Penetration Testing Training: Tools and Techniques
Course 537
4 DAY COURSE

In this Penetration Testing training course, you learn how hackers compromise operating systems and evade antivirus software. You will learn to discover weaknesses in your own network by using the same mindset and methods as hackers. You then acquire the skills to test and exploit your defenses and implement countermeasures to reduce risk in your enterprise.

Penetration Testing Training: Tools and Techniques Benefits

• In this Penetration Testing course, you will learn how to:

  • Deploy ethical hacking to expose weaknesses in your organization
  • Gather intelligence by employing reconnaissance, published data, and scanning tools
  • Test and improve your security by compromising your network using hacking tools
  • Protect against privilege escalation to prevent intrusions

• Prerequisites

  Before taking this course, you should have knowledge of TCP/IP concepts and experience with security issues at the level of:

  • Learning Tree course 468, Information Security Training, or
  • Learning Tree course 446, CompTIA Security+® Training.

  Reinforce your pen-testing skills with CYBRScore Lab Bundles: {course:e006}.

Penetration Testing Course Outline

Module 1: Introduction to Ethical Hacking

• Defining a penetration testing methodology
• Creating a security testing plan

Module 2: Footprinting and Intelligence Gathering

Acquiring target information

• Locating useful and relevant information
• Scavenging published data
• Mining archive sites

Scanning and enumerating resources

• Identifying authentication methods
• Harvesting email information
• Interrogating network services
• Scanning from the inside out with HTML and egress busting

Module 3: Identifying Vulnerabilities

Correlating weaknesses and exploits

• Researching databases
• Determining target configuration
• Evaluating vulnerability assessment tools

Leveraging opportunities for attack

• Discovering exploit resources
• Attacking with Metasploit

Module 4: Attacking Servers and Devices to Build Better Defenses

Bypassing router Access Control Lists (ACLs)

• Discovering filtered ports
• Manipulating ports to gain access
• Connecting to blocked services

Compromising operating systems

• Examining Windows protection modes
• Analyzing Linux/UNIX processes

Subverting web applications

• Injecting SQL and HTML code
• Hijacking web sessions by prediction and Cross-Site Scripting (XSS)
• Bypassing authentication mechanisms

Module 5: Manipulating Clients to Uncover Internal Threats

Baiting and snaring inside users

• Executing client-side attacks
• Gaining control of browsers

Manipulating internal clients

• Harvesting client information
• Enumerating internal data

Deploying the social engineering toolkit

• Cloning a legitimate site
• Diverting clients by poisoning DNS

Module 6: Exploiting Targets to Increase Security

Initiating remote shells

• Selecting reverse or bind shells
• Leveraging the Metasploit Meterpreter

Pivoting and island–hopping

• Deploying portable media attacks
• Routing through compromised clients

Pilfering target information

• Stealing password hashes
• Extracting infrastructure routing, DNS and NetBIOS data

Uploading and executing payloads

• Controlling memory processes
• Utilizing the remote file system

Module 7: Testing Antivirus and IDS Security

Masquerading network traffic

• Obfuscating vectors and payloads
• Sidestepping perimeter defenses

Evading antivirus systems

• Discovering stealth techniques to inject malware
• Uncovering the gaps in antivirus protection

Module 8: Mitigating Risks and Next Steps

• Reporting results and creating an action plan
• Managing patches and configuration
• Recommending cyber security countermeasures