Penetration Testing Training: Tools and Techniques

Certification
GCHQ Certified Training Course
Qualification level
GCHQ Certified Training Course
Location
Live/Online
Study type
Distance learning
Duration
View Website
Price
View Website

About the course

In this Penetration Testing training course you learn how hackers compromise operating systems and evade antivirus software. You will learn to discover weaknesses in your own network by using the same mindset and methods as hackers. You then acquire the skills to test and exploit your defences and implement countermeasures to reduce risk in your enterprise.

 

Key Features of this Penetration Testing Training:

  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included

You Will Learn How To:

  • Deploy ethical hacking to expose weaknesses in your organisation
  • Gather intelligence by employing reconnaissance, published data, and scanning tools
  • Test and improve your security by compromising your network using hacking tools
  • Protect against privilege escalation to prevent intrusions

 

Important Penetration Testing Course Information

Requirements

  • Experience with security issues at the level of:
    • Course 468, System and Network Security Introduction, or
    • Course 446 CompTIA Security+ Certification Exam Preparation

Recommended Experience

  • Knowledge in TCP/IP concepts

GCHQ Certified Training and Exam Information

  • This is a GCHQ Certified Training (GCT) course. GCHQ Certified Training has been recognised for excellence by a UK Government developed cyber security scheme. GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the Instructors’ delivery of the course against GCHQ’s exacting standards.
  • Successful completion of the end of course exam will gain you an independent APMG-International GCT certification award.

 

Penetration Testing Course Outline

Introduction to Ethical Hacking

  • Defining a penetration testing methodology
  • Creating a security testing plan

Footprinting and Intelligence Gathering

Acquiring target information

  • Locating useful and relevant information
  • Scavenging published data
  • Mining archive sites

Scanning and enumerating resources

  • Identifying authentication methods
  • Harvesting e–mail information
  • Interrogating network services
  • Scanning from the inside out with HTML and egress busting

Identifying Vulnerabilities

Correlating weaknesses and exploits

  • Researching databases
  • Determining target configuration
  • Evaluating vulnerability assessment tools

Leveraging opportunities for attack

  • Discovering exploit resources
  • Attacking with Metasploit

Attacking Servers and Devices to Build Better Defences

Bypassing router Access Control Lists (ACLs)

  • Discovering filtered ports
  • Manipulating ports to gain access
  • Connecting to blocked services

Compromising operating systems

  • Examining Windows protection modes
  • Analysing Linux/UNIX processes

Subverting web applications

  • Injecting SQL and HTML code
  • Hijacking web sessions by prediction and Cross–Site Scripting (XSS)
  • Bypassing authentication mechanisms

Manipulating Clients to Uncover Internal Threats

Baiting and snaring inside users

  • Executing client–side attacks
  • Gaining control of browsers

Manipulating internal clients

  • Harvesting client information
  • Enumerating internal data

Deploying the social engineering toolkit

  • Cloning a legitimate site
  • Diverting clients by poisoning DNS

Exploiting Targets to Increase Security

Initiating remote shells

  • Selecting reverse or bind shells
  • Leveraging the Metasploit Meterpreter

Pivoting and island–hopping

  • Deploying portable media attacks
  • Routing through compromised clients

Pilfering target information

  • Stealing password hashes
  • Extracting infrastructure routing, DNS and NetBIOS data

Uploading and executing payloads

  • Controlling memory processes
  • Utilising the remote file system

 

Contact the course provider: