mile2® Store

CPTEngineer + CPTConsultant Boot Camp

  • Print

Key Data
  Certified Penetration Testing Engineer/Consultant Course Description  

Course Name: Certified Penetration Testing Engineer/Consultant

Duration: 6 days

Language: English

Format:
Classroom Based or Live On-line Remote (Lecture and Lab)

Prerequisites:

  • Experience in networking technologies
  • Knowledge of TCP/IP
  • Computer hardware knowledge
  • Knowledge of Microsoft packages
  • Network+, Microsoft Security+
  • Knowledge of Linux would be beneficial but not essential

Certification Exams:

CPTE – Certified Pen Testing Engineer™

CPTC- Certified Pen Testing Consultant

Certified Penetration Testing Engineer graduates obtain real world security knowledge that will enable them to recognize vulnerabilities, expose system weaknesses and help safeguard against threats. Graduates will learn the art of Ethical Hacking, but with a professional edge (Penetration Testing).

The CPTConsultant learns “the business of penetration testing”. The course delivers advanced and cutting edge techniques for auditing a broad range of security controls (including Physical and User Security) with “hands-on” laboratories designed by real world security auditors.

The CPTConsultant course also delivers the “business side” of penetration testing, including RFPs, Authorization, Security Policy Review and Compliance. Mile2’s penetration testing courseware is constantly updated (with updates available to past students) to reflect the most current security issues and known exploits.

 

Course Overview:

CPTEngineer is built upon proven hands-on Penetration Testing methodologies as utilized by our international group of vulnerability consultants. Mile2 trainers keep abreast of their expertise by practicing what they teach because we believe that an equal emphasis on theoretical and real world experience is essential for effective knowledge transfer to you, the student. The CPTEngineer presents information on the latest vulnerabilities and defenses. This class also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. We go far beyond simply teaching you to “Hack” -- the norm with the classes that have been available until now.

Our course is developed based on principles and methods used by malicious hackers, but its focus is professional penetration testing and securing information assets. The CPTConsultant course provides attendees with the unique opportunity to perform all stages of an actual penetration test within a controlled classroom environment. Hands-on laboratories have been researched and developed by leading security professionals from around the world and are continuously updated.

The CPTConsultant will cover much more in-depth attacks, techniques, technologies and countermeasures than foundation Penetration Testing and Ethical Hacking courses such as CPTS, CEH and OSPT. Participants of the CPTE course will have the ability to complete laboratories in all of the following areas:

  • Perform a penetration test and submit a deliverable report
  • Capture and replay VoIP traffic
  • Find and exploit databases with SQL Injection vulnerabilities
  • Manipulate prices on e-commerce websites
  • Obtain and transfer information via Bluetooth enabled telephones
  • Tools and resources for picking simple and complex locks
  • Techniques for Wireless Site Surveying and Cracking WEP/WPA keys
  • Additionally, attendees will be qualified to confidently undertake the upcoming CPTE practical examination.

Upon Completion:

Upon completion, CPTEngineer/Consultant students will be able to confidently undertake the CPTEngineer examination (recommended) and the hands-on laboratory CPTConsultant examination as well.  Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing security environment. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world.

 


COURSE CONTENT BY DAY

Monday

CPTC Module 1: Pen Testing Overview
  • What is happening Today
  • Types of Tests
  • Evaluation Areas
  • Methodologies
  • PCI DSS
     

CPTE Lab 1- Getting Set Up

Exercise 1 – Discovering your class share

Exercise 2 – Discovering your student DVD’s

Exercise 3 – VM Image Preparation

Exercise 4 – Naming and Subnet Assignments

Exercise 5 – PDF Penetration Testing

CPTC Module 2: Before the Pen Test

  • Code of Ethics
  • Authorization
  • Defining Boundaries
  • Security Policy
  • Questions to ask the Client
  • Objectives and Scope of the Pen Test
  • The Proposal
  • Defining the Deliverables
  • Legal Documentation
  • Service Agreement
  • Pre-Test Deliverables
  • Plan of Attack
  • Setting up your Team

CPTE Lab 2- Linux Fundamentals

Exercise 1 – ifconfig

Exercise 2 – Mounting a USB Thumb Drive

Exercise 3 – Mount a Windows Partition

Exercise 4 – VNC Server

Exercise 5 – Preinstalled Tools in Back-Track3

CPTC Lab 1 – Dradis

CPTE Module 3- Information Gathering

  • Overview
  • What information does the Hacker want?
  • Methods of Obtaining Information
  • Physical Access
  • Social Engineering
  • Social Engineering via MySpace
  • Social Engineering via Facebook
  • Other Social Networks from around the world!
  • Identity Theft and MySpace
  • Instant Messengers and Chats
  • Digital Access
  • Passive vs Active Reconnaissance
  • Footprinting Defined
  • KartOO
  • Maltego
  • Firecat – Firefox Catalog of Auditing Extensions
  • Footprinting Tools
  • Johnny.ihackstuff.com
  • Google Hacking
  • SPUD
  • Wikto for Google Hacking
  • Blogs, Forums and Newsgroups
  • The Wayback Machine
  • Domain Name Registration
  • WHOIS
  • Dirk-loss – Online Tools
  • Dnsstuff
  • Central Ops
  • DNS Database Record Types
  • Nslookup
  • Dig
  • Traceroute
  • VisualRoute
  • Opus One Traceroute Tools
  • People Search Engines
  • EDGAR
    • Company House
    • Reputation Authority
    • Intelius – Background Check
    • Netcraft
    • Countermeasures

CPTE Lab 3- Information Gathering

Exercise 1 – Google Queries

Exercise 2 – Footprinting Tools

Exercise 3 – Getting Everything You Need with Maltego

Exercise 4 – Preparing Fi

Exercise 5 – Turn in your Documentation

CPTE Module 4- Detecting Live Systems

  • Overview
  • Introduction to Port Scanning
  • Port Scan Tips
  • Expected Results
  • Organizing the Results
  • Leo Meta-Text Editor
  • Free Mind
  • IHMC CmapTools
  • Popular Port Scanning Tools
  • Online Ping
  • NMAP - Ping
  • ICMP Disabled?
  • MAP TCP Connect Scan
  • TCP Connect Port Scan
  • NMAP Half-Open Scan
  • Half-Open Scan
  • Firewalled Ports
  • Iron Geek – Hacking Illustrated
  • NMAP Service Version Detection
  • Addition NMAP Scans
  • Saving NMAP Results
  • NMAP UDP Scans
  • UDP Port Scan
  • NMAP Idle Scan
  • Superscan
  • Look@LAN
  • Unicornscan
  • Hping2
  • AutoScan
  • Xprobe2
  • What is Fuzzy Logic?
  • P0f
  • AMAP
  • Fragrouter
  • Countermeasures
  • Review

CPTE Lab 4- Scanning –

Exercise 1 – Leo

Exercise 2 – Look@LAN

Exercise 3 – Zenmap

Exercise 4 – Zenmap in BT3

Exercise 5 – NMAP Command Line

Exercise 6 – Hping2

Exercise 7 – Unicornscan

Exercise 8 – Turn in your

Tuesday

CPTE Module 5- Enumeration

  • Overview
  • Banner Grabbing with Telnet
    • Banner Grabbing with Sup
    • HTTPrint
    • SMTP Server Banner Grabbing
      • DNS Enumeration
      • Zone Transfers
      • Backtrack DNS Enumeration
      • Countermeasure: DNS Zone Transfer
      • SNMP Insecurity
      • SNMP Enumeration Tools
      • SNMP Countermeasures
      • Active Directory Enumeration
      • LDAPMiner
      • Active Directory Countermeasures
      • Null Sessions
      • Syntax for Null Sessions
      • Viewing Shares
      • Null Session Tools
      • Cain and Abel
      • NAT Dictionary Attack Tool
      • THC-Hydra
      • Injecting the Abel Service
      • Null Session Countermeasures
      • Tools Summary
      • Review

CPTE Lab 5- Enumeration

Exercise 1 – Banner Grabbi

Exercise 2 – Zone Transfers

Exercise 3 – SNMP Enumeration

Exercise 4 – LDAP Enumeration

Exercise 5 – Null Sessions

Exercise 6 – SMB Enumeration

Exercise 7 – SMTP Enumeration

Exercise 8 – Maltego

Exercise 9 – Turn in Your Documentation

CPTE Module 6- Vulnerability Assessments

  • Overview
  • Vulnerabilities in Net
  • Vulnerabilities in Networks
  • Vulnerability Assessment Introduction
  • Testing Overview
  • Staying Abreast: Security Alerts
  • Vulnerability Scanners
  • Nessus
  • Saint
  • Retina
  • Qualys Guard
  • GFI LANguard
  • Scanner Comparison
  • Microsoft Baseline Analyzer
  • Dealing with the Results
  • Patch Management
  • Shavlik HFNetChkPro
  • Patching with GFI LANguard
  • Review

CPTE Lab 6- Vulnerability Assessment

Exercise 1 – Running Nessus in Windows

Exercise 2 – Running Saint in Linux

Exercise 3 – Turn in your Documentation

CPTC Lab 3 – Advanced Use of Information Gathering, Scanning and Enumeration Tools

CPTC Module 4: Advanced Use of Automated Tools

  • Saint Exploit
  • Core Impact
  • Metasploit

CPTE Lab 7- Malware

Exercise 1 – Netcat and its uses

Exercise 2 – Exploiting and Pivoting our Attack

Exercise 3 – Creating a Trojan

Exercise 4 – Turn in your Documentation

CPTE Lab 10- Advanced Exploitation Techniques

Exercise 1 – Metasploit Command Line

Exercise 2 – Metasploit Web Interface

Exercise 3 – Milw0rm

Exercise 4 – SaintExploit

Exercise 5 – Core Impact

Exercise 6 – Turn in your Documentation

CPTC Lab 4

Wednesday

CPTC Module 5: Internal Pen Testing

  • Network Topology Example
  • Why Internal Testing
  • Benefits of Internal Testing
  • Testing Methods
  • Internal Penetration Test Case Study
  • Test Preparation
  • RJ45 Physical Connection
  • What Hosts Are Connected?
  • Alternate Tools for host detection
  • ARP Poisoning (2 GIG RAM)
  • Review Captured Passwords
  • Enumerate Internal Services
  • Automated Vulnerability Assessment
  • Saint
  • Nessus Plug-Ins
  • Vulnerability Report Review
  • Exploitation Methods
  • Manual Penetration Testing
  • Attacking VMware ESX and vSphere

 

CPTE Lab 8- Hacking Windows

Exercise 1 – Cracking a Windows Password with Linux

Exercise 2 – Cracking a Windows Password with Cain and Abel

Exercise 3 – Covering your tracks

Exercise 4 – Alternate Data Streams

Exercise 5 – Steganography

Exercise 6 – Understanding Rootkits

Exercise 7 – Turn in your Documentation

CPTE Lab 9- Hacking UNIX/Linux

Exercise 1 – Setup and Recon

Exercise 2 – Making use of a poorly configured service.

Exercise 3 – Cracking a Linux Password

Exercise 4 – Creating a simple backdoor and covering our tracks

Exercise 5 – Turn in your Documentation

CPTE Lab 12- Networks, Sniffing and IDS

Exercise 1 – Capture FTP Traffic

Exercise 2 – ARP Cache Poisoning Basics

Exercise 3 – ARP Cache Poisoning

Exercise 4 – Turn in your Documentation

CPTC Lab 5 – Advanced Use of Internal Pen Testing Tools

CPTC Module 6: External/DMZ

  • Packet Sniffer Basics
  • CMD/Shell TCP / Windump
  • Planting the Sniffer
  • Sniffing Remote Passwords
  • Firewall – Normal Operation
  • Evasive Technique -Example
  • Real World Intelligence
  • HTTP Link Analysis
  • DNS Enumeration
  • Extract Domain Records
  • Foot Printing
  • External Enumeration, Techniques and Sample Output

 

CPTC Lab 6 – Hiding from an IDS, Bypassing a Firewall, Pivoting your Attack

Thursday

CPTE Module 2- Financial Sector Regulations
  • Overview
  • IT Governance Best Practices
  • IT Risk Management
  • Types of Risks
  • Approaches to Risk Management
  • Information Security Risk Evaluation
  • Improving Security Posture
  • Risk Evaluation Activities
  • Risk Assessment
  • Information Gathering
  • Data Classification
  • Threats and Vulnerabilities
  • Analytical Methods
  • Evaluate Controls
  • Risk Ratings
  • Important Risk Assessment Practices
  • Compliance
  • Many Regulations
  • Basel II
  • Gramm-Leach-Bliley Act 1999
  • Federal Financial Examination Institution Council
  • Sarbanes-Oxley Act (SOX 404) 2002
  • ISO 27002
  • PCI-DSS
  • Total Cost of Compliance
  • What does this mean to the tech?

CPTC Module 7: Wireless Site Surveying including Bluetooth

  • WEP Cracking
  • WPA/WPA2 Cracking
  • MIMO
  • War Driving
  • Bluetooth Discovery
  • Retrieving Personal Information from   a Bluetooth Device
  • Make Phone calls from someone else’s Cell phone

CPTE Lab 11- Pen Testing Wireless Networks

Exercise 1 – War Driving

Exercise 2 – WEP Cracking

Exercise 3 – Turn in your Documentation

CPTC Lab 7 – Cracking WPA, Using WifiZoo, Cracking Bluetooth

CPTC Module 8: Web Pen Testing

OWASP Top 10 in Detail

  • Cross Site Scripting (XSS)
  • Injection Flaws
  • Malicious File Execution
  • Insecure Direct Object Reference
    • Cross Site Request Forgery (CSRF)
    • Information Leakage and Improper Error Handling
    • Broken Authentication and Session Management
      • Insecure Cryptographic Storage
      • Insecure Communications
      • Failure to Restrict URL Access

OWASP Application Security Verification Standard

  • Application Security Verification Levels

Level 1   – Automated Verification

Level 1A – Dynamic Scan (Partial Automated Verification)

Level 1B – Source Code Scan (Partial Automated Verification)

Level 2   – Manual Verification

Level 2A – Security Test (Partial Manual Verification)

Level 2B – Code Review (Partial Manual Verification)

Level 3 – Design Verification

Level 4 – Internal Verification

  • Requirement Interpretations and Precedents
  • Detailed Verification Requirements

v. 1 Security Architecture Documentation Requirements

v. 2 Authentication Verification Requirements

v. 3 Session Management Verification Requirements

v. 4 Access Control Verification Requirements

v. 5 Input Validation Verification Requirements

v. 6 Output Encoding/Escaping Verification Requirements

v. 7 Cryptography Verification Requirements

v. 8 Error Handling and Logging Verification Requirements

v. 9 Data Protection Verification Requirements

v. 10 Communication Security   Verification Requirements

v. 11HTTP Security Verification Requirements

v. 12 Security Configuration Verification Requirements

v. 13 Malicious Code Search Verification Requirements

v. 14 Internal Security Verification Requirements

  • Verification Reporting Requirements

Report Introduction

Application Description

Application Security Architecture

Verification Results

  • Samurai in Detail

CPTE Lab 13- Attacking the Database

Exercise 1 – Login Bypass

Exercise 2 – Verbose Table Modification

Exercise 3 – Denial of Service

Exercise 4 – Data Tampering

Exercise 5 – Turn in your Documentation

CPTE Lab 14 - Attacking Web Technologies

Exercise 1 – Input Manipulation

Exercise 2 – Shovelling a Shell

Exercise 3 – Horizontal Privilege Escalation

Exercise 4 – Vertical Privilege Escalation

Exercise 5 – Cross Site Scripting

Exercise 6 – Turn in your Documentation

CPTC Lab 8 – WebGoat and Using Tools in Samurai

Friday

CPTC Module 9: Utilizing Exploits from the Web

  • Milw0rm
  • Compiling Exploits from the Web
  • Testing the Exploits prior to use

CPTC Lab 9 – Compiling and Testing an Exploit from the Web

CPTC Module 10: Physical Security

  • Introduction to Physical Security
  • Security Checklist
  • Items to take note of
  • Testing
  • Lock picking
  • Door Locks
  • Padlocks

CPTC Lab 10 – Lockpicking Practice

CPTC Module 11: After the Pen Test

  • Collecting the Data from the Team
  • Do you keep the data?
  • Report Components
  • Comparison of Security Assessments
  • The Report Criteria
  • Report Results Matrix
  • Classification Scoring
  • Report Delivery
  • Recommendations
  • Executive Summary
  • Technical Report

CPTC Exam Preparation

Saturday

CPTC Exam

  

Register For This Class

buy-now-icons-question