Certified
Penetration Testing Specialist (CPTS) Training
Video
Instructor-Led Format
Audience
Administrators,
Application developers, programmers, project leaders
and other technical individuals
Duration
14 CDs
Course Abstract
Upon completion, CPTS students will be able
to confidently undertake the Thompson Prometric
CPTS examination (recommended) or the easier
Certified Ethical Hacker (312-50) Self Study.
Students will enjoy an in-depth course that
is continuously updated to maintain and incorporate
the ever changing security environment. This
course offers up-to-date proprietary laboratories
that have been researched and developed by leading
security professionals from around the world
.
Price
Singe User (eLearning Portal)
$695.00
Multi-User LAN (2-5 users)
$1390.00
more than 5 users
Call for Pricing
Program Includes
The following components are included in
this course:
14 CD-ROMs featuring live instructor-led classroom
sessions with full audio, video and demonstration
components
Interactive Hands-on-lab simulations
Printable Courseware
Exclusive LearningZone Live Mentor(Value at
$295) Help whenever you need it!
Exclusive LearningZone - Why wait for email
support? Chat Live with our Certified Instructors
anytime around the clock (24x7)
Proven technique- Actual Exam Secrets Review
Free 1 Year Upgrade Policy
Course Experts
Jason Radar - Mile2
Security Expert
Jason Radar has a vast amount of experience
that spans many various areas of security.
He first became interested in security in
his adolescence through an inspired interest
in hacking and computer networks. He ultimately
turned this into a career as he is now hired
by very large companies to consult in the
area of security. He provides them with policies
and helps them implement the best security
solution to protect them from hackers.
Wayne
Burke - Mile2 Security Expert
Wayne Burke initially started his career as
a hardware engineer, where he diagnosed many
complex problems. He later proceeded to expand
his knowledge and acquired a computer science
degree. After a few years in the field he
began to focus his energies on the software
side of IT. He has worked with virtually all
the OS/Networking combinations which put him
in a good position to become the security
expert he is today. Ultimately all these experiences
have help build his vast knowledge base.
Course
Topics
The following
list represents the sections and topics discussed
in this virtual instructor-led course offering.
Module
1 - Business and Technical Logistics for Pen
Testing
Definition of a Penetration Test
The Evolving Threat
Security Vulnerability Life Cycle
Exploit Timeline
What You May Not Have Known…
Zombie Statistics
Demo: Zombie Statistics
Zombie Definition
Botnet Definition
Defense in Depth
Types of Penetration Testing
Pen Test Methodology
Hacker vs. Penetration Tester
Methodology for Penetration Testing
/ Ethical Hacking
Tools vs. Technique
Penetration Testing Methodologies
Demo: Resouces on Penetration Methodologies
Demo: FFIEC
OSSTMM - Open Source Security Testing
Methodologies
Website Review
Demo: Cybercrime and Computer World
Websites
Website Review
Demo: SC Magazine
Module 1 - Lab
Case Study and Lab
Module 1 Review
Module
2 - Reconnaissance: Information Gathering
What Information is Gathered by the
Hacker
Methods of Obtaining Information
Physical Access
Demo: Bump Key Technique
Social Access
Demo: Social Engineering with Kevin
Rose
Digital Access
Passive vs. Active Reconnaissance
Footprinting Defined
Footprinting Tool: Kartoo Website
Footprinting tools
Google and Query Operators
Google (cont.)
Johnny.Ihackstuff.com
Site Digger 2.0
Internet Archive: The WayBack Machine
Domain Name Registration
WHOIS
WHOIS Output
DNS Databases
Using Nslookup
Dig for Unix / Linux
Traceroute Operation
Traceroute (cont.)
EDGAR For USA Company Info
Company House For British Company Info
People Search Tool
Google Earth
Intelius info and Background Check Tool
Web Server Info Tool: Netcraft
Countermeasure: Domainsbyproxy.com
Footprinting Countermeasures
Case Study and Lab
Module 2 Review
Module
3 - Linux Fundamentals
Linux History – Linus + Minix
= Linux
The GNU Operating System
Linux Introduction
Linux GUI Desktops
Linux Shell
Linux Bash Shell
Recommended Linux Book
Password & Shadow File FormatsUser
Account
Management
Instructor Demonstration
Changing a user account password
Demo: BackTrack
Configuring Network Interfaces with
Linux
Demo: Setting up a Network Interface
Mounting Drives with Linux
Demo: Mounting a Drive
Tarballs and Zips
Compiling Programs in Linux
Demo: Compile and Run an Application
Typical Linux Operating System’s
Gentoo = Simple Software Install Portal
Demo: Operating System's
Demo: VLOS
Why Use Live Linux Boot CD’s
Security Live Linux CD’s
FrozenTech’s Complete Distro List
Most Popular: BackTrack
Demo: Troubleshooting BackTrack
My Slax Creator
Slax Modules (Software Packages)
Module 3 - Lab
Case Study and Lab
Module 3 Review
Module
4 - Reconnaissance: Detecting Live Systems
Introduction to Port Scanning
Port Scan Tips
Ping
Demo: Packetyzer
The TCP/IP stack
Which services use which ports?
TCP 3-Way Handshake
Demo: Creating Custom Packets
TCP Flags
Vanilla (TCP Connect Port Scan)
NMAP TCP Connect Scan
Demo: NMAP
NMAP
Half-open Scan
Tool Practice : TCP half-open &
Ping Scan
Firewalled Ports
NMAP Service Version Detection
UDP Port Scan
Popular Port Scanning Tools
Tool: Superscan
Tool: LookatLan
Tool: Hping2 – BackTrack Distro
Tool Practice: Hping2
Demo: Look@Lan
Demo: Hping2
Tool: Auto Scan
Demo: Auto Scan
Advanced Port Scanning / Packet Crafting
OS Fingerprinting
OS Fingerprinting: Xprobe2 – Auditor
Distro
What Is Fuzzy Logic?
Tool: P0f – Passive OS Finger
Printing Utility
Tool Practice: Amap
Packet Crafting
Demo: OS Finger Printing
Tool Fragrouter: Fragmenting Probe Packets
Countermeasures: Scanning
Scanning Tools Summary
Module 4 - Lab
Case Study and Lab
Module 4 Review
Module
5 - Reconnaissance: Enumeration
Web Server Banners
Practice: Banner Grabbing with Telnet
Web Server Banners (cont.)
SMTP Server Banner
Demo: Server Banners
Demo: Sam Spade
Demo: Netcat
DNS Enumeration
Zone Transfers from Windows 2000 DNS
Demo: DNS Enumeration
Countermeasure: DNS Zone Transfers
SNMP Insecurity
SNMP Enumeration
SNMP Enumeration Countermeasures
Demo: SNMP Techniques
Active Directory Enumeration
AD Enumeration countermeasures
Null sessions
Syntax for a Null Session
Viewing Shares
Demo: Null Session
Tool: DumpSec
Tool: USE42
Tool: Enumeration with Cain and Abel
Null Session Countermeasures
Enumeration Tools Summary
Module 5 - Lab
Case Study and Lab
Module 5 Review
Module
6 - Cryptography: Decrypting the Cipher
Introduction
Demo: CrypTool
Encryption
Implementation
Symmetric Encryption Symmetric Algorithms
Crack Times
Asymmetric Encryption
Key Exchange
Key Exchange Demo
Hashing
Demo: Hashing
Hash Collisions
Common Hash Algorithms
Hybrid Encryption
Digital Signatures
SSL Hybrid Encryption
IPSec
Demo: IPSec IPSec
Public Key Infrastructure
PKI-Enabled Applications
Attack Vectors
Module 6 - Lab
Case Study and Lab
Module 6 Review
Module
7 - Vulnerability Assessments
Assessment Intro
Technical Cyber Security Alerts
Demo: Cert.org
Open Source Assessments Tools
Tool: Nessus Open Source
Nessus Plugins
Scanning the Network
Demo: Whax Demo: Core Security
Tool: X-Scan
Commercial vulnerability Scanners
Tool: Retina
Tool: NewT
Tool: LANguard
Analyzing the Scan Results
Demo: LANguard Tool: Core Impact
Microsoft Baseline Analyzer
Demo: Nessus 3 MBSA Scan Report
Demo: Baseline Security Analyzer
Patch Management
Patching with LANguard Network Security
Scanner
Case Study and Lab
Module 7 Review
Module 8 - Windows
Hacking: Staying Ahead of the Hacker
Keystroke Loggers
Password Cracking
Demo: Password Cracking
Rainbow Table
Authentication Procedure
Password Sniffing Privilege Escalation
Password Hash Insertion
Demo: PWRESET2
Demo: Booting from BackTrack
Countermeasures
More Countermeasures
Multi-Factor Authentication
Smart Cards
Evading The Event Logs
Disable Auditing
Clearing the Event Log
Alternate Data Streams Demo: Alternate
Data Streams
Steganography – In Clear SightDemo:
Methods to hide
DataRootKits
Demo: Rootkits
RootKit Detection
Case Study and Lab
Module 8 Review
Module
9 - Advanced Exploit Techniques
How Do Exploits Work?
Memory Organization
Buffer OverFlows
Heap Overflows
Stages Of Exploit Development Prevention
Demo: Stack Function
TCP/IP OSI Exploits
The Metasploit Project
The Alien Shore
The Metasploit Project
Demo: The Metasploit Project Core Impact
Overview
Core Impact
Demo: Core Impact Case Study and Lab
Module 9 Review
Module 10 - Malware:
Software Goes Undercover
Defining Malware: Trojans and backdoors
Defining Malware: Virus & WormsDefining
Malware:
Spyware
Malware Distribution Methods
Hacker Uses of Malware
Malware Privilege Level
Autostart Methods
Countermeasure: Monitoring Autostart
Methods
Tool: Netcat
Netcat Switches
Demo: Netcat Remote Access Trojan Components
Executable Wrappers
Benign EXEs Historically Wrapped With
Trojans
Demo: Executable Wrappers
Tool: Restorator
Tool: Exe Icon
The Infectious CD-ROM Technique
Advanced Trojans: Beast
Advanced Trojans: Avoiding Detection
Overview of Malware Countermeasures
CM Tool: Anti-Spyware Software
CM Tool: Anti-Trojan Scanners
Malware Reference: www.Glocksoft.com
CM Tool: Port Monitoring Software
CM Tool: File Protection Software
CM Tool: Windows File Protection
CM Tool: Windows Software Restriction
Policies
CM Tool: Hardware-based Malware Detectors
Countermeasure: User Education
Module 10 Review
Module
11 - Attacking Wireless Networks: Securing
the Air
Wi-Fi Network Types Widely Deployed
Standard’s
A vs B vs G
802.11n - MIMO
SSID (Service Set Identity)
MAC Filtering
Wired Equivalent Privacy
Weak IV Packets
XOR - Basics
WEP Weaknesses
TKIP
How WPA improves on WEP The WPA MIC
Vulnerability
802.11i - WPA2
WPA and WPA2 Mode Types
WPA-PSK Encryption
Tool: NetStumbler
Demo:NetStumbler
Tool: Kismet
Analysis Tool: AiroPeek
Tool: Aircrack
DOS: Deauth/disassociate attack
DoS: VOID 11
Tool: Aireplay
ARP Injection (Failure)
ARP Injection (Success)
802.1X: EAP Types
EAP Advantages/Disadvantages
Typical Wired/Wireless Network
Module 11 Revie
Module
12 - Networks, Sniffing and IDS: Intercept
and Redirect!
Packet Sniffers
Example Packet Sniffers
Tool: Pcap & WinPcap
Tool: Wireshark (Ethereal)
TCP Stream Re-assembling
Tool: Packetyzer
tcpdump & windump
Tool: OmniPeek
Demo: Wireshark Analyzer Sniffer Detection
Passive Sniffing
Demo: Passive Sniffing
Active Sniffing
Active Sniffing Methods
Switch Table Flooding
ARP Cache Poisoning
ARP Normal Operation
ARP Cache Poisoning
Technique: ARP Cache Poisoning (Linux)
Countermeasures
Tool: Cain and Abel
Demo: Cain and Abel
Ettercap
Linux Tool Set:Dsniff Suite
Dsniff Operation
MailSnarf, MsgSnarf, FileSnarf
What is DNS spoofing?
Demo: DNS spoofing
Tools: DNS Spoofing
Breaking SSL Traffic
Tool: Breaking SSL Traffic
Tool: Cain and Abel
Demo:Cain and Abel
Voice over IP (VoIP)
Intercepting VoIP
Intercepting RDP
Cracking RDP Encryption
Demo: Wireless Phone
Routing Manipulation Methods
Countermeasures for Sniffing Firewalls,
IDS and IPS
Firewall – First line of defense
IDS – Second line of defense
Evading The Firewall and IDS
Evasive Techniques
Firewall – Normal Operation
Evasive Technique -Example
Demo: Engage Packet Builder
Evading With Encrypted Tunnels
Demo: Tunnel Configuration
‘New Age’ Protection
SpySnare - Spyware Prevention System
(SPS)
Intrusion ‘SecureHost’ Overview
Intrusion Prevention Overview
Secure Surfing or Hacking ????
Case Study and Lab
Module 12 Review
Module
13 - Injecting the Database
Injecting the Database
Overview of Database Server
Types of databases
Overview of Database Server Relational
Databases
Overview of Database Server
Vulnerabilities and Common Attacks
SQL Injection
Why SQL “Injection”? SQL
Connection Properties
SQL Injection: Enumeration SQL Extended
Stored
Procedures Demo: SQL Injection Shutting
Down
SQLServer
Direct Attacks
Attacking Database Servers
Obtaining Sensitive Information
Hacking Tool: SQL Ping2
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
Hacking Tool: Metasploit
Hardening Databases >Module 13 -
Case Study and Lab
