries Working Together
Security Principles for International Use
Bringing in Law Enforcement
Investigation of Any Crime
Role of Evidence in a Trial
Evidence Requirements
Chain of Custody
How Is Evidence Processed?
Evidence Types
Hearsay Rule Exception
Responding to an Incident
Preparing for a Crime Before It Happens
Incident Handling
Evidence Collection Topics
Computer Forensics
Trying to Trap the Bad Guys

OBJECTIVE OF HANDS-ON LABORATORY SCENARIOS

This is an intensive hands-on class. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take. Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2’s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the cyber security world, our labs are updated to reflect them. 

DETAILED HANDS-ON LABORATORY OUTLINE

Module 0 Lab – Documentation for CPTC Final Report
Exercise 1 – Documentation of the assigned tasks

Module 1 Lab – Getting Set Up
Exercise 1 – Naming and subnet assignments
Exercise 2 – Discovering your class share
Exercise 3 – VM Image Preparation
Exercise 4 – Discovering the Student Materials
Exercise 5 – PDF Penetration Testing Methodology’s review

Module 2 Lab – Linux Fundamentals
Exercise 1 – ifconfig
Exercise 2 – Mounting a USB Thumb Drive
Exercise 3 – Mount a Windows partition
Exercise 4 – VNC Server
Exercise 5 – Preinstalled tools in BackTrack 5

Module 3 Lab – Information Gathering
Exercise 1 – Google Queries
Exercise 2 – Footprinting Tools
Exercise 3 – Getting everything you need with Maltego
Exercise 4 – Using Firefox for Pen Testing
Exercise 5 – Documentation of the assigned tasks

Module 4 Lab – Detecting Live Systems
Exercise 1 – Look@LAN
Exercise 2 – Zenmap
Exercise 3 – Zenmap in BackTrack 5
Exercise 4 – NMAP Command Line
Exercise 5 – Hping2
Exercise 6 – Unicornscan
Exercise 7 – Documentation of the assigned tasks

Module 5 Lab – Reconnaisance
Exercise 1 – Banner Grabbing
Exercise 2 – Zone Transfers
Exercise 3 – SNMP Enumeration
Exercise 4 – LDAP Enumeration
Exercise 5 – Null Sessions
Exercise 6 – SMB Enumeration
Exercise 7 – SMTP Enumeration
Exercise 8 – Documentation of the assigned tasks

Module 6 Lab – Vulnerability Assessment
Exercise 1 – Run Nessus for Windows
Exercise 2 –Run Saint
Exercise 3 – Documentation of the assigned tasks

Module 7 Lab – Malware
Exercise 1 – Netcat (Basics of Backdoor Tools)
Exercise 2 – Exploiting and Pivoting our Attack
Exercise 3 – Creating a Trojan
Exercise 4 – Documentation of the assigned tasks

Module 8 Lab – Windows Hacking
Exercise 1 – Cracking a Windows Password with Linux
Exercise 2 – Cracking a Windows Password with Cain
Exercise 3 – Covering your tracks via Audit Logs
Exercise 4 – Alternate Data Streams
Exercise 5 – Stegonagraphy
Exercise 6 – Understanding Rootkits
Exercise 7- Windows 7 Client Side Exploit (Browser)
Exercise 8- Windows 2008 SMBv2 Exploit
Exercise 9 – Documentation of the assigned tasks

Module 9 Lab – Hacking UNIX/Linux
Exercise 1 – Setup and Recon – Do you remember how?
Exercise 2 – Making use of a poorly configured service
Exercise 3 – Cracking a Linux password
Exercise 4 – Creating a backdoor and covering our tracks
Exercise 5 – Documentation of the assigned tasks

Module 10 Lab – Advanced Vulnerability and Exploitation Techniques
Exercise 1 – Metasploit Command Line
Exercise 2 – Metasploit Web Interface
Exercise 3 – Exploit-DB.com
Exercise 4 – Saint
Exercise 5 – Documentation

Module 11 Lab – Attacking Wireless Networks
Exercise 1 – War Driving Lab
Exercise 2 – WEP Cracking Lab (classroom only)
Exercise 3 – Documentation

Module 12 Lab – Networks, Sniffing and IDS
Exercise 1 – Capture FTP Traffic
Exercise 2 – ARP Cache Poisoning Basics
Exercise 3 – ARP Cache Poisoning - RDP
Exercise 4 – Documentation

Module 13 Lab – Database Hacking
Exercise 1 – Hacme Bank – Login Bypass
Exercise 2 – Hacme Bank – Verbose Table Modification
Exercise 3 – Hacme Books – Denial of Service
Exercise 4 – Hacme Books – Data Tampering
Exercise 5 – Documentation of the assigned tasks

Module 14 Lab – Hacking Web Applications
Exercise 1 – Input Manipulation
Exercise 2 – Shoveling a Shell
Exercise 3 – Hacme Bank – Horizontal Privilege Escalation
Exercise 4 – Hacme Bank – Vertical Privilege Escalation
Exercise 5 – Hacme Bank – Cross Site Scripting
Exercise 6 – Documentation of the assigned tasks

A5 Lab – Cryptography
Exercise 1 – Caesar Encryption
Exercise 2 – RC4 Encryption
Exercise 3 – IPSec Deployment

Post-Class Lab – CORE IMPACT
Exercise 1 – CORE IMPACT

Register For This Class
Order a Video
buy-now-icons-question

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 


Copyright © 2012 mile2. All Rights Reserved. Click here for trademark info.
mile2: A Worldwide Name in IT Security! mile2 provides services for companies like Penetration Testing, Ethical Hacker Training, Digital Forensics, and mile2's
upgrade to Certified Ethical Hacker Certification known as CPTEngineer and CPEH.
mile2 designs, develops, and delivers Information Security training and consulting services that meet military, government,
private sector and institutional specifications. mile2 also provides security vulnerability scans and assessments to clients around the world.
You can become an Ethical Hacker with our answer to Certified Ethical Hacker Training. Click Here
Interested in Digital Forensics?